[英]Is it possible to access AWS Cognito API with access token?
I have a simple application consisting of two modules - OAuth2 client (Spring Cloud Gateway) and OAuth2 resource.我有一个由两个模块组成的简单应用程序 - OAuth2 客户端(Spring Cloud Gateway)和 OAuth2 资源。 I use AWS Cognito as an identity provider.我使用 AWS Cognito 作为身份提供商。 Some users with specific roles should be able to create/update/delete other Cognito users.一些具有特定角色的用户应该能够创建/更新/删除其他 Cognito 用户。
I'm going to use aws-java-sdk-cognitoidp
library for integration with AWS Cognito API, but I need to make this calls as a current logged-in user, to be able to check user's groups and IAM roles.我将使用aws-java-sdk-cognitoidp
库与 AWS Cognito API 集成,但我需要以当前登录用户的身份进行此调用,以便能够检查用户的组和 IAM 角色。 Because users from different groups should have different privileges.因为不同组的用户应该有不同的权限。
I found AWSSessionCredentialsProvider
that seems suitable for this task, but there is no implementation.我发现AWSSessionCredentialsProvider
似乎适合这项任务,但没有实施。
I implemented this provider to get access token from the SecurityContext
.我实现了此提供程序以从SecurityContext
获取访问令牌。 When I call the API I get an error:当我调用 API 时出现错误:
The security token included in the request is invalid请求中包含的安全令牌无效
Is it possible to use user's access token as a credentials for AWSCognitoIdentityProvider
?是否可以使用用户的访问令牌作为AWSCognitoIdentityProvider
的凭证?
I used to have app to login with given user with his credentials -我曾经让应用程序使用给定用户的凭据登录 -
AWSCognitoIdentityProvider cognitoIdentityProvider = AWSCognitoIdentityProviderClientBuilder
.standard()
.withCredentials(new AWSStaticCredentialsProvider(getSDKCredentials()))
.withRegion(Regions.fromName(getAwsRegion()))
.build();
Map<String,String> params =new HashMap<>();
params.put("USERNAME", userName);
params.put("PASSWORD", passCode);
AdminInitiateAuthRequest initialRequest=new AdminInitiateAuthRequest()
.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH)
.withAuthParameters(params)
.withClientId(getClientId())
.withUserPoolId(getUserPoolId());
AdminInitiateAuthResult response = cognitoIdentityProvider.adminInitiateAuth(initialRequest);
this will return your response where you have session.这将在您拥有 session 的地方返回您的响应。 check if it helps-检查它是否有帮助-
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.