堆栈内存溢出
  简体   繁体   English

在注册时创建 Cognito 用户池

[英]Create Cognito User Pools on registration

 原文  2020-10-04 12:46:06       amazon-web-services/ aws-amplify

问题描述

I have a web app with AWS Amplify for the backend and cognito for the authentication.我有一个带有 AWS Amplify 后端和 cognito 身份验证的 Web 应用程序。 I want to achieve a multi tenant app.我想实现一个多租户应用程序。

So a user fills out a registration form and then it should create a seperate user pool and assign this user for this.因此,用户填写注册表,然后它应该创建一个单独的用户池并为此分配该用户。

When logging in you should provide the tenant id.登录时,您应该提供租户 ID。 (Similar to slack with the workspaces) Inside a user pool there should be different roles like legal, admin, appuser, webuser. (类似于工作区松弛)在用户池中应该有不同的角色,如法律、管理员、应用程序用户、网络用户。

I am struggling with creating a user pool... Is there a easy way or a better way to achieve my goal?我正在努力创建用户池...是否有一种简单的方法或更好的方法来实现我的目标?

Thanks!谢谢!

2 个解决方案

解决方案1
 2  2020-10-04 14:47:19

Agree with the answer above.同意楼上的回答。 To literally answer the quesion, you can create a new pool in Typescript like this.要从字面上回答问题,您可以像这样在 Typescript 中创建一个新池。 The Params object has a lot of requirements, which you can find in the docs here . Params 对象有很多要求,您可以在此处的文档中找到这些要求。

import { CognitoIdentityServiceProvider } from "aws-sdk";
const cog = new CognitoIdentityServiceProvider(); 
const params: CognitoIdentityServiceProvider.Types.CreateUserPoolRequest = {
...
};

cog
  .createUserPool(params)
  .promise()
  .then((result) => {
    console.log("Created", result);
  });

Each user needs to be unique in Cognito, so if you use a single pool, there may be cases where a user registers in one "Tenant", but won't be able to register in another one.每个用户在 Cognito 中都需要是唯一的,因此如果您使用单个池,可能会出现用户在一个“租户”中注册的情况,但无法在另一个“租户”中注册。

解决方案2
 1 已采纳  2020-10-04 14:21:17

Rather than a separate user pool for each tenant, you could consider a custom attribute for each user, eg tenant-id .您可以考虑为每个用户设置自定义属性,而不是为每个租户设置单独的用户池,例如tenant-id

At registration time the user is assigned his tenant-id , which can be provided from a list, cookie, url, or other means.在注册时,用户会被分配他的tenant-id ,可以从列表、cookie、url 或其他方式提供。

This value can then consulted to provide the user access and data based on their assigned tenant-id然后可以咨询此值以根据用户分配的tenant-id提供用户访问权限和数据

The challenge with your approach is that the designated user pool for each tenant does not exist initially, making the first registration process dependant on a non existent user pool.您的方法面临的挑战是最初不存在为每个租户指定的用户池,这使得第一次注册过程依赖于不存在的用户池。 This seems like an antipattern for using Cognito.这似乎是使用 Cognito 的反模式。 If you start with a global user pool, then spawn a new user pool, the user would have two identies im two user pools.如果您从全局用户池开始,然后生成一个新的用户池,则用户将在两个用户池中拥有两个身份。

Alternatively, you could pre-build a custom user pool for each tenant in advance as part of initial tenant provisioning, and use the appropriate user pool for each registration, including the first user.或者,您可以预先为每个租户预先构建一个自定义用户池,作为初始租户配置的一部分,并为每个注册(包括第一个用户)使用适当的用户池。

NB Maximum number of user pools per account is 1,000.注意每个帐户的最大用户池数为 1,000。 This can be increased om request.这可以增加 om 请求。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AppSync 与多个 Cognito 用户池 - AppSync with multiple Cognito User Pools Cognito用户池是否支持国际化? - Will Cognito User Pools support internationalization? AWS Cognito用户池和OpenId - AWS Cognito User Pools and OpenId 如何将Cognito用户池与Cognito联合身份池集成 - How to integrate Cognito User Pools with Cognito Federated Identity Pools Cognito用户池用户的其他授权逻辑 - Additional authorization logic for Cognito User Pools User 自动验证Amazon Cognito用户池中的用户 - Auto verify a user in Amazon Cognito User Pools Cognito用户池-缓存的用户ID - Cognito User Pools - Cached User ID 将 Congnito 用户池与 Amazon Cognito 身份集成 - Integrating Congnito User Pools with Amazon Cognito Identity AWS Cognito - 具有联合身份提供商的用户池 - AWS Cognito - User Pools with Federated Identity providers 在 API Gateway 和 Cognito 用户池中使用授权方 - Using Authorizers in API Gateway and Cognito User Pools
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM