无需 AWS 凭证即可从 Android 登录 AWS Cognito
[英]AWS Cognito signin from Android without AWS credentials
问题描述
I am already using AWS Cognito for authenticating a web application (using the Hosted UI, and flask_awscognito).
我已经在使用 AWS Cognito 对 Web 应用程序进行身份验证(使用托管 UI 和 flask_awscognito)。 The user pool has already been created, and all user creation or any other user pool management is done outside of the app (eg directly through the console, or CloudFormation or similar).用户池已经创建,所有用户创建或任何其他用户池管理都在应用程序之外完成(例如直接通过控制台或 CloudFormation 或类似方式)。 Now we want to authenticate users from an Android app, and it is proving remarkably hard to find out how to do this.现在我们想从 Android 应用程序验证用户身份,事实证明,要找出如何做到这一点非常困难。
All the AWS docs direct you to Amplify - the trouble is Amplify wants you to "initialize" and in the process seems to require AWS credentials, and for a user with permissions to CloudFormation and things none of which should be required for simply authenticating users.所有 AWS 文档都将您引导至 Amplify - 问题是 Amplify 希望您“初始化”,并且在此过程中似乎需要 AWS 凭证,对于具有 CloudFormation 权限的用户以及简单地对用户进行身份验证不需要的任何东西。
Is there (any documentation for) a way to simply authenticate a user to a cognito user pool for Android?是否有(任何文档)可以简单地向 Android 的 Cognito 用户池验证用户身份的方法? This should be similar to the authentication for the web app, with the difference that the any interaction with the hosted UI, if required, would have to be programmatic rather than via redirection to an AWS hosted login page.这应该类似于 Web 应用程序的身份验证,不同之处在于与托管 UI 的任何交互(如果需要)都必须以编程方式进行,而不是通过重定向到 AWS 托管登录页面。
It seems odd that simple authentication to a user pool from Android (without required AWS credentials, or using a user pool created with Amplify) is neither straightforward or documented .从 Android 对用户池进行简单的身份验证(无需 AWS 凭证,或使用使用 Amplify 创建的用户池)既不直接也没有记录,这似乎很奇怪。 Or am I just failing to find it?还是我只是找不到它?
1 个解决方案
解决方案1
0 2020-10-11 21:07:40
It turns out it is possible to authenticate from Android without Amplify.事实证明,无需 Amplify 即可从 Android 进行身份验证。 The trick is to make use of "deep-linking" where a URL can be directed to an app on the device.诀窍是利用“深度链接”,可以将 URL 定向到设备上的应用程序。 We added a URL to the configured callback URLs for the user pool, and configured the Android app to handle this URL.我们向为用户池配置的回调 URL 添加了一个 URL,并将 Android 应用程序配置为处理此 URL。 The flow is then as follows: To login from the app, the app brings up a web view of the hosted ui, specifying the newly configure callback URL.流程如下: 要从应用程序登录,应用程序会显示托管 ui 的 Web 视图,指定新配置的回调 URL。 When the user has successfully logged in via the hosted pages, the redirect comes back with the new URL, and this is now received by the app.当用户通过托管页面成功登录时,重定向会返回新 URL,现在应用程序会收到该 URL。 We switched to requesting the token directly (rather than getting a code back) to avoid having to go through the protocol to exchange a code for a token.我们转而直接请求令牌(而不是取回代码),以避免必须通过协议来交换令牌代码。
The answer to this question was helpful: Cognito hosted UI这个问题的答案很有帮助: Cognito 托管 UI
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.