使用 AWS Lambda 删除 Cognito 用户
[英]Using AWS Lambda to delete a Cognito User
问题描述
I want to give user's the ability to delete their account in my android app.
我想让用户能够在我的 android 应用程序中删除他们的帐户。 I already set up a login/sig up functionality with AWS Amplify and a AWS Cognito User Pool .我已经使用 AWS Amplify 和AWS Cognito User Pool设置了登录/注册功能。 But Amplify doesn't provide a "delete User" functionality, so I wanted to use a lambda function to delete a user from my cognito user pool.但是 Amplify 不提供“删除用户”功能,所以我想使用 lambda function 从我的 cognito 用户池中删除用户。
The function will be called when the user clicks on "delete my account" in the app. function 将在用户点击应用程序中的“删除我的帐户”时被调用。 To test the function, I use a hard coded username in the Lambda function, instead of passing one into the function.为了测试 function,我在 Lambda function 中使用硬编码的用户名,而不是将一个用户名传递给 ZC1541AB5.748E786 But even that doesn't work.但即使这样也行不通。 After deploying the Lambda function, I run the function by clicking on "Test" in the console.部署 Lambda function 后,我通过单击控制台中的“测试”运行 function。 The console then shows Execution result: succeeded but the response is null .然后控制台显示Execution result: succeeded但响应为null 。 I would either epect a Status 200 or 400 as response.我会期望状态 200 或 400 作为响应。 And in the CloudWatch logs of the Execution I can only see my first log statement ("I was here"), the other two don't show up.在执行的 CloudWatch 日志中,我只能看到我的第一个日志语句(“我在这里”),其他两个没有出现。 And in the Cognito Console the user is still there.在 Cognito 控制台中,用户仍然存在。
This is my Lambda Code ( Node.js ):这是我的Lambda Code ( Node.js ):
const AWS = require('aws-sdk');
console.log("I was here");
var params = {
UserPoolId: 'syz****f-dev',
Username: '5b53****138'
};
var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({
"region": 'eu-central-1',
});
exports.handler = async (event) => {
cognitoidentityserviceprovider.adminDeleteUser(params, function(err, data) {
if (err) {
var response = {
statusCode: 400,
body: JSON.stringify('Didnt work!'),
};
console.log(err, err.stack);
return response;
}
else {
response = {
statusCode: 200,
body: JSON.stringify('yeah!'),
};
console.log(data);
return response;
}
});
};
The user "5b53....138" is still there in my Cognito User Pool "syz....f-dev" after I test this function:在我测试了这个 function 之后,用户“5b53....138”仍然存在于我的 Cognito 用户池“syz....f-dev”中:
This is the log file that I found in Cloudwatch:这是我在 Cloudwatch 中找到的日志文件:
My Lambda Function has a role with these 3 policies and I used the IAM Policy Simulator and the action AdminDeleteUser is allowed with AmazonCognitoAuthenticatedIdentities , so this shouldn`t be the problem:我的 Lambda Function 对这 3 个策略起作用,我使用了 IAM 策略模拟器,并且 AmazonCognitoAuthenticatedIdentities 允许AdminDeleteUser AmazonCognitoAuthenticatedIdentities ,所以这不应该是问题:
- AmazonCognitoAuthenticatedIdentities AmazonCognitoAuthenticatedIdentities
- AmazonCognitoPowerUser AmazonCognitoPowerUser
- AWSLambdaBasicExecutionRole AWSLambdaBasicExecutionRole
In CloudWatch I can see that the function got invoked.在 CloudWatch 中,我可以看到 function 被调用。
1 个解决方案
解决方案1
2 已采纳 2020-12-21 16:18:21
First of all, yoor user pool id is wrong, find the correct on by opening your cognito user pool: The first thing you see when opening your user pool in the console is the id:首先,你的用户池 id 是错误的,打开你的 cognito 用户池找到正确的: 在控制台中打开用户池时首先看到的是 id:
It starts with your region followed by a _, in your case eu-central-1_ .它以您所在的地区开头,后跟一个 _,在您的情况下eu-central-1_ 。
Then try using this code instead of your adminDeleteUser function.然后尝试使用此代码而不是您的 adminDeleteUser function。 Then it should work:然后它应该工作:
try {
const data = await cognitoidentityserviceprovider.adminDeleteUser(params).promise();
} catch (error) {
console.log(error);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.