如何在 API 调用调用的操作中访问令牌声明
[英]How are token claims accessed in an action invoked by an API call
问题描述
Scenario: user logs in using App ID via my app (android).
场景:用户通过我的应用程序(android)使用 App ID 登录。 The app makes an API gateway call that invokes a function. The function needs the identity of the user (ie the claims of the identity token).该应用程序进行 API 网关调用,调用 function。function 需要用户的身份(即身份令牌的声明)。 The function is IAM enabled and the API is secured by App ID. function 启用了 IAM,API 受 App ID 保护。
When invoked, the function params and environment variables do not include information about the authorized caller.调用时,function 参数和环境变量不包含有关授权调用者的信息。 Params to the action do include an authorization header, but when it is decoded it is the header to the function invocation, not the header from the API call.该操作的参数确实包括授权 header,但当它被解码时,它是 header 到 function 调用,而不是来自 API 调用的 header。 Environment variables do not include the information either.环境变量也不包含这些信息。
I have this working on AWS but I have not been able to discover how it is done on the IBM cloud.我在 AWS 上工作,但我无法发现它是如何在 IBM 云上完成的。 I suspect a parameter needs to be set on the action but I have not discovered the variable needed to do that.我怀疑需要在操作上设置一个参数,但我还没有发现执行此操作所需的变量。 Is there a list of variables that can be used to set parameter values?是否有可用于设置参数值的变量列表?
What I am expecting is a way to get the API gateway to forward headers (ie authorization) from the API call to the function invocation where I can extract the claims.我期望的是一种方法,使 API 网关能够将标头(即授权)从 API 调用转发到 function 调用,我可以在其中提取声明。
1 个解决方案
解决方案1
0 2021-01-14 19:40:24
Making the API request with the authorization header set to the users identity token rather than access token fixed it.将授权 header 设置为用户身份令牌而不是访问令牌的 API 请求修复了它。 The params received by the function included the identity token claims. function 收到的参数包括身份令牌声明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.