[英]Kinesis Stream Authentication
I have a mobile app with custom authentication that issues a JWT token which does not utilize Cognito at this point.我有一个带有自定义身份验证的移动应用程序,它发出一个 JWT 令牌,此时不使用 Cognito。 I would like to stream location data from the app after the user authenticates to a Kinesis data stream.
在用户对 Kinesis 数据 stream 进行身份验证后,我想从应用程序获取 stream 位置数据。
How do I protect the Kinesis data stream to only allow data sent from my authenticated users?如何保护 Kinesis 数据 stream 以仅允许从我的经过身份验证的用户发送数据? I've read that I can create a Cognito Identity Pool with unauthenticated users, but that would allow anyone to obtain a token from Cognito I'm assuming?
我读过我可以使用未经身份验证的用户创建一个 Cognito 身份池,但是我假设这将允许任何人从 Cognito 获取令牌? How do only allow authenticated users of my app to send data to the Kinesis stream?
如何只允许我的应用程序的经过身份验证的用户将数据发送到 Kinesis stream?
We can create a REST Api with AWS API Gateway which proxies requests to Kinesis directly.我们可以使用 AWS API 网关创建一个 REST Api 网关,它直接将请求代理到 Kinesis。 Here is a tutorial
这是一个教程
Cognito can serve as authentication server and give you token with necessary permissions to write to Kinesis. Cognito 可以充当身份验证服务器,并为您提供具有写入 Kinesis 所需权限的令牌。 But if your mobile application is already secured by custom authentication server and receiving a JWT, I think it's better to use Custom Authorizer, which validates your JWT against your auth server, to secure Api Gateway instead of Cognito.
但是,如果您的移动应用程序已经受到自定义身份验证服务器的保护并收到 JWT,我认为最好使用自定义授权器,它根据您的身份验证服务器验证您的 JWT,以保护 Api 网关而不是 Cognito。
Tutorial on custom Authorizer lambda function 自定义授权器教程 lambda function
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.