[英]How to modify AWS Cognito JWT Tokens, we are using NodeJS technical question
I am using AWS Cognito for user management.我正在使用 AWS Cognito 进行用户管理。 I am getting too much information in JWT Token (in payloads).我在 JWT 令牌(有效载荷中)中获得了太多信息。 I do not want to pass it on to receiving API Client.我不想将它传递给接收 API 客户端。 So my question is how do I reduce the data or get the data which is only necessary for the user.所以我的问题是如何减少数据或获取只有用户需要的数据。 Sending that much data is the security issue.发送这么多数据是安全问题。
I don't find any documentation or console controls to modify the same.我没有找到任何文档或控制台控件来修改相同的内容。
For example I only want:例如我只想要:
"exp": 0000000000,
"at": 0000000000,
"username":"exampleUsername"
It sounds like you have a client that might be third party, or you trust less.听起来您的客户可能是第三方,或者您不太信任。 You can setup a separate Cognito UserPool App Client for this application.您可以为此应用程序设置单独的 Cognito UserPool 应用程序客户端。 Then write a Pre Token Generation Lambda to suppress token fields you do not want to expose to this client, and assign it to the correct UserPool App Client.然后编写一个 Pre Token Generation Lambda 来禁止您不想向此客户端公开的令牌字段,并将其分配给正确的 UserPool App Client。
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
You probably already know this, but you cannot edit a token after it is issued without invalidating the token.您可能已经知道这一点,但是您无法在发行令牌后编辑令牌而不使令牌失效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.