如何在 Appsync Lambda 解析器中检索认知识别数据(使用 cdk)
[英]How to retrieve cognito identification data in Appsync Lambda Resolver (Using cdk)
问题描述
I have an appsync lambda resolver which will query a postgresql database.
我有一个 appsync lambda 解析器,它将查询 postgresql 数据库。 Appsync requests are authorized using API keys for unauthorized users and cognito user pools for authorized users. Appsync 请求使用 API 密钥授权给未授权用户,授权用户使用 Cognito 用户池。 I would like to retrieve identification data from cognito within my lambda resolver when an authenticated user makes a request, but I can't figure out how to do so.当经过身份验证的用户发出请求时,我想从我的 lambda 解析器中的 cognito 检索识别数据,但我不知道该怎么做。 To begin, here is my setup for appsync and the lambda resolver:首先,这是我对 appsync 和 lambda 解析器的设置:
this.api = new appsync.GraphqlApi(this, "API-NAME", {
name: "API-NAME",
schema: appsync.Schema.fromAsset("graphql/schema.graphql"),
authorizationConfig: {
defaultAuthorization: {
authorizationType: appsync.AuthorizationType.API_KEY,
apiKeyConfig: {
expires: cdk.Expiration.after(cdk.Duration.days(365)),
},
},
additionalAuthorizationModes: [
{
authorizationType: appsync.AuthorizationType.USER_POOL,
userPoolConfig: {
userPool: props.userPool,
},
},
],
},
});
const lambdaDs = this.api.addLambdaDataSource(
"lambdaDatasource",
props.LambdaConnectingGraphqlToDatabase
);
lambdaDs.createResolver({
typeName: "Query",
fieldName: "listUsers",
});
// etc. etc.
Within my lambda resolver, context.identity is undefined even when an authenticated user makes a request.在我的 lambda 解析器中,即使经过身份验证的用户发出请求,context.identity 也是未定义的。 I have tried using a request mapping template within the lambdaDs.createResolver(), but I couldn't figure out how to make this work, or if this is the correct method.我曾尝试在 lambdaDs.createResolver() 中使用请求映射模板,但我不知道如何进行这项工作,或者这是否是正确的方法。
How do I see the authentication data within my lambda resolver?如何查看我的 lambda 解析器中的身份验证数据? Thank you.谢谢你。
1 个解决方案
解决方案1
1 2021-10-12 08:58:00
You can provide the identity information to your lambda via the resolver mapping template, see https://docs.aws.amazon.com/appsync/latest/devguide/resolver-context-reference.html您可以通过解析器映射模板向您的 lambda 提供身份信息,请参阅https://docs.aws.amazon.com/appsync/latest/devguide/resolver-context-reference.html
The context.identity section is the relevant one. context.identity部分是相关的部分。
There is a section with fields available for the AMAZON_COGNITO_USER_POOLS authorization.有一个部分包含可用于AMAZON_COGNITO_USER_POOLS授权的字段。
However, note that for API_KEY , context.identity information is not populated.但是,请注意,对于API_KEY ,不会填充context.identity信息。
You can however differentiate between the two scenarios since you will have identity information for Cognito scenario in your lambda, and will not have any identity information for API key scenario (hence you can assume it is request from unauthorized user with API key).但是,您可以区分这两种情况,因为您将在 lambda 中拥有 Cognito 场景的身份信息,并且不会拥有 API 密钥场景的任何身份信息(因此您可以假设它是未经授权的用户使用 API 密钥发出的请求)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.