[英]AWS Cognito how to query for the JWT Token after receiving an authorization code
my application requires an authorization code grant flow integration with Cognito and the website responded to me that Auth-Code accordingly.我的应用程序需要授权码授权流程与 Cognito 集成,网站相应地回复了我该授权码。
https://<poolName>.auth.eu-central-1.amazoncognito.com/login?client_id=<clientID>&response_type=code&scope=email+openid+profile&redirect_uri=<redirectURI>
Now I want to know what email address has logged in. As fas as I understood, this is where I would need the JWT token.现在我想知道 email 地址登录了什么。据我所知,这是我需要 JWT 令牌的地方。
How can I query the email adress of the token I have just received?如何查询刚刚收到的token的地址email?
Any help is much appreciated!任何帮助深表感谢!
As I was going through that, actually, I still am.实际上,当我经历这些时,我仍然是。 I have talked a lot with Amazon Engineers for past weeks, have done a bunch of research on my own and let me clarify couple of things.在过去的几周里,我与 Amazon 工程师进行了很多交谈,自己进行了大量研究,并让我澄清几件事。
First, make sure your Cognito client includes the email
OAuth scope. User Pools > my-user-pool > App client settings > Allowed OAuth Scopes.首先,确保您的 Cognito 客户端包含email
OAuth scope。用户池 > 我的用户池 > 应用程序客户端设置 > 允许的 OAuth 范围。
Then, decode the id token and you will have the email. You can use JWT.io to quickly decode tokens for testing and development.然后,解码id 令牌,您将获得 email。您可以使用JWT.io快速解码令牌以进行测试和开发。
UPDATE: You can use the POST /oauth2/token
endpoint to fetch the tokens.更新:您可以使用POST /oauth2/token
端点来获取令牌。 But in general, if you're creating a frontend for users, it's better to use someone else's UI.但一般来说,如果您要为用户创建前端,最好使用其他人的 UI。 The Cognito hosted UI works , although it looks a bit dated and it doesn't support MFA/TOTP . Cognito 托管 UI 有效,尽管它看起来有点过时并且不支持 MFA/TOTP 。 The modern approach is to use the Amplify UI Authenticator component, which supports TOTP and all the flows you'd expect (sign-up, password reset, etc).现代方法是使用 Amplify UI Authenticator组件,它支持 TOTP 和您期望的所有流程(注册、密码重置等)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.