如何验证 AWS Cognito 中的用户属性?
[英]How can I verify a user attribute in AWS Cognito?
问题描述
I'm trying to verify a user's email by calling the verifyAttribute method.
我正在尝试通过调用verifyAttribute方法来验证用户的 email。
I am able to authenticate and get a JWT response - and with that I can do the following:我能够进行身份验证并获得 JWT 响应 - 并且我可以执行以下操作:
const { email, phone, accessToken } = verifyUserAttributesDto;
const getUser = await CognitoService.getUser(accessToken);
const attributes = getUser.UserAttributes.reduce(
(acc, { Name, Value }) => ({ ...acc, [Name]: Value }),
{},
);
console.log(attributes);
........
{
sub: '5f04a73b-...',
email_verified: 'false',
phone_number_verified: 'false',
phone_number: '+12222222222',
given_name: 'First',
family_name: 'Last',
email: 'example@email.com'
}
So I know I'm able to access the user.所以我知道我能够访问用户。
Later I do:后来我这样做:
const cognitoUser = new AmazonCognitoIdentity.CognitoUser({
Username: attributes.email,
Pool: this.userPool,
});
...
CognitoUser {
username: 'example@email.com',
pool: CognitoUserPool {
...
I believe I have an instance of a CognitoUser here, but maybe I don't;我相信我在这里有一个CognitoUser的实例,但也许我没有; maybe that's the problem.也许这就是问题所在。
If I do:如果我做:
return new Promise(function (resolve, reject) {
return cognitoUser.verifyAttribute(attribute, accessToken, {
onSuccess: (success) => {
console.log(success);
resolve(success);
},
onFailure: (err) => {
console.log(err);
reject(err);
},
});
});
The response I get back is:我得到的回复是:
ERROR [ExceptionsHandler] User is not authenticated
I have verified in the AWS console that the confirmation status for the user is confirmed and the account status is enabled .我已经在 AWS 控制台中验证了用户的确认状态为confirmed并且账户状态为enabled 。
If I've got a valid JWT, and am able to "get" the user, why am I getting that error?如果我有一个有效的 JWT,并且能够“获取”用户,为什么我会收到该错误?
1 个解决方案
解决方案1
0 2022-04-22 22:19:35
It's painfully obvious I'm not sure what I'm doing.很明显我不确定自己在做什么。 I got this working due to:由于以下原因,我得到了这个工作:
- I wasn't providing the verification code我没有提供验证码
- I was using the wrong identity provider (cognito vs. cognito user)我使用了错误的身份提供者(cognito 与 cognito 用户)
There are two methods needed to verify:验证需要两种方法:
-
getUserAttributeVerificationCode -
verifyUserAttribute
async getUserAttributeVerificationCode(
attribute: string,
accessTokenDto: AccessTokenDto,
) {
const { accessToken } = accessTokenDto;
const cognito = new AWS.CognitoIdentityServiceProvider();
try {
return await cognito
.getUserAttributeVerificationCode({
AccessToken: accessToken,
AttributeName: attribute,
})
.promise();
} catch (err) {
throw new BadRequestException(err.message);
}
}
async verifyUserAttribute(verifyUserAttributesDto: VerifyUserAttributesDto) {
const { email, phone, accessToken, verificationCode } =
verifyUserAttributesDto;
const cognito = new AWS.CognitoIdentityServiceProvider();
try {
if (email || phone) {
const attribute = email ? 'email' : 'phone';
return await cognito
.verifyUserAttribute({
AccessToken: accessToken,
AttributeName: attribute,
Code: verificationCode,
})
.promise();
}
} catch (err) {
throw new BadRequestException(err.message);
}
}
You'll first need to call getUserAttributeVerificationCode with a valid JWT. You'll then get sent a verification code (email/sms).您首先需要使用有效的 JWT 调用getUserAttributeVerificationCode 。然后您将收到一个验证码(电子邮件/短信)。
With that, you'll call verifyUserAttribute with all of the proper attributes.这样,您将使用所有适当的属性调用verifyUserAttribute 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.