stackoom
  简体   繁体   中英

AWS Lambda/Cognito Authentication - Assuming Auth Role

 原文  2016-08-16 13:29:23       ios/ swift/ amazon-web-services/ aws-lambda/ amazon-cognito

Question

I am attempting to create an iOS app in Swift that uses the following authentication service using AWS Lambda - https://github.com/danilop/LambdAuth

It uses the AWS Mobile SDK for iOS to communicate with DynamoDB and Lambda - http://docs.aws.amazon.com/mobile/sdkforios/developerguide/

Here is the sample code for the website that utilizes the token returned from the Lambda login function, I imagine the Swift code will be something similar - https://github.com/danilop/LambdAuth/blob/master/www/login.html#L69

Here is the cloud function that generates the token for the user - https://github.com/danilop/LambdAuth/blob/master/LambdAuthLogin/index.js#L102

I have created an identity pool in AWS Cognito (Federated Identities) and I have two roles, auth and unauth. My application appears to always being the unauth role (arn:aws:sts::123123123:assumed-role/_unauth_MOBILEHUB_123123123/CognitoIdentityCredentials). My users are being stored in a dynamodb table, with a salted password.

The root of the problem is that I don't know the correct Swift code to write after I receive a login token from the service to transition my user into the authenticated role (use the auth arn). I want it to be using the auth role for every service call to AWS (dynamodb, lambda, etc). I'm hoping that someone can point me in the right direction - thank you.

2 answers

solution1
 0  2017-07-09 05:12:40

As per the design in Danilo's book, if you are using the aws-sdk javascript , you should define your objects like : 

var creds = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: //hard coded value for your system//
})

AWS.config.update({
    region: 'us-east-1',
    credentials: creds
});

var lambda = new AWS.Lambda();

then once you receive your identityId and token , you should assign them to you creds as follow : 

creds.params['IdentityId'] = output.identityId;
creds.params['Logins'] = {};
creds.params['Logins']['cognito-identity.amazonaws.com'] = output.token;
creds.expired = true;

where output is the response from your LambdAuthLogin Lambda function.

solution2
 -1  2016-08-19 22:54:46

Authenticated roles will only be used when you use one of the supported public providers (Facebook, Google, Twitter, Login With Amazon), OIDC provider, SAML provider or Cognito User Pool users.

Amazon Cognito User Pools provides you the solution for user registration, authentication and management. Is there is reason that you prefer using Lambda Auth over that?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Cognito Federated Identity Pool - Role on Authentication AWS authentication to Amazon Cognito Is Unauthenticated role mandatory for AWS Cognito? Using AWS Cognito and AWS Lambda to authenticate users Filtering AWS-Cognito users by role Cognito Identity Not Passed Into AWS Lambda function AWS - Cognito Login by User Pool, and Cognito Authentication[iOS] AWS iOS SDK Cognito Developer Authentication (Swift) AWS Cognito error: Authentication delegate not set AWS Mobile Analytics using Cognito Developer Authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM