stackoom
  简体   繁体   中英

Filtering AWS-Cognito users by role

 原文  2017-04-07 03:20:11       ios/ swift/ amazon-web-services/ amazon-cognito

Question

I've been looking all day for how to do this to now avail.

Let's say I have two users in my User Pool, John Admin and Jim User. I have a view controller that I want to be accessible to John Admin but not Jim User. The problem is that I don't know how to distinguish John and Jim in my app.

Is there a way to know that John Admin is in my admin groups/role but Jim is not?

edit: Asking for user attributes gave me:

{"UserAttributes": [
  { "Name": "sub", "Value": "NUMBERS"},
  { "Name": "email_verified", "Value": "true"},
  { "Name": "phone_number_verified", "Value": "false"},
  { "Name": "phone_number", "Value": "NUMBERS"},
  { "Name": "email", "Value": "EMAIL"}],
 "Username": "johnadmin"}

2 answers

solution1
 1 ACCPTED  2017-04-07 22:27:43

I solved it using attributes, because IdentityID didn't show the groups embedded in as I thought.

var pool: AWSCognitoIdentityUserPool?
var user: AWSCognitoIdentityUser?

And within my method of interest:

if let strongUser = self.user {
    strongUser.getDetails().continueOnSuccessWith { (task) -> AnyObject? in
        DispatchQueue.main.async(execute: {
            if let response:AWSCognitoIdentityUserGetDetailsResponse = task.result {
                for attr in response.userAttributes! {
                    if attr.name == "custom:privilege", attr.value == "admin" {
                        self.adminButton.isHidden = false
                        return
                     }
                 }
             }
              self.adminButton.isHidden = true
        })
        return nil
    }
} else {
    adminButton.isHidden = true
}

The downside is that while not logged in, no custom attributes can be written to by the app, so I used the AWS-CLI to promote users:

aws cognito-idp admin-update-user-attributes --user-pool-id <POOLID> --username <USERNAME> --user-attributes '{"Name":"custom:privilege","Value":"admin"}'

solution2
 0  2017-04-07 03:28:51

Your User model should contain some property that will allow you to distinguish users by their roles. Eg

struct User {
   var name = ""
   var role = "User" // you can use enum here or anything else you want
}

After user got logged in you should set this property to proper value. Further before presenting view controller you should check this property and decide to show or not to show this view controller

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How AWS-Cognito and DynamoDB will work for mobile development-iOS-Swift Is Unauthenticated role mandatory for AWS Cognito? AWS Cognito check and get users AWS Cognito Federated Identity Pool - Role on Authentication AWS Lambda/Cognito Authentication - Assuming Auth Role Using AWS Cognito and AWS Lambda to authenticate users AWS Cognito identityId changing for anonymous/guest users AWS Cognito Authenticate Users with Firebase Email And Password IOS AWS Cognito - How to update developer authenticated users token? How do I migrate users from RDS mysql databse to aws cognito user pools?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM