Boto3 - Authenticating with Amazon Cognito without using access keys
Question
I'm developing a python script that interacts with a web service that uses Amazon Cognito (with which I'm unfamiliar) as the authentication backend and I'm having difficulties logging in.
My main issue is that boto3 requires both the AWS access key and secret key (without providing those I get the "NoCredentialsError"), but since this script will reside on multiple untrusted computers I don't want to store/embed those keys, for obvious security reasons.
The information that these untrusted computers will have access to are:
- Username and Password for logging into the web service
- Cognito Identity Pool ID
- Cognito User Pool ID
- Cognito Client ID
Is it possible, with the informations these clients have, to correctly authenticate with Cognito? If so, how?
1 answers
solution1
0 ACCPTED 2017-10-19 21:01:17
Yes. Call get_credentials_for_identity() . It does not require any credentials. Use this as follows:
import boto3
cognito = boto3.client('cognito-identity')
response = cognito.get_credentials_for_identity(IdentityId="id")
where "id" is the Cognito Identity Pool ID. response should return a dict including temporary Access Key, Secret Access Key, Session Token, and Expiration date.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.