I'm developing a python script that interacts with a web service that uses Amazon Cognito (with which I'm unfamiliar) as the authentication backend and I'm having difficulties logging in.
My main issue is that boto3 requires both the AWS access key and secret key (without providing those I get the "NoCredentialsError"), but since this script will reside on multiple untrusted computers I don't want to store/embed those keys, for obvious security reasons.
The information that these untrusted computers will have access to are:
Is it possible, with the informations these clients have, to correctly authenticate with Cognito? If so, how?
Yes. Call get_credentials_for_identity()
. It does not require any credentials. Use this as follows:
import boto3
cognito = boto3.client('cognito-identity')
response = cognito.get_credentials_for_identity(IdentityId="id")
where "id"
is the Cognito Identity Pool ID. response
should return a dict
including temporary Access Key, Secret Access Key, Session Token, and Expiration date.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.