[英]node.js server-side validation of cognito credentials
我正在为 aws cognito 编写一些服务器端登录代码,并且我想验证正在登录的用户是否存在于身份池中并获取分配给他们的属性。
对于电子邮件登录,我使用以下代码很好地工作 - 使用 aws-sdk:
let cognitoVerifyUser = null
try {
const cognitoIdProvider = new AWS.CognitoIdentityServiceProvider()
cognitoVerifyUser = await cognitoIdProvider.adminGetUser({
UserPoolId: pool.userPoolId,
Username: username,
}).promise()
} catch (e) {
throwError(e, e.message)
}
if (!cognitoVerifyUser) {
throwError(error.unauthorized, e)
}
const emailAttrib = cognitoVerifyUser.UserAttributes.find(a => a.Name == 'email')
if (!cognitoVerifyUser.Enabled || cognitoVerifyUser.UserStatus != 'CONFIRMED' || username != cognitoVerifyUser.Username || email != emailAttrib.Value) {
throwError(error.unauthorized, e)
}
但我一直试图为联合用户做类似的事情(例如通过谷歌登录)。 有人可以帮我吗?
import generateResponse from "../../../Utils/generateResponse";
import {
CognitoUserPool,
CognitoUser,
AuthenticationDetails
} from "amazon-cognito-identity-js";
import { APIGatewayEvent } from "aws-lambda";
type LoginType = {
email: string;
password: string;
};
export const handler = async (event: APIGatewayEvent) => {
try {
const body = JSON.parse(event.body as string) as LoginType;
const userPool = new CognitoUserPool({
UserPoolId: process.env.COGNITO_USERPOOLID as string,
ClientId: process.env.COGNITO_CLIENTID as string
});
const user = new CognitoUser({ Username: body.email, Pool: userPool });
const authenticationData = {
Username: body.email,
Password: body.password
};
const authenticationDetails = new AuthenticationDetails(authenticationData);
return new Promise(resolve =>
user.authenticateUser(authenticationDetails, {
//@ts-ignore
onSuccess: result => {
resolve({ body: JSON.stringify(result) });
},
onFailure: err => {
resolve({ body: JSON.stringify(err) });
}
})
);
} catch (err) {
return generateResponse({
statusCode: 400,
body: JSON.stringify(err, Object.getOwnPropertyNames(err))
});
}
};
我有一个登录端点。 试试看。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.