如何针对AWS Cognito用户池进行身份验证

时间:2016-04-25 12:13:01

标签: javascript amazon-cognito

我创建了一个Cognito用户池。我可以列出用户并使用Java AWS SDK中的AWSCognitoIdentityProviderClient添加用户。

但是,我有一个自定义登录页面,我希望输入输入的用户名和密码,并对我的用户池进行身份验证。我没有在Java AWS SDK中看到任何可以传递凭据并从中获取身份验证结果的地方。

编辑:我无法解决此错误:

NotAuthorizedException:配置中缺少凭据

相关代码:

    AWS.config.region = 'us-east-1';
    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
        IdentityPoolId: 'us-east-1:087a3210-64f8-4dae-9e3c...' // your identity pool id here
    });

    AWSCognito.config.region = 'us-east-1';
    AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
        IdentityPoolId: 'us-east-1:087a3210-64f8-4dae-9e3c...' // your identity pool id here
    });

    var poolData = {
        UserPoolId: 'us-east-1_39RP...',
        ClientId: 'ttsj9j5...',
        ClientSecret: 'bkvkj9r8kl2ujrlu41c7krsb6r7nub2kb260gj3mgi...'
    };
    var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

    var authenticationData = {
        Username: 'test@foo.com',
        Password: 'foobarfoo',
    };
    var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
    var userData = {
        Username: 'test@foo.com',
        Pool: userPool
    };
    var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
            console.log('access token + ' + result.getAccessToken().getJwtToken());
        },

        onFailure: function (err) {
            alert(err);
        },

    });

3 个答案:

答案 0 :(得分:12)

AWS Java SDK包含用于对用户池中的用户进行身份验证的API。您可以使用AWSCognitoIdentityProviderClient类的InitiateAuth api或AdminInitiateAuth api对用户进行身份验证。这两个API之间的区别在文档中进行了解释。简而言之,对于InitiateAuth,您需要执行SRP计算,然后将其传递给API,而在AdminInitiateAuth中,您可以直接传递用户名和密码。您可以阅读这两种情况下的安全隐患,并决定使用哪种。

文档: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html

API参考: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html

我的工作样本(Groovy):

def login() {
    AWSCognitoIdentityProviderClient client = new AWSCognitoIdentityProviderClient()
    println("Provider client: " + client)
    client.setRegion(Region.getRegion(Regions.AP_NORTHEAST_1))

    HashMap authParams = new HashMap<>()
    authParams.put("USERNAME", "User1")
    authParams.put("PASSWORD", "a*123")
    AdminInitiateAuthRequest adminInitiateAuthRequest = new AdminInitiateAuthRequest()
            .withClientId(<YOUR_CLIENT_ID>)
            .withUserPoolId(<YOUR_USER_POOL_ID>)
            .withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH )
            .withAuthParameters(authParams)
    AdminInitiateAuthResult result = client.adminInitiateAuth(adminInitiateAuthRequest);
    if (result != null) {
        System.out.println("AdminInitiateAuthResult:");
        System.out.println(result.toString());
    } else {
        System.out.println("No result available");
        return;
    }
}

答案 1 :(得分:3)

目前仅通过JavaScript,iOS和Android支持身份验证。在测试期间,必要的身份验证api不是服务器SDK(java,python等所有)的一部分。建议使用JavaScript SDK从登录页面进行身份验证。

答案 2 :(得分:2)

点击https://github.com/aws/amazon-cognito-identity-js

缺少一行代码

此页面http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html未更新

// Need to provide placeholder keys unless unauthorised user access is enabled for user pool
AWSCognito.config.update({accessKeyId: 'anything', secretAccessKey: 'anything'})

包含此内容后,我停止了此错误。

相关问题
最新问题