存在AWS Cognito用户池OAuth REST API调用示例?

时间:2017-08-23 00:06:03

标签: oauth-2.0 amazon-cognito aws-cognito

感觉亚马逊鼓励人们只使用他们的客户端SDK,但很高兴看到授权和隐式授权流程的有效REST调用序列是什么样的。

授权和令牌端点的AWS文档是一个不错的开始: http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html

是否有人知道是否存在一些示例,显示隐式和授权流程的REST调用顺序(针对Cognito)?

2 个答案:

答案 0 :(得分:3)

文档有点粗制滥造,但这里是一个示例PHP cURL调用,使用授权流程的授权代码获取ID /访问令牌: -



$url = 'https://<YOURDOMAIN>.auth.us-east-1.amazoncognito.com/oauth2/token';
$client_key = '<YOUR_CLIENT_ID>';
$client_secret = '<YOUR_CLIENT_SECRET>';

$data = [       'grant_type' => 'authorization_code',
                'client_id'=>$client_key, 'code'=>$_GET["code"],
                'redirect_uri'=>'<YOUR_REDIRECT_URI>'];

$handle = curl_init($url);
curl_setopt($handle, CURLOPT_VERBOSE, true);
curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($handle, CURLOPT_USERPWD, $client_key . ":" . $client_secret);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
$field_string = http_build_query($data);
curl_setopt($handle, CURLOPT_POSTFIELDS, $field_string);
$resp = json_decode(curl_exec($handle),true);
&#13;
&#13;
&#13;

获得ID令牌后,您需要解析来自

的JWK JSON文件
https://cognito-idp.us-east-1.amazonaws.com/<USER_POOL_ID/.well-known/jwks.json

然后在令牌标头中查找kid字段,并将其用作解码令牌的秘密。我用过这个库: - https://github.com/firebase/php-jwt

因此令牌验证代码如下所示: -

&#13;
&#13;
$jwks_json = file_get_contents("https://cognito-idp.us-east-1.amazonaws.com/<USER_POOL_ID>/.well-known/jwks.json");
$jwk = JWK::parseKeySet($jwks_json);

$tks = explode('.', <YOUR_TOKEN>);
list($headb64, $bodyb64, $cryptob64) = $tks;
$jwt_header = json_decode(base64_decode($headb64),true);
$jwt_body = json_decode(base64_decode($bodyb64),true);
$key=$jwk[$jwt_header["kid"]];

try
{
    $decoded = JWT::decode(<YOUR_TOKEN>, $key, array($jwt_header["alg"]));
    $decoded_array = (array) $decoded;
    // GREAT SUCCESS!
}
catch (\Exception $e)
{
    // TOKEN COULDN'T BE VALIDATED
}
&#13;
&#13;
&#13;

答案 1 :(得分:0)

我不知道有什么与它有很好的记录。我认为您最好的选择是使用其中一个SDK启动测试应用程序并监控网络流量。似乎API没有很好的文档记录。