是否存在任何API调用来验证访问令牌?

时间:2019-06-26 09:57:35

标签: amazon-web-services amazon-cognito

使用客户端凭据授予从Cognito检索访问令牌。从客户端收到访问令牌后,cognito中是否存在任何api调用来验证访问令牌?是否想使用访问令牌进行任何示例api调用,并检查是否从cognito收到成功的响应,例如从cognito获取用户列表?

2 个答案:

答案 0 :(得分:0)

请参阅以下一些有用的链接。

1-AWS Cognito使用Oauth2。 https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/

2-令牌端点 https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html

3-pmill / aws-cognito https://github.com/pmill/aws-cognito

4-PHP代码:

/ **  *获取令牌  * * / 公共功能getToken($ code) {

$data = array(
  'grant_type' => 'authorization_code',
  'client_id' => $this->appClientId,
  'code' => $code,
  'redirect_uri' => $this->callbackUrl,
);

$fields_string = http_build_query( $data );

$authorization = $this->appClientId.':'.$this->appClientSecret;

$headers = array(
 "Authorization: Basic ".base64_encode($authorization),
 "Content-Type: application/x-www-form-urlencoded",
);

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $this->Token );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);

$result = curl_exec($ch);
$err = curl_error($ch);

if ($err) {
  //echo "cURL Error #:" . $err;
  return false;
}

curl_close($ch);

$result = json_decode($result);

return $result;

}

关于。 爱德华多·埃斯特维兹。

答案 1 :(得分:0)

AWS Cognito可与OAuth 2.0一起使用。您需要了解OAuth 2.0的工作方式才能设置您的应用程序。请参阅下面的链接。

1-您需要设置Pool,然后设置“回调URL”并获取App Client ID和Secret ID。

2-登录后,“回调网址”将返回“代码”。

3-使用代码,客户ID和秘密ID;您将请求访问令牌。

了解Amazon Cognito用户池的OAuth 2.0授予: https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/ 

class Cognito_auth{
  
  protected $appClientId;
  protected $appClientSecret;
  protected $userPoolId;
  protected $domain;
  protected $callbackUrl;
  protected $SignOutUrl;
  protected $Authorize;
  protected $Token;
  protected $UserInfo;
  
  public function __construct(){
  
       $this->appClientId = AWS_COGNITO_APP_ID;
       $this->appClientSecret = AWS_COGNITO_APP_SECRET;
       $this->userPoolId = AWS_COGNITO_POOL_ID;
       $this->domain = AWS_COGNITO_DOMAIN;
       $this->callbackUrl = AWS_COGNITO_CALLBACK_URL;
       $this->SignOutUrl = AWS_COGNITO_SIGN_OUT_URL;
       $this->Authorize = $this->domain.'/oauth2/authorize';
       $this->Token = $this->domain.'/oauth2/token';
       $this->UserInfo = $this->domain.'/oauth2/userInfo';
  }

 
  /**
   * Get Login URL
   *
  */
  public function getLoginURL( $id = NULL )
  {
      $url = $this->Authorize."/?client_id=".$this->appClientId."&scope=openid&redirect_uri=".$this->callbackUrl."&response_type=code&state=".$id;
      return $url;
  }

  /**
   * Get Login URL
   *
  */
  public function getSignupURL()
  {
      $url = $this->domain."/signup?client_id=".$this->appClientId."&scope=openid&redirect_uri=".$this->callbackUrl."&response_type=code&state=".$id;
      return $url;
  }

  /**
   * Get Logout URL
   *
  */
  public function getLogoutURL()
  {
      $url = $this->domain."/logout?client_id=".$this->appClientId."&logout_uri=".$this->SignOutUrl;
      return $url;
  }

  /**
   * Get Token
   *
  */
  public function getToken( $code )
  {
      $data = array(
        'grant_type' => 'authorization_code',
        'client_id' => $this->appClientId,
        'code' => $code,
        'redirect_uri' => $this->callbackUrl,
      );
      $fields_string = http_build_query( $data );
      $authorization = $this->appClientId.':'.$this->appClientSecret;
      $headers = array(
       "Authorization: Basic ".base64_encode($authorization),
       "Content-Type: application/x-www-form-urlencoded",
      );
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL, $this->Token );
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
      curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
      curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
      $result = curl_exec($ch);
      $err = curl_error($ch);
      if ($err) {
        //echo "cURL Error #:" . $err;
        return false;
      }
      curl_close($ch);
      $result = json_decode($result);
      return $result;
  }
 
 /**
   * Get User Info
   *
  */
  public function getUserInfo( $token )
  {
      $headers = array(
       "Authorization: Bearer ".$token,
       "cache-control: no-cache"
      );
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL, $this->UserInfo );
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
      curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
      curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
      $result = curl_exec($ch);
      $err = curl_error($ch);
      if ($err) {
        //echo "cURL Error #:" . $err;
        return false;
      }
      curl_close($ch);
      $result = json_decode($result);
      return $result;
  }
}

关于。 埃德。

相关问题
最新问题