使用Cognito Federated Identities进行API网关身份验证 [英] API Gateway authentication with Cognito Federated Identities
问题描述
我想使用Cognito Federated Entity(允许通过Google登录等),允许访问用于web javascript应用程序的API Gateway。
我设法通过与Google签约获得了Cognito的sessionToken但是我坚持使用API网关配置来启用会话令牌。
I want to use Cognito Federated Entity (allowing signin through Google etc), to allow access to API Gateway for a web javascript application. I managed to get the Cognito's sessionToken through signing-in with Google but I'm stuck on the API Gateway configuration for enabling the session token.
是否有这个整个联邦实体认证工作流程的一个很好的教程?
Is there a good tutorial for this entire Federated Entity authentication workflow?
谢谢!
推荐答案
由于您要通过经过身份验证的Cognito身份调用API,首先
Since you want to invoke APIs via authenticated Cognito identity, first
- 修改身份池的auth角色以使api执行策略,您可以将托管策略AmazonAPIGatewayInvokeFullAccess附加到相应的角色
- 在相应方法请求下的API网关中,将授权添加为
AWS_IAM -
您需要在使用IAM身份验证时签署请求,此处说明 https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
In而不是#3,您可以从API网关的舞台面板生成并下载SDK,并通过sdk调用api。
Instead of #3, you could generate and download the SDK from the stage panel of your API gateway, and make a call to the api via sdk.
获得认知会话后,您可以使用下面的sdk拨打电话
Once you obtain the cognito session, you could make a call using the sdk like below
var apigClient = apigClientFactory.newClient({
accessKey: AWSCognito.config.credentials.accessKeyId,
secretKey: AWSCognito.config.credentials.secretAccessKey,
sessionToken: AWSCognito.config.credentials.sessionToken
});
var params = {
// This is where any modeled request parameters should be added.
// The key is the parameter name, as it is defined in the API in API Gateway.
};
var body = {};
var additionalParams = {
// If there are any unmodeled query parameters or headers that must be
// sent with the request, add them here.
headers: {
'Content-Type': 'application/json'
},
queryParams: {}
};
apigClient.<resource><Method>(params, body, additionalParams)
.then(function(result) {
//
}).catch(function(err) {
//
});
这篇关于使用Cognito Federated Identities进行API网关身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!