使用AWS Cognito，我可以在给定禁用的未经身份验证的IdentityId的情况下解析经过身份验证的IdentityId吗？ [英] Using AWS Cognito can I resolve the authenticated IdentityId given a disabled unauthenticated IdentityId?

问题描述

我有一个支持Cognito未经身份验证的身份的JavaScript Web应用程序。我正在试图找出如何为 DISABLED 未经身份验证的IdentityId识别链接的经过身份验证的IdentityId。

I have a JavaScript web application that supports Cognito unauthenticated identities. I'm trying to figure out how to identify the linked authenticated IdentityId for a DISABLED unauthenticated IdentityId.

首先未经身份验证通过 AWS.config.credentials.get 向用户发放IdentityId。内部 CognitoIdentityCredentials 正在使用 getId 生成一个新的未经身份验证的IdentityId。

First unauthenticated users are issued an IdentityId via AWS.config.credentials.get. Internally CognitoIdentityCredentials is using getId to generate a new unauthenticated IdentityId.

let unathenticatedIdentityId;

const AWS = require('aws-sdk');
AWS.config.region = region;
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId
});
AWS.config.credentials.get(err => {
    unathenticatedIdentityId = AWS.config.credentials.identityId;
});

然后我们的用户通过 amazon-cognito-identity对Cognito用户池进行身份验证-js ，未经身份验证的IdentityId将更改为与其Cognito Login关联的经过身份验证的IdentityId。未经身份验证的IdentityId会自动标记为 DISABLED ，并在内部链接到经过身份验证的IdentityId。

Then our user authenticates to a Cognito User Pool via amazon-cognito-identity-js and the unauthenticated IdentityId changes to the authenticated IdentityId associated with their Cognito Login. The unauthenticated IdentityId is automatically marked DISABLED and is linked internally to the authenticated IdentityId.

let authenticatedIdentityId;

const { CognitoUserPool, CognitoUser, AuthenticationDetails } = require('amazon-cognito-identity-js');
const Pool = new CognitoUserPool({
    UserPoolId,
    ClientId,
});
const authDetails = new AuthenticationDetails({
    Username,
    Password,
});
const user = new CognitoUser({
    Pool,
    Username,
});
user.authenticateUser(authDetails, {
    onSuccess: (session) => {
        AWS.config.credentials.params.Logins = {
            [PoolProviderName]: session.idToken.jwtToken,
        };
        AWS.config.credentials.expired = true;

        AWS.config.credentials.refresh(err => {
            authenticatedIdentityId = AWS.config.credentials.identityId;
        });
    },
});

我的值是 unathenticatedIdentityId 和 authenticatedIdentityId 但是我没有在AWS Cognito API中看到解决 DISABLED unauthenticatedIdentityId的方法已链接到 authenticatedIdentityId 。相反，我没有看到识别IdentityIds链接到 authenticatedIdentityId 的方法。 describeIdentity API会告诉我 unauthenticatedIdentityId 是 DISABLED 并且没有登录，但确实如此没有指向链接的 authenticatedIdentityId 。

I have the value for unathenticatedIdentityId and authenticatedIdentityId but I do not see a way in the AWS Cognito API's to resolve that the DISABLED unauthenticatedIdentityId has been linked to the authenticatedIdentityId. Conversely I do not see a way to identify what IdentityIds have been linked to the authenticatedIdentityId. The describeIdentity API will tell me that unauthenticatedIdentityId is DISABLED and that it has no Logins, but it does not point to the linked authenticatedIdentityId.

我怎样才能仅值链接/ DISABLED unauthenticatedIdentityId ，解析值 authenticatedIdentityId ？

How can I, with only the value of the linked/DISABLED unauthenticatedIdentityId, resolve the value authenticatedIdentityId?

推荐答案

我有一个使用AWS Cognito获取身份ID然后可能对其进行身份验证的应用程序。情况是客户端首先使用应用程序作为未经身份验证的（访客），然后使用Facebook登录，使他/她自己经过身份验证，并且AWS为经过身份验证的用户保留给定的身份ID，因为他是新用户。现在，当您退出应用程序并且其他人想要将此应用程序用作未经身份验证或甚至经过身份验证时，问题就出现了。 Cognito将错误地说禁止访问身份ID，因为它已经链接到以前用户的Facebook帐户。

I have an app that uses AWS Cognito to obtain an identity id and then possibly authenticate it. The situation is a client uses the app first as unauthenticated (guest) and then logs in using Facebook, making him/herself as authenticated, and AWS preserves the given identity ID for the authenticated user, because he is a new user. Now, the problem comes, when you log out of the app and someone else wants to use this app as unauthenticated or even authenticated. Cognito will error out saying that the access to the identity ID is forbidden, because it has already been linked to the previous user's Facebook account.

Cognito mobile SDKs 内置了一种处理方法。它们在使用时会缓存身份ID，这会导致您看到的问题。当您注销时，您将要清除该缓存。我不确定您使用的是哪个SDK，但在iOS中它是Android中的 AWSCognitoIdentityProvider.clear（）和 CognitoCachingCredentialsProvider.clear（）。同样，如果您使用 Cognito Sync ，则该客户端中会有一种方法可以清除缓存的ID和同步数据。

The Cognito mobile SDKs have a way built in to handle this. They cache the identity id when using it, which is causing the issue you are seeing. When you log out, you'll want to clear that cache. I'm not sure which SDK you're using, but in iOS it's AWSCognitoIdentityProvider.clear() and CognitoCachingCredentialsProvider.clear() in Android. Similarly, if you're using Cognito Sync, there's a method in that client that will wipe the cached id and sync data.

还有看看 https://aws.amazon.com/blogs/移动/理解 - 亚马逊 - 认知认证/

希望您也关注 https://aws.amazon.com/blogs/mobile/using-the-amazon-cognito-credentials-provider/

这篇关于使用AWS Cognito，我可以在给定禁用的未经身份验证的IdentityId的情况下解析经过身份验证的IdentityId吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！