如何通过Facebook验证API网关调用? [英] How to authenticate API Gateway calls with Facebook?

问题描述

问题:我想使用Facebook身份验证授权 Amazon API Gateway 托管的REST API用户.

Problem: I want to authorize my Amazon API Gateway hosted REST API users using Facebook Authentication.

我的理解:我知道 Amazon Cognito 可用于对用户进行身份验证，称为联合身份.然后，我看到了使用Amazon Cognito对API客户端进行身份验证您的用户池，用于对Cognito用户池进行身份验证.我还发现了使用Amazon API Gateway自定义授权者，以从自定义授权中使用.但是，我没有找到将API Gateway链接到使用Cognito联合身份验证(即此处的Facebook)进行身份验证的链接.我们可以使用与用户池也适用于联合身份，或者我应该在自定义授权人? 我有点困惑.任何帮助，我们将不胜感激.

My Understanding: I know Amazon Cognito can be used to authenticate users, calling as Federated Identities. Then, I saw Authenticate API Clients with Amazon Cognito Your User Pool, which authenticates for Cognito User Pool. I also found Use Amazon API Gateway Custom Authorizers, to use from custom authorization. But, I did not find to link API Gateway to authenticate using Cognito Federated Identities (i.e. Facebook here). Can we use same procedure as User Pool for Federated Identities as well or should I use as in Custom Authorizers ? I'm a bit confused. Any help is greatly appreciated.

预先感谢.

推荐答案

Cognito联合身份和Cognito用户池解决了不同的用例.

Cognito federated identities and Cognito user pools address different use cases.

使用Cognito用户池，您可以显式管理可以访问您的服务的用户.当您想将对API的访问限制为一组固定的用户时，这很有用.

With Cognito user pools, you explicitly manage the users which can access your service. This is useful when you want to limit access to your API to a fixed set of users.

使用Cognito联合身份，您可以将用户管理委派给身份提供商，例如Facebook，Google或Amazon.在这种情况下，具有您所选择的身份提供者的用户身份的任何人都可以访问您的服务.当您想广泛使用API​​，但仍需要将个人身份与API用户相关联以管理每个用户的状态或资源时，这很有用.

With Cognito federated identities, you delegate user management to an identity provider such as Facebook, Google, or Amazon. In that case, anyone with a user identity for your chosen identity provider can access your service. This is useful when you want to make your API broadly available, but still need to associate individual identities with your API users in order to manage per-user state or resources.

要使用联合身份，请将API网关方法设置为使用"AWS_IAM"授权.您使用Cognito创建角色并将其与您的Cognito身份池关联.然后，您使用身份和访问管理(IAM)服务来授予此角色权限以调用您的API网关方法.

To use a federated identity, you set the API Gateway method to use "AWS_IAM" authorization. You use Cognito to create a role and associate it with your Cognito identity pool. You then use the Identity and Access Management (IAM) service to grant this role permission to call your API Gateway method.

这篇关于如何通过Facebook验证API网关调用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！