如何访问Cognito用户帐户的组？ [英] How do I access the group for a Cognito User account?

问题描述

在AWS Cognito中，您可以将用户添加到组中（首先创建组之后）。用户可能属于一个或多个组。

In AWS Cognito, you can add a user to a group (after first creating a group). A user may belong to one or more groups.

使用JavaScript SDK（ https://github.com/aws/amazon-cognito-identity-js ），有没有办法读取分配的组？ aws-sdk 是否可以通过 amazon-cognito-identity-js 提供访问权限？

With using the JavaScript SDK (https://github.com/aws/amazon-cognito-identity-js), is there a way to read the assigned Groups? Would aws-sdk provide access over amazon-cognito-identity-js?

推荐答案

如果您只需要Cognito UserPools组，则通过身份验证的用户是该成员的成员，而不是进行单独的API调用，该数据将编码在idToken.jwtToken中

If you just need the Cognito UserPools Groups the Authenticated User is a member of, instead of making a separate API call, that data is encoded in the idToken.jwtToken that you received when authenticating.

这对于在angular / react / etc中的客户端呈现/访问决策很有用。应用程序。

This is useful for client-side rendering/access decisions in angular/react/etc. apps.

请参见本示例中的 cognito：groups数组声明，其中解码的idToken.jwtToken：

See the "cognito:groups" array claim in this example decoded idToken.jwtToken:

{
  "sub": "a18626f5-a011-454a-b4c2-6969b3155c24",
  "cognito:groups": [
    "uw-app-administrator",
    "uw-app-user"
  ],
  "email_verified": true,
  "iss": "https://cognito-idp.<region>.amazonaws.com/<user-pool-id>",
  "cognito:username": "<my-user-name>",
  "given_name": "<my-first-name>",
  "aud": "<audience-code>",
  "token_use": "id",
  "auth_time": 1493918449,
  "nickname": "Bubbles",
  "exp": 1493922049,
  "iat": 1493918449,
  "email": "<my-email>"
}

希望这会有所帮助。

这篇关于如何访问Cognito用户帐户的组？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！