如何访问Cognito用户帐户的组? [英] How do I access the group for a Cognito User account?
问题描述
在AWS Cognito中,您可以将用户添加到组中(首先创建组之后)。用户可能属于一个或多个组。
In AWS Cognito, you can add a user to a group (after first creating a group). A user may belong to one or more groups.
使用JavaScript SDK( https://github.com/aws/amazon-cognito-identity-js ),有没有办法读取分配的组? aws-sdk
是否可以通过 amazon-cognito-identity-js
提供访问权限?
With using the JavaScript SDK (https://github.com/aws/amazon-cognito-identity-js), is there a way to read the assigned Groups? Would aws-sdk
provide access over amazon-cognito-identity-js
?
推荐答案
如果您只需要Cognito UserPools组,则通过身份验证的用户是该成员的成员,而不是进行单独的API调用,该数据将编码在idToken.jwtToken中
If you just need the Cognito UserPools Groups the Authenticated User is a member of, instead of making a separate API call, that data is encoded in the idToken.jwtToken that you received when authenticating.
这对于在angular / react / etc中的客户端呈现/访问决策很有用。应用程序。
This is useful for client-side rendering/access decisions in angular/react/etc. apps.
请参见本示例中的 cognito:groups数组声明,其中解码的idToken.jwtToken:
See the "cognito:groups" array claim in this example decoded idToken.jwtToken:
{
"sub": "a18626f5-a011-454a-b4c2-6969b3155c24",
"cognito:groups": [
"uw-app-administrator",
"uw-app-user"
],
"email_verified": true,
"iss": "https://cognito-idp.<region>.amazonaws.com/<user-pool-id>",
"cognito:username": "<my-user-name>",
"given_name": "<my-first-name>",
"aud": "<audience-code>",
"token_use": "id",
"auth_time": 1493918449,
"nickname": "Bubbles",
"exp": 1493922049,
"iat": 1493918449,
"email": "<my-email>"
}
希望这会有所帮助。
这篇关于如何访问Cognito用户帐户的组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!