UserPool.getCurrentUser()返回null [后端] [英] UserPool.getCurrentUser( ) returns null [backend]

问题描述

正在尝试建立联盟身份以获取身份凭证.但是，当我尝试执行 getCurrentUser()时，响应为null.与此相关的另一件事是，我正在后端上尝试此操作.那么它将在后端工作吗?以及为什么在尝试getCurrentUser时得到空响应?有什么主意吗?

Am trying to set up a federated identity in order to get credentials for identity. But when i try to do the getCurrentUser() am getting response as null. And another thing about this is, am trying this on backend side. So will it work in the backend? And why am getting a null response when trying getCurrentUser ?? Any idea?

var data = {
    UserPoolId: userPoolId,
    ClientId: appClientId,
  };

var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
console.log(userPool);
var cognitoUser = userPool.getCurrentUser();
console.log(cognitoUser);

userPool 的日志响应为

CognitoUserPool {
    userPoolId: 'us-east-6_hxxxx2U',
    clientId: '`6heh4h8h848h4884h05',
    client:
     Client {
       endpoint: 'https://cognito-idp.us-east-1.amazonaws.com/',
       userAgent: 'aws-amplify/0.1.x js' },
    advancedSecurityDataCollectionFlag: true,
    storage:
     { [Function: MemoryStorage]
       setItem: [Function: setItem],
       getItem: [Function: getItem],
       removeItem: [Function: removeItem],
       clear: [Function: clear] } }

cognitoUser的日志响应为 NULL

The log response of cognitoUser is NULL

为什么在输入正确的值作为输入时，响应为null?

So why is response null, while am giving right values as input?

推荐答案

潜在原因很少:

1. 使用 getCurrentUser()代替 getCurrentUser(Data)
2. 如果您未在后端登录用户，则无法获得当前用户.如果用户在前端登录，则可以使用一个函数将用户的id_token发送到后端，并使用它在后端登录.

关于第二点:

id_token包含一个称为有效负载的部分，其中包含用户的用户名和其他属性.有关详细信息:

The id_token contains a part called payload which contains the user’s username and other attributes. For details: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token

使用id_token时，应在允许用户进一步操作之前验证签名.可以在 https:/中找到验证代码/github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt 您可以在此处添加操作代码:

When you use the id_token you should verify the signature before allowing further actions for the user. Codes for verifying can be found in https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt And you can add you code for actions here:

                    .....
                    // and the Audience (use claims.client_id if verifying an access token)

                    if (claims.aud != app_client_id) {

                        callback('Token was not issued for this audience');

                    }

                    //add your code here

                    callback(null, claims);

                }).

                catch(function() {

                    callback('Signature verification failed');

                });

用户信息应该在 claims 中.

这篇关于UserPool.getCurrentUser()返回null [后端]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！