如何访问 Cognito 用户帐户的组? [英] How do I access the group for a Cognito User account?
问题描述
在 AWS Cognito 中,您可以将用户添加到组(在首次创建组之后).一个用户可能属于一个或多个组.
In AWS Cognito, you can add a user to a group (after first creating a group). A user may belong to one or more groups.
使用 JavaScript SDK (https://github.com/aws/amazon-cognito-identity-js),有没有办法读取分配的组?aws-sdk
会提供对 amazon-cognito-identity-js
的访问吗?
With using the JavaScript SDK (https://github.com/aws/amazon-cognito-identity-js), is there a way to read the assigned Groups? Would aws-sdk
provide access over amazon-cognito-identity-js
?
推荐答案
如果您只需要经过身份验证的用户所属的 Cognito UserPools 组,而不是进行单独的 API 调用,则该数据将编码在 idToken.jwtToken 中您在验证时收到的信息.
If you just need the Cognito UserPools Groups the Authenticated User is a member of, instead of making a separate API call, that data is encoded in the idToken.jwtToken that you received when authenticating.
这对于 angular/react/etc 中的客户端渲染/访问决策很有用.应用.
This is useful for client-side rendering/access decisions in angular/react/etc. apps.
请参阅此示例中的cognito:groups"数组声明解码的 idToken.jwtToken:
See the "cognito:groups" array claim in this example decoded idToken.jwtToken:
{
"sub": "a18626f5-a011-454a-b4c2-6969b3155c24",
"cognito:groups": [
"uw-app-administrator",
"uw-app-user"
],
"email_verified": true,
"iss": "https://cognito-idp.<region>.amazonaws.com/<user-pool-id>",
"cognito:username": "<my-user-name>",
"given_name": "<my-first-name>",
"aud": "<audience-code>",
"token_use": "id",
"auth_time": 1493918449,
"nickname": "Bubbles",
"exp": 1493922049,
"iat": 1493918449,
"email": "<my-email>"
}
希望这会有所帮助.
这篇关于如何访问 Cognito 用户帐户的组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!