如何访问 Cognito 用户帐户的组? [英] How do I access the group for a Cognito User account?

问题描述

在 AWS Cognito 中，您可以将用户添加到组(在首次创建组之后).一个用户可能属于一个或多个组.

In AWS Cognito, you can add a user to a group (after first creating a group). A user may belong to one or more groups.

使用 JavaScript SDK (https://github.com/aws/amazon-cognito-identity-js)，有没有办法读取分配的组?aws-sdk 会提供对 amazon-cognito-identity-js 的访问吗?

With using the JavaScript SDK (https://github.com/aws/amazon-cognito-identity-js), is there a way to read the assigned Groups? Would aws-sdk provide access over amazon-cognito-identity-js?

推荐答案

如果您只需要经过身份验证的用户所属的 Cognito UserPools 组，而不是进行单独的 API 调用，则该数据将编码在 idToken.jwtToken 中您在验证时收到的信息.

If you just need the Cognito UserPools Groups the Authenticated User is a member of, instead of making a separate API call, that data is encoded in the idToken.jwtToken that you received when authenticating.

这对于 angular/react/etc 中的客户端渲染/访问决策很有用.应用.

This is useful for client-side rendering/access decisions in angular/react/etc. apps.

请参阅此示例中的cognito:groups"数组声明解码的 idToken.jwtToken:

See the "cognito:groups" array claim in this example decoded idToken.jwtToken:

{
  "sub": "a18626f5-a011-454a-b4c2-6969b3155c24",
  "cognito:groups": [
    "uw-app-administrator",
    "uw-app-user"
  ],
  "email_verified": true,
  "iss": "https://cognito-idp.<region>.amazonaws.com/<user-pool-id>",
  "cognito:username": "<my-user-name>",
  "given_name": "<my-first-name>",
  "aud": "<audience-code>",
  "token_use": "id",
  "auth_time": 1493918449,
  "nickname": "Bubbles",
  "exp": 1493922049,
  "iat": 1493918449,
  "email": "<my-email>"
}

希望这会有所帮助.

这篇关于如何访问 Cognito 用户帐户的组?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！