AWS Cognito,Lambda,DynamoDB中的用户凭据 [英] AWS Cognito, Lambda, User credentials in DynamoDB
问题描述
如果您可以通过识别代码而不是Facebook id键入ddb表,则可以使用认证凭据调用api网关。如果您在调用lambda时使用被叫方凭据,则可以通过令牌 $ context.identity.cognitoIdentityId
访问认证ID。这样可以确保该呼叫是由该ID的所有者发出的。您可以进一步查看 $ context.identity.cognitoAuthenticationProvider
是 graph.facebook.com
,以确保他们通过Facebook进行授权。不幸的是,Facebook id并没有在凭据中传递,所以如果你需要它,你将需要一个查找表,将cognito id映射到facebook id。有关可用令牌的更多详细信息,请参阅 here 。
I established a authentication flow with Facebook Login and AWS Cognito on the client site. Works fine. But now I need a reference of the user with its facebook id in a dynambodb table. Of course I could just call a AWS lambda function exposed via AWS API gateway, but how can I verify that the API call actually has a valid facebook id and that this facebook id matches the AWS Cognito Id. Maybe I am missing something here, I hope you guys can point me in the right direction ;) thanks!
If you can key your ddb table by cognito id instead of facebook id, you can invoke api gateway with cognito credentials. If you use callee credentials when calling lambda you can access the cognito id via the token $context.identity.cognitoIdentityId
. This ensures the call was made by the owner of this id. You can further check that $context.identity.cognitoAuthenticationProvider
is graph.facebook.com
to ensure they authed via Facebook. Unfortunately, the facebook id is not passed in the credentials, so if you need it you will need a lookup table mapping cognito id to facebook id. For more details on the available tokens see here.
这篇关于AWS Cognito,Lambda,DynamoDB中的用户凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!