什么是用于登录Amazon Cognito用户池的REST(或CLI)API [英] What is the REST (or CLI) API for logging in to Amazon Cognito user pools
问题描述
如何在没有官方SDK的平台上通过Amazon Cognito REST API(用于用户池)进行登录? -请注意,我要求的是用户池-不是身份池。
How do i make logins happen via Amazon Cognito REST APIs (for user pools) on platforms for which there is no official SDK? - Note that i am asking for user pools - not identity pools.
Amazon cognito提供3种登录名:
Amazon cognito provides 3 kinds of logins:
- 联合登录名(创建 身份池 )-使用社交联系,例如FB,Twitter,G +等
- AWS管理的登录(创建 用户池 )-使用亚马逊自己的托管注册,登录,忘记密码,重置密码服务
- 开发人员提供登录信息(我自己设计的身份验证服务,由我自己管理)
- federated logins (creates identity pools) - using social connects like FB, Twitter, G+ etc
- AWS managed logins (creates user pools) - using Amazon's own managed signup, signin, forgot password, reset password services
- developer provided logins (my custom designed authentication service managed by myself)
我正在使用第二个(带有用户池)
I am using the second one (with User Pools)
Amazon cognito有多个适用于android,iOS,javascript,Xamarin等的SDK。Cognito还提供REST API,以在除官方SDK支持的平台之外的平台上构建。 我正在为其他平台构建应用程序 ,因此,REST API是我唯一的方法,因为我的平台没有官方的SDK。
Amazon cognito has several SDKs for android, iOS, javascript, Xamarin etc. Cognito also provides REST APIs for building on platforms other than those supported by official SDKs. I am building an app for a different platform and, hence, REST API is my only way as there is no official SDK for my platform.
Cognito REST API为 注册, 忘记密码, 确认验证等,但是令人惊讶的是, REST API没有用于简单登录/登录的任何端点 。
The Cognito REST API provides various endpoints for 'sign up', 'forgot password', 'confirm verification' etc, but surprisingly, the REST API does not have any endpoint for simple signin / login.
来自 Cognito CLI API文档我拥有 注册用户, 确认注册所需的所有官方CLI API。 em>, 更改密码, 验证电话号码, 忘记密码等。 没有提到用于登录的CLI API。 。我希望应该有一些CLI API,例如 $ aws cognito-idp登录 ,就像 $ aws cognito-idp注册 或 $ aws cognito-idp忘记密码 strong>等。
From Cognito CLI API docs I have all the OFFICIAL CLI APIs necessary to "signup users", "confirm signups", "change passwords", "verify phone numbers", "forgot passwords" etc. Surprisingly there is no CLI API mentioned for LOGINs. I was hoping there should be some CLI API like "$ aws cognito-idp log-in" just like there is for "$ aws cognito-idp sign-up" or for "$ aws cognito-idp forgot-password" etc.
也来自此入门教程讨论了 *应该做什么令牌收到 AFTER 用户的成功身份验证*。但是,它并没有谈论 如何 如何首先使用Cognito用户池API进行成功的身份验证。示例仅适用于Android,iOS和javascript SDK。没有适用于没有SDK的平台的身份验证示例。
Also from this getting started tutorial it talks about "*what should be done with tokens received AFTER successful authentication of a user*". However, it doesn't talk about HOW TO make the successful authentication happen on the first place with Cognito User Pool APIs. Examples are available only for Android, iOS, javascript SDKs. There are no authentication examples available for platforms which do not have SDKs.
因此, 如何操作我是否在没有官方SDK的平台上通过Amazon Cognito REST API(针对用户池)进行登录?
Hence, How do i make logins happen via Amazon Cognito REST APIs (for user pools) on platforms for which there is no official SDK?
推荐答案
更新:
Update:
正如您在下面的评论中指出的那样,身份验证流程在此处记录: http:/ /docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html 。这可能有助于阐明身份验证流程
As you pointed out in the comments below, the authentication flow is documented here: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html. This might help to clarify the authentication flow
这有点违反直觉,但对于不想让用户明确签名的移动应用程序来说确实有道理进入,而是为用户携带令牌。请注意,适用于iOS的AWS Userpools SDK中有一个显式登录(登录)API。我没有使用过它,但是我想它只是通过相同的 InitiateAuth()以及随后的 RespondToAuthChallenge()的备用客户端API。 流。 iOS登录示例记录在此处- IOS SDK示例:登录用户
It is somewhat counter-intuitive, but it does make sense for mobile apps where you don't want to have the user explicitly sign in, but instead carry tokens around for the user. Note that there is an explicit signin (login) API in the AWS Userpools SDK for iOS. I have not used it, but I suppose it is just an alternate client side API to get through the same InitiateAuth() followed by a RespondToAuthChallenge() flow. The iOS signin example is documented here - IOS SDK Example: Sign in a User
原始帖子:
Original Post:
用于启动身份验证的Cognito用户池API文档为在此处可用
The Cognito User Pools API documentation for initiating auth is available here
如果您在其中一个SDK中实现用户池应用程序,则它的工作方式将变得更加清晰(我在iOS的Swift中做了一个,这很明确,因为JSON响应的日志记录很冗长,您可以
The way it works becomes clearer if you implement a user pools application in one of the SDK's (I did one in Swift for iOS, it is clarified because the logging of the JSON responses is verbose and you can kind of see what is going on if you look through the log).
但是假设我理解您的问题:总之,您应该 InitiateAuth()以及对此的回应(来自Cognito我们er Pools服务器)是一个挑战。然后,您执行 RespondToAuthChallenge()(也记录在该API文档中),对此的响应是身份验证结果-假定密码/会话/令牌已被接受。
But assuming I understand your question: In summary you should InitiateAuth() and the response to that (from the Cognito User Pools server) is a challenge. Then you do RespondToAuthChallenge() (also documented in that API doc) and the response to that is an authentication result - assuming that the password / session / token were accepted.
我相信,这两件事的组合就是您所说的LOGIN,它的工作方式类似于登录。在API中,其设置方式是尝试在未经身份验证的用户时获取用户信息,从而启动 InitiateAuth(),并且(无论如何在iOS中)API都会回调您编写的代码以询问密码,并发送 RespondToAuthChallenge()请求等。
The combination of those two things is, I believe, what you are calling LOGIN, and it works like a login. In the API's, the way it is set up is that attempts to get user information when the user is unauthenticated kicks off that InitiateAuth() and (in iOS anyway) the API does a callback to the code you write to ask for passwords, and send a RespondToAuthChallenge() request etc.
这篇关于什么是用于登录Amazon Cognito用户池的REST(或CLI)API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
