使用Cognito用户池,不使用Cognito联合身份(身份池) [英] Using Cognito User Pools, without Cognito Federated Identities(identity pools)
问题描述
我只想使用Cognito用户池,因此我想将身份联盟与Cognito用户池一起使用,而没有Cognito联合身份(身份池)。
我已经阅读了文档,但未能成功。
如何在不使用身份池(联合身份)的情况下将Google和Cognito合并到用户池中。
根据您对Summer Guo的评论,这似乎是您遇到了问题...
此处缺少很多细节,但是如果您在API网关中使用Cognito授权器,则它不知道任何第三方IdP -它只知道您的Cognito用户池。因此,发送CUP JWT将有效,而发送其他任何内容均无效。如果要使用Google身份验证令牌,则需要实现一个自定义授权程序,以与Google一起验证此令牌。
我在reInvent期间介绍了这个主题。以下是详细介绍的视频:
https://www.youtube.com / watch?v = VZqG7HjT2AQ
I would like to use only Cognito User Pool, and therefore I want to use identity federation with Cognito User Pools, without Cognito Federated Identities (identity pools).
I have followed the documentation, but I couldn't succeed.
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social.html
Her is my User Pool configuration.
How can I combine Google and Cognito in User Pool without using identity pool (Federated Identities). Or is that possible?
Based on your comment to Summer Guo, here's what it seems like you're having an issue with...
A lot of details missing here, but if you're using a Cognito Authorizer in your API Gateway, then it doesn't know about any 3rd party IdP -- it just knows about your Cognito User Pool. So sending the CUP JWT will work, while sending anything else won't. If you want to use a Google auth token, then you need to implement a Custom Authorizer that verifies this token with Google.
I presented on this topic during reInvent. Here's the video that goes into the details: https://www.youtube.com/watch?v=VZqG7HjT2AQ
这篇关于使用Cognito用户池,不使用Cognito联合身份(身份池)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
