使用cognito登录而不是证书来认证和订阅AWS IoT MQTT主题？ [英] Use cognito login instead of certificates to authenticate and subscribe to aws IoT MQTT topics?

问题描述

我是学习AWS的新手，我试图弄清楚我的用例是否可行。我想创建一个移动应用程序，用户可以登录（电子邮件/ facebook / google等），然后在AWS IoT上订阅一些MQTT主题，以接收园艺系统的实时传感器数据。 AWS上有很多教程，向您展示如何执行
（主要示例： https://github.com/awslabs/aws-sdk-android-samples/blob/master/AndroidPubSub/README.md ）

I'm new to learning AWS and I'm trying to figure out if my use-case is possible. I want to create a mobile app where the user can login (email/facebook/google etc.) and then subscribe to a few MQTT topics on aws IoT to receive realtime sensor data for a gardening system. There are many tutorials on AWS that show you how to do this (prime example: https://github.com/awslabs/aws-sdk-android-samples/blob/master/AndroidPubSub/README.md)

，但所有这些都需要您下载证书，在代码/密钥库本身中插入应用程序ID，秘密密钥等。我真的很想避免所有这些情况，只需要使用登录名作为订阅这些主题所需的所有授权即可。

but all of them require you to download certificates, insert app IDs, secret keys etc. in the code/keystore itself. I'd really like to avoid all of this and just use the login as all the authorization you would need to subscribe to these topics.

这可能吗？还是我需要构建一些自定义系统？

is this possible? or do I need to build some custom system?

推荐答案

简短的回答，是的，有可能。为此，您应该执行以下操作：

Short answer, Yes, it is possible. To do that you should do the following:

• 创建Cognito 用户池。下一步将使用用户池ID 和 App客户端ID 。您可以在此处找到更多信息。 。

• Create Cognito user pool. User Pool ID and App client id will be used in the next step. You can find more information here.

创建Cognito 身份池。在身份验证提供程序下，您应提供用户池ID 和 App客户端ID ，更多信息，请此处。创建此文件时，它将为IAM中的经过身份验证的用户和未经身份验证的用户创建两个角色。您应该向这些角色添加IoT访问权限（连接，发布，订阅和接收）。

Create Cognito Identity pool. Under Authentication Providers you should give User Pool ID and App client id, more information here. When you create this, it will create two Roles for Authenticated and Unauthenticated users in IAM. You should add IoT access permissions (Connect, Publish, Subscribe and Receive) to those roles.

在客户端（您的App） SDK（Android，iOS，React，JS等），并配置用户池ID ，身份池和 App客户端ID ，您应该首先通过将用户信息（通常是电子邮件/用户名和密码）发送到Cognito用户池来对用户进行身份验证。作为回报，您将获得一些令牌。

On client side (your App), after choosing your preferred AWS SDK (Android, iOS, React, JS, etc.) and configuring User pool ID, Identity pool and App client ID you should first authenticate the user by sending the user information (usually Email/Username and Password) to the Cognito user pool. In return, you will get some tokens.

其中的IdToken（JWT）将被发送到身份池，作为回报，您将获得用户身份ID 以及访问AWS其他服务（如IoT）所需的凭据（accessKeyId，secretAccessKey，sessionToken）。

Among those IdToken (JWT) will be sent to the Identity pool and in return you will get User Identity ID along with credentials (accessKeyId, secretAccessKey, sessionToken) needed to access AWS other services like IoT.

Last步骤将为您的应用程序使用 aws-iot-sdk 以及这些凭据来发布和订阅您的IoT主题。您可以找到有关 aws-iot-sdk 此处。

Last step would be using aws-iot-sdk for your App along with those credentials to publish and subscribe to your IoT topics. You can find more information about aws-iot-sdk here.

这篇关于使用cognito登录而不是证书来认证和订阅AWS IoT MQTT主题？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！