AWS Cognito-从AWS Cognito使用Google登录时是否可以获取Google访问令牌并使用AWS Access令牌刷新 [英] AWS cognito - Is it possible to get google access token and refresh using aws access token when sign in using google in from aws cognito
问题描述
当我从aws cognito登录页面使用google登录时,它会返回aws访问令牌。是否可以使用aws令牌检索Google访问令牌并刷新令牌。
用于登录的URL-
https://example.auth.ap-southeast-1.amazoncognito.com//login?redirect_uri=redirect_uri&response_type=token&client_id=client_id 。
When I signed in using google from aws cognito login page, it return back aws access token. Is it possible to retrieve google access token and refresh token using aws token. The url used to login - https://example.auth.ap-southeast-1.amazoncognito.com//login?redirect_uri=redirect_uri&response_type=token&client_id=client_id.
使用Google签名时,aws cognito如何处理刷新令牌?
How aws cognito handles refresh token when signed using google?
推荐答案
简而言之,
当您使用上述URL使用Cognito Userpool的OAuth端点登录时,来自Google的响应(即令牌)将发送到您的Userpool的OAuth响应端点域( https://example.auth.ap-southeast-1。 amazoncognito.com/oauth2/idpresponse )。 Cognito会检查Google的回复,并生成ID,访问权和刷新令牌并将其返回给您,具体取决于范围和使用的身份验证流程。来自Google的响应,即Google令牌没有存储在某个地方,也没有Cognito API调用来检索该令牌。
When you use the above URL to sign in using Cognito Userpool's OAuth endpoints, the response from google (i.e. tokens) is sent to the OAuth response endpoint for your userpool's domain ( https://example.auth.ap-southeast-1.amazoncognito.com/oauth2/idpresponse ). Cognito checks the response from Google and generates id, access & refresh tokens and returns these to you depending on the scope and auth flows used. The response from Google i.e the google tokens is not stored somewhere and there are no Cognito API calls to retrieve the same.
对于使用Google登录时的令牌刷新,取决于您的刷新令牌(由Cognito返回,而不是Google的刷新令牌)。只要从Cognito返回的刷新令牌有效,您就可以使用它来获取新的ID /访问令牌。同样,此过程完全不涉及Google。
As for token refresh when signed in using Google, that depends on your refresh token (returned by Cognito, and not Google's refresh token). As long as the refresh token returned from Cognito is valid, you can use it to get new id/access tokens. Again, this process does not involve Google at all.
这篇关于AWS Cognito-从AWS Cognito使用Google登录时是否可以获取Google访问令牌并使用AWS Access令牌刷新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
