在AWS Cognito Oauth2令牌中包含用户详细信息 [英] Include user details in AWS Cognito Oauth2 token

问题描述

我正在使用带有NodeJS后端API的AWS Cognito，并希望在用户令牌客户端应用程序中定义的范围的 / oauth2 / token 端点的访问令牌返回中包含用户详细信息。

I'm using AWS cognito with a NodeJS backend API and want to include user details in the access token return from /oauth2/token end point with scopes defined in the user pool client app.

此外，如果我使用 adminInitiateAuth API，也无法将范围包含在返回访问令牌中。那么是否可以在一个访问令牌中同时包含用户详细信息和范围？

Also if I use adminInitiateAuth API, there is no way to include the scopes in the return access token. So is it possible to have both user details and scopes in a one access token?

推荐答案

Cognito不支持访问中的自定义声明令牌，我认为这是一个非常不错的设计选择。

Cognito does not support custom claims in access tokens, which I think is a really good design choice.

您可以通过声明缓存以更加可扩展的方式在API和UI中轻松管理额外的/自定义数据：
https://authguidance.com/2017/10/ 03 / api-tokens-claims /

You can manage extra / custom data fairly easily in your APIs and UIs in a much more extensible manner via claims caching: https://authguidance.com/2017/10/03/api-tokens-claims/

我的一个节点示例在此处执行此操作：
https://github.com/gary-archer/authguidance.websample2

There is a node sample of mine that does this here: https://github.com/gary-archer/authguidance.websample2

这是一种通常由API网关（例如AWS）实现的模式：
https://authguidance.com/2018/12/16/serverless-api-deployment/

It is a pattern often implemented by API gateways, such as AWS: https://authguidance.com/2018/12/16/serverless-api-deployment/

这篇关于在AWS Cognito Oauth2令牌中包含用户详细信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！