如何在AWS Lambda中验证Cognito访问令牌以允许网关API调用？ [英] How to get validate Cognito Access Token in AWS Lambda to allow Gateway API call?

问题描述

我想做的是将API网关设置为我的Lambda函数，以将其中的一些保存在DynamoDB中（或其他我想仅用于已登录用户的内容）。但是我不明白如何验证AccessToken以及如何从中获取用户。

What I am trying to do is to set up API Gateway to my Lambda function that saves some in DynamoDB (or other stuff that I want to be only for logged in users). But I do not understand how to validate AccessToken and how to get user from that.

我发现了这个在AWS论坛上发布，我决定尝试方法1。

I found this post on AWS forum and I decided to try approach 1.

Cognito用户池+ API网关+ API网关自定义授权方+ Cognito用户池访问令牌。

Cognito User Pools + API Gateway + API Gateway Custom Authorizer + Cognito User Pools Access Token.

现在我已经登录用户：

var authenticationData = {
  Username : 'username', // your username here
  Password : 'password', // your password here
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);

var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
  onSuccess: function (result) {
    console.log('access token + ' + result.getAccessToken().getJwtToken());
....

和他的accessToken。我也在我的API中设置了自定义API Gateway Custom Authorizer

and his accessToken. I also set up custom API Gateway Custom Authorizer in my API call.

现在，我应该验证访问令牌并决定是允许还是拒绝方法调用，但是我不知道该怎么做以及如何从中检索用户。

Now I should validate the access token and decide whether to allow or deny method call. But I do not understand how to do that and how to retrieve user from the token?

推荐答案

请查看以下博客文章的示例代码： https://mobile.awsblog.com/post/Tx3JK25U7Z9EUIU/Integrating-Amazon-Cognito -带有API网关的用户池

Please take a look at the sample code on this blog post: https://mobile.awsblog.com/post/Tx3JK25U7Z9EUIU/Integrating-Amazon-Cognito-User-Pools-with-API-Gateway

这篇关于如何在AWS Lambda中验证Cognito访问令牌以允许网关API调用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！