使用adminInitiateAuth对AppSync请求进行身份验证 [英] Authenticate AppSync request with adminInitiateAuth

问题描述

https://read.acloud.guru/backend-graphql-how-to-trigger-an-aws-appsync-mutation-from-aws-lambda-eda13ebc96c3 描述了一种调用AppSync的好方法假设使用了AppSync上的IAM身份验证，就可以使用来自Lambda的简单HTTP请求进行突变，但是我希望能够使用AMAZON_COGNITO_USER_POOLS进行此操作。

The post on https://read.acloud.guru/backend-graphql-how-to-trigger-an-aws-appsync-mutation-from-aws-lambda-eda13ebc96c3 describes a nice way to call AppSync mutations using a simple HTTP requests from a Lambda assuming that IAM authentication is being used on AppSync, but I would like to be able to do this with AMAZON_COGNITO_USER_POOLS.

使用IAM凭证对请求进行签名即可完成此操作。据我所确定，当使用AMAZON_COGNITO_USER_POOLS时，请求未签名，但带有JWT令牌，但我正在努力寻找有关此工作原理的详细信息。 AWS.CognitoIdentityServiceProvider提供adminInitiateAuth作为在Lambda中获取用户池令牌的简便方法，但是我不知道如何使用这些令牌来验证AppSync的HTTP请求。我可以只将它们放在特定的标头中，还是过程更复杂？

The way it is done there is by signing the request using IAM credentials. As far as I could determine, when AMAZON_COGNITO_USER_POOLS is used, the requests are not signed but come with a JWT token but I am struggling to find details on how this works. AWS.CognitoIdentityServiceProvider provides adminInitiateAuth as an easy way to get User Pool tokens inside a Lambda but I have no idea how to use these tokens to authenticate HTTP requests for AppSync. Can I just put them in a specific header or is the process more complicated?

推荐答案

您必须将其传递给授权标头。

You will have to pass it to the authorization header.

这篇关于使用adminInitiateAuth对AppSync请求进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！