在Lambda函数中验证Cognito会话 [英] Validate Cognito session in Lambda function
问题描述
我在DynamoDB中存储了一些数据。为了检索数据,我要求根据Cognito用户池对用户进行身份验证。我已经成功使用AWS-Amplify库成功验证了用户身份,并且成功验证后Cognito返回了以下JSON数据:
I have some data stored in DynamoDB. In order to retrieve the data, I'm requiring users to be authenticated against Cognito user pool. I have managed to authenticate users successfully using AWS-Amplify library and Cognito returns following JSON data after successful authentication :
{
"username":"....",
"pool":{
"userPoolId":"....",
"clientId":"...",
"client":{
"endpoint":"....",
"userAgent":"aws-amplify/0.1.x js"
},
"advancedSecurityDataCollectionFlag":true,
"storage":{
"loglevel:webpack-dev-server":"INFO"
}
},
"Session":"abcd12345", <-------------------------------------------
"client":{
"endpoint":"......",
"userAgent":"aws-amplify/0.1.x js"
},
"signInUserSession":null,
"authenticationFlowType":"USER_SRP_AUTH",
"storage":{
"loglevel:webpack-dev-server":"INFO"
},
"challengeName":"NEW_PASSWORD_REQUIRED",
"challengeParam":{
"userAttributes":{
"email_verified":"true",
"phone_number_verified":"true",
"phone_number":"...",
"email":"....."
},
"requiredAttributes":[
]
}
}
我已经实现了带有API网关的Lambda函数来处理来自客户端的数据请求。我的问题是,有没有一种方法可以验证Lambda函数中的会话值(由Cognito返回),以便在返回数据之前确保用户已通过身份验证?
I have implemented Lambda function with API Gateway to handle data request from client. My question is, is there a way to validate the session value ( returns by Cognito ) inside Lambda function, so that I can ensure user is authenticated before I return data?
推荐答案
也许您找到了解决方案,那么我希望它会对其他人有所帮助。
May be you found a solution to this, then I hope it will help someone else.
如果我正确地回答了您的问题,那么您可以使用 AWS.CognitoIdentityServiceProvider
If I got your question correctly you can use AWS.CognitoIdentityServiceProvider
并以此方式进行操作:
const AWS = require('aws-sdk');
const cisp = new AWS.CognitoIdentityServiceProvider({ apiVersion: '2016-04-18'});
exports.handler = (event, context, callback) => {
const accessToken = event.accessToken;
const cispParams = {
"AccessToken": accessToken
};
cisp.getUser(cispParams, (err, result) => {
if (err) {
console.log(err);
callback(err);
} else {
// code in this part is reached only if accessToken is valid.
// So add your code to respond to a verified user here.
}
// rest of your Lambda code.
但是默认情况下,accessToken将不存在。您必须从前端传递它。
But accessToken will not be there by default. You have to pass it from front end.
//your code to generate API Gateway url//
+ '?accessToken=' + session.getAccessToken().getJwtToken();
然后通过设置API网关到Lambda(可以搜索如何通过API网关将url参数传递给Lambda)。
Then setup API Gateway to pass it to Lambda (can search for how to pass url params to Lambda through API Gateway).
这篇关于在Lambda函数中验证Cognito会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!