在Lambda函数中验证Cognito会话 [英] Validate Cognito session in Lambda function

问题描述

我在DynamoDB中存储了一些数据。为了检索数据，我要求根据Cognito用户池对用户进行身份验证。我已经成功使用AWS-Amplify库成功验证了用户身份，并且成功验证后Cognito返回了以下JSON数据：

I have some data stored in DynamoDB. In order to retrieve the data, I'm requiring users to be authenticated against Cognito user pool. I have managed to authenticate users successfully using AWS-Amplify library and Cognito returns following JSON data after successful authentication :

{  
  "username":"....",
  "pool":{  
     "userPoolId":"....",
     "clientId":"...",
     "client":{  
        "endpoint":"....",
        "userAgent":"aws-amplify/0.1.x js"
     },
     "advancedSecurityDataCollectionFlag":true,
     "storage":{  
        "loglevel:webpack-dev-server":"INFO"
     }
  },
  "Session":"abcd12345", <-------------------------------------------
  "client":{  
     "endpoint":"......",
     "userAgent":"aws-amplify/0.1.x js"
  },
  "signInUserSession":null,
  "authenticationFlowType":"USER_SRP_AUTH",
  "storage":{  
     "loglevel:webpack-dev-server":"INFO"
  },
  "challengeName":"NEW_PASSWORD_REQUIRED",
  "challengeParam":{  
     "userAttributes":{  
        "email_verified":"true",
        "phone_number_verified":"true",
        "phone_number":"...",
        "email":"....."
     },
     "requiredAttributes":[  

     ]
  }
}

我已经实现了带有API网关的Lambda函数来处理来自客户端的数据请求。我的问题是，有没有一种方法可以验证Lambda函数中的会话值（由Cognito返回），以便在返回数据之前确保用户已通过身份验证？

I have implemented Lambda function with API Gateway to handle data request from client. My question is, is there a way to validate the session value ( returns by Cognito ) inside Lambda function, so that I can ensure user is authenticated before I return data?

推荐答案

也许您找到了解决方案，那么我希望它会对其他人有所帮助。

May be you found a solution to this, then I hope it will help someone else.

如果我正确地回答了您的问题，那么您可以使用 AWS.CognitoIdentityServiceProvider

If I got your question correctly you can use AWS.CognitoIdentityServiceProvider

并以此方式进行操作：

const AWS = require('aws-sdk');

const cisp = new AWS.CognitoIdentityServiceProvider({ apiVersion: '2016-04-18'});

exports.handler = (event, context, callback) => {
     const accessToken = event.accessToken;
     const cispParams = {
         "AccessToken": accessToken
     };

     cisp.getUser(cispParams, (err, result) => {
         if (err) {
             console.log(err);
             callback(err);
         } else {
             // code in this part is reached only if accessToken is valid.
             // So add your code to respond to a verified user here.
         }
         // rest of your Lambda code.

但是默认情况下，accessToken将不存在。您必须从前端传递它。

But accessToken will not be there by default. You have to pass it from front end.

//your code to generate API Gateway url// 
+ '?accessToken=' + session.getAccessToken().getJwtToken();

然后通过设置API网关到Lambda（可以搜索如何通过API网关将url参数传递给Lambda）。

Then setup API Gateway to pass it to Lambda (can search for how to pass url params to Lambda through API Gateway).

这篇关于在Lambda函数中验证Cognito会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！