如何使用ClaimsToAddOrOverride在Cognito中的IdToken的Claims中添加数组值 [英] How to add array values in Claims of IdToken in Cognito using claimsToAddOrOverride

问题描述

我正在使用预生成令牌以更新IdToken的声明.

I am using Pre Token Generation to update the claims of IdToken.

我能够使用单个key:value对成功更新索偿. 下面是示例示例.

I am successfully able to update claim using single key:value pair. Below is the sample example of that.

event["response"] = {"claimsOverrideDetails":{"claimsToAddOrOverride":{"scope": "test.debug"}}}

但是当我尝试在其中添加字符串数组时，它给了我内部服务器错误(AWS Cognito的响应)

But when i am trying to add array of string inside that, it giving me internal server error (Response from AWS Cognito)

例如:

event["response"] = {"claimsOverrideDetails":{"claimsToAddOrOverride":{"scope": ["test1","test2]}}}

使用lambda函数的测试"选项可以正常工作.

It is working fine using 'Test' option of lambda function.

如果我使用的是 groupsToOverride ，那么它将覆盖 cognito:groups 声明.

If i am using groupsToOverride then it is overriding the cognito:groups claim.

有帮助吗?

推荐答案

我认为这肯定是Cognito的一个错误，不幸的是，在解决之前，需要一种解决方法.

I think this must be a bug with Cognito and unfortunately will require a workaround until it's resolved.

我知道这并不理想，但是我已经通过使用定界字符串解决了这个问题，当我收到令牌时，我便将其解析为一个数组.

It's not ideal I know, but I've worked around this issue by using a delimited string which I then parse to an array when I receive the token.

Lambda:

exports.handler = (event, context, callback) => {
    event.response = {
        "claimsOverrideDetails": {
            "claimsToAddOrOverride": {
                "scope": "test1|test2"
            }
        }
    };

    // Return to Amazon Cognito
    callback(null, event);
};

客户:

const token = jwt.decode(id_token);
const scopes = token.scope.split('|');

这篇关于如何使用ClaimsToAddOrOverride在Cognito中的IdToken的Claims中添加数组值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！