如何对未经身份验证的用户使用AWS Cognito? [英] How to use AWS Cognito for unauthenticated users?
问题描述
我想使用AWS Cognito(用户池和身份池)来管理对我的Web应用程序的访问.
I'd like to use AWS Cognito (User Pools and Identity Pools) for managing access to my web app.
此网络应用程序是报告生成器.它根据收集的传感器数据生成报告.
This web app is a report generator. It generates reports from gathered sensors' data.
请求的数据的可能范围应因用户而异.某些用户只能访问指定区域或日期范围内的特定传感器ID或传感器.
The possible scope of requested data should vary between users. Some users should only have access to specific sensor IDs or sensors from a specified area or date range.
但是,我想将一些报告公开发布-例如.来自纽约的传感器的数据应该提供给所有人,而无需注册/登录.
However, I'd like to make some reports publicly available - eg. data from sensors from New York should be available to everyone without the need to sign up/sign in.
对于经过身份验证的用户,我想我可以向Cognito用户池添加一个自定义属性,其中包含指定用户应有权访问的传感器ID. 然后,在注册并使用Cognito登录后,用户可以向我的应用程序发出请求,然后我将验证JWT并从有效负载中获取有关用户可以请求哪些传感器的信息.
As for authenticated users, I think I could just add a custom attribute to Cognito User Pool with sensor IDs that the specified user should have access to. Then, after signing up and logging in with Cognito, the user could make a request to my application and I would verify the JWT and get from the payload information about what sensors can the user request.
不幸的是,我不确定如何处理未经身份验证的用户.我看到这样的话:
Unfortunately, I'm not sure how to handle unauthenticated users. I see it like that:
- 用户导航到包含特定公开报告的页面.例如. https://example.com/reports/new-york/
- 前端(React.js)以某种方式获得具有自定义属性
custom:city=New York的签名JWT. - Frontend向我的应用程序发出请求,如果请求仅包含针对纽约传感器的查询,我的应用程序将验证JWT并将数据允许给用户.
- The user navigates to a page with a specific public report. Eg. https://example.com/reports/new-york/
- Frontend (React.js) somehow gets signed JWT with custom attribute
custom:city=New York. - Frontend makes a request to my application, my app verifies JWT and permits the data to the user if the request contains a query only for New York's sensors.
也许我应该创建一个具有已知用户名和密码的用户,并在前端对其进行硬编码?
Maybe I should create a user with known username and password and hardcode it in the frontend?
使用Cognito是否合适?我应该以其他方式实现它吗?
Is it a proper way to use Cognito? Should I implement it in some other way?
推荐答案
是的,有一种使用cognito身份池实现未经身份验证的访问的简单方法.您将不会为此使用用户池.转到aws控制台中的身份池,然后单击编辑身份池".现在向下滚动到未经身份验证的身份并将其启用.
Yes there is a simple way to implement unauthenticated access using cognito identity pool. You will not be using user pool for this. Go to identity pool in the aws console and click on edit identity pool. Now scroll down to unauthenticated identities and enable it.
为此身份池自动创建了2个不同的角色.一个用于身份验证角色,另一个用于取消身份验证角色.相应地授予权限.现在,您可以使用cognito sdk进行未经身份验证的调用,如果您不提供凭据,则会获得未经身份验证角色的凭据.
There are 2 different roles created automatically for this identity pool. One for auth role and another for unauth role. Give permissions accordingly. Now you can make unauthenticated calls using cognito sdk and if you don't provide credentials you will be given credentials for the unauthenticated role.
这篇关于如何对未经身份验证的用户使用AWS Cognito?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
