如何通过AWS API Gateway对单个终端节点使用多个Cognito用户池? [英] How to use multiple Cognito user pools for a single endpoint with AWS API Gateway?
问题描述
我最近将API网关实现为具有单个代理端点的代理.
I've recently implemented an API Gateway as a proxy with a single proxy endpoint.
我使用Cognito作为授权机制,只要我只有一个用户池,一切都很好.
I'm using Cognito as authorisation mechanism and as long as I have only one user pool everything is fine.
我想要实现的目的是允许来自不同用户池的用户,但是在AWS控制台中,我似乎只能选择一种Cognito机制,它只是一个用户池.
What I am trying to achieve is to be able to allow users from different user pools, but in the AWS Console I just seem to be able to select one Cognito mechanism which is only one user pool.
是否有一种方法可以通过另一个方式允许多个用户池?对于这种情况,是否有替代的最佳实践?我确实需要用户位于单独的用户池中,以便不共享其身份验证属性,并且不相互共享帐户.
Is there a way to allow multiple user pool through another mean ? Is there an alternative best practice for this scenario ? I really need users to be in separate user pools so their authentication attributes are not shared and their accounts not mutualised.
谢谢
推荐答案
到目前为止,解决此问题的唯一可行方法似乎是使用Lambda函数来授权用户,在令牌信息中检索其用户池ID,然后进行比较将其添加到允许的用户池列表中,以授予或不授予用户访问权限.
As of today, the only viable solution to this problem seems to use a Lambda function to authorize users, retrieving their user pool ID in the token information and then comparing to it to a list of allowed user pools in order to give them access or not.
这篇关于如何通过AWS API Gateway对单个终端节点使用多个Cognito用户池?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!