如何通过AWS API Gateway对单个终端节点使用多个Cognito用户池? [英] How to use multiple Cognito user pools for a single endpoint with AWS API Gateway?

问题描述

我最近将API网关实现为具有单个代理端点的代理.

I've recently implemented an API Gateway as a proxy with a single proxy endpoint.

我使用Cognito作为授权机制，只要我只有一个用户池，一切都很好.

I'm using Cognito as authorisation mechanism and as long as I have only one user pool everything is fine.

我想要实现的目的是允许来自不同用户池的用户，但是在AWS控制台中，我似乎只能选择一种Cognito机制，它只是一个用户池.

What I am trying to achieve is to be able to allow users from different user pools, but in the AWS Console I just seem to be able to select one Cognito mechanism which is only one user pool.

是否有一种方法可以通过另一个方式允许多个用户池?对于这种情况，是否有替代的最佳实践?我确实需要用户位于单独的用户池中，以便不共享其身份验证属性，并且不相互共享帐户.

Is there a way to allow multiple user pool through another mean ? Is there an alternative best practice for this scenario ? I really need users to be in separate user pools so their authentication attributes are not shared and their accounts not mutualised.

谢谢

推荐答案

到目前为止，解决此问题的唯一可行方法似乎是使用Lambda函数来授权用户，在令牌信息中检索其用户池ID，然后进行比较将其添加到允许的用户池列表中，以授予或不授予用户访问权限.

As of today, the only viable solution to this problem seems to use a Lambda function to authorize users, retrieving their user pool ID in the token information and then comparing to it to a list of allowed user pools in order to give them access or not.

这篇关于如何通过AWS API Gateway对单个终端节点使用多个Cognito用户池?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！