AWS Cognito-具有联合身份提供者的用户池 [英] AWS Cognito - User Pools with Federated Identity providers
问题描述
我是AWS的新手,正在学习有关Cognito池的信息.
I am new to AWS and learning about Cognito Pools.
我计划使用与Cognito联合身份池连接的Cognito用户池.我不想使用具有托管UI功能的登录"或任何其他登录UI进行登录.
I am planning to use Cognito userpools connected with Cognito Federated Identity pool. I do not want to use Login with hosted UI feature or any other login UI to log in.
以下是正确的/可能的:-
Is the following true/possible :-
- 从后端使用用户名和密码调用某些Cognito API以来,它可以自动调用已配置的用户池联合身份提供程序以对用户进行身份验证,然后生成JWT令牌.如果可以,请参考/指导我.
- 身份提供者中存在的用户在AWS用户池中不存在.是否可以使用已配置的身份提供程序对用户进行身份验证,而该用户不会出现在AWS用户池中?如果是,那么在身份验证后是否将在AWS User Pool中创建用户?
我将非常感谢您的帮助.预先感谢.
I will really appreciate any help. Thanks in advance.
推荐答案
从后端调用使用用户名和密码的某些Cognito API它可以自动调用已配置的用户池联合身份提供者来验证用户身份,然后生成JWT令牌.如果是的,可以请您参考/指导我.
From back end on calling some Cognito API with username and password it can automatically call the configured User pool Federated Identity provider to authenticate the user and then generate the JWT token. If yes can you please refer/guide me please.
这是可能的.您可以结合使用以下两个参考.
This is possible. You can use a combination of the following two references.
var authenticationData = {
Username : 'username',
Password : 'password',
};
var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
var poolData = { UserPoolId : 'us-east-1_xxxxx',
ClientId : 'xxxxxxxxxxxxxxxx'
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var userData = {
Username : 'username',
Pool : userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
/*Use the idToken for Logins Map when Federating User Pools with identity pools or when passing through an Authorization Header to an API Gateway Authorizer*/
console.log('idToken + ' + result.idToken.jwtToken);
},
onFailure: function(err) {
alert(err);
},
});
将JWT令牌传递到认知联合身份通过SDK进行池化并交换AWS临时访问凭证,以对AWS设置执行任何操作.
Pass the JWT Token to the Cognito Federated Identity Pool via SDK and exchange for AWS Temporary access credentials to perform any action against AWS provisioning.
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:xxxxxxx-xxxx-xxxx-xxxx-xxxxxx',
Logins: {
'cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxxx': result.idToken.jwtToken
}
});
身份提供者中存在的用户在AWS用户池中不存在.是可以使用配置的身份提供者对用户进行身份验证没有用户存在于AWS用户池中?如果是,那认证后在AWS用户池中创建用户?
User present in Identity provider does not exist in AWS user pool. Is it possible to authenticate the user with configured Identity provider without the user being present in AWS user pool? If yes then will the user be created in AWS User pool after authentication?
仅当您的外部身份提供程序支持SAML联合时,这才可能.
This is only possible if your external Identity Provider supports SAML Federation.
这篇关于AWS Cognito-具有联合身份提供者的用户池的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
