如何在Lamda函数中访问呼叫者的Cognito用户名? [英] How can I access the Cognito username of the caller in a Lamda function?
问题描述
我已经向API网关中的API端点添加了授权.
I have added authorization to the API endpoint in the API Gateway.
这为事件添加了 identity 属性,该属性似乎是相关的.
This added the identity property, which seems relevant, to event.
identity:
{
cognitoIdentityPoolId: null,
accountId: null,
cognitoIdentityId: null,
caller: null,
sourceIp: 'detracted',
accessKey: null,
cognitoAuthenticationType: null,
cognitoAuthenticationProvider: null,
userArn: null,
userAgent: 'Amazon CloudFront',
user: null },
apiId: 'detracted' },
body: null,
isBase64Encoded: false
}
但是那里主要是 null .那么如何访问呼叫者的Cognito用户名?
But there is mostly null there. So how can I access the Cognito username of the caller?
我添加了一个映射模板.但是,这是一个GET请求,因此我不知道它是否有作用,因为工具提示会说明数据已附加到主体上.
I added a mapping template. It is a GET request however, so I don't know if it has any effect, as the tooltip explains that the data is attached to the body.
## See http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
## This template will pass through all parameters including path, querystring, header, stage variables, and context through to the integration endpoint via the body/payload
#set($allParams = $input.params())
{
"body-json" : $input.json('$'),
"params" : {
#foreach($type in $allParams.keySet())
#set($params = $allParams.get($type))
"$type" : {
#foreach($paramName in $params.keySet())
"$paramName" : "$util.escapeJavaScript($params.get($paramName))"
#if($foreach.hasNext),#end
#end
}
#if($foreach.hasNext),#end
#end
},
"stage-variables" : {
#foreach($key in $stageVariables.keySet())
"$key" : "$util.escapeJavaScript($stageVariables.get($key))"
#if($foreach.hasNext),#end
#end
},
"context" : {
"account-id" : "$context.identity.accountId",
"api-id" : "$context.apiId",
"api-key" : "$context.identity.apiKey",
"authorizer-principal-id" : "$context.authorizer.principalId",
"caller" : "$context.identity.caller",
"cognito-authentication-provider" : "$context.identity.cognitoAuthenticationProvider",
"cognito-authentication-type" : "$context.identity.cognitoAuthenticationType",
"cognito-identity-id" : "$context.identity.cognitoIdentityId",
"cognito-identity-pool-id" : "$context.identity.cognitoIdentityPoolId",
"http-method" : "$context.httpMethod",
"stage" : "$context.stage",
"source-ip" : "$context.identity.sourceIp",
"user" : "$context.identity.user",
"user-agent" : "$context.identity.userAgent",
"user-arn" : "$context.identity.userArn",
"request-id" : "$context.requestId",
"resource-id" : "$context.resourceId",
"resource-path" : "$context.resourcePath",
"username" : "$context.authorizer.claims['cognito:username']"
}
}
"event" : {
"username" : "$context.authorizer.claims['cognito:username']"
}
推荐答案
您正在通过调用API Gateway发送用户的idToken,对吧?
You're sending the user's idToken with the call to API Gateway, right?
我认为您已经在此解决方案中成功获取了用户的Cognito信息.
I assume that you are successfully getting the user's Cognito information in this solution.
在对API Gateway的调用中,您包括一个带有令牌的Authorization标头,如下所示:
In your call to API Gateway, you include an Authorization header with the token like so:
var url = YOURURL;
var options = {
method: "GET",
headers: {
'Authorization': COGNITOUSER_IDTOKEN
}
}
fetch(url, options);
有很多方法可以获取用户的ID令牌,因此我在这里不做任何规定.
There are many ways to get your user's ID Token, so I will not prescribe that here.
只要您这样做,就可以通过集成请求(API网关中API阶段的一部分)映射模板访问令牌中的信息.
As long as you're doing that, you can access the information in the token via the Integration Request (on of the stages of your API in API Gateway) mapping template.
在映射模板中,您可以使用以下代码:
In your mapping template, you can use this:
{
"username" : "$context.authorizer.claims['cognito:username']"
}
然后,您可以在Lambda函数中通过引用"event.username"来访问它.
Then, in your Lambda function, you can access this by referencing "event.username".
这篇关于如何在Lamda函数中访问呼叫者的Cognito用户名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
