Cognito 身份验证和单点登录 [英] Cognito authentication and Single Sign On

问题描述

我有一个网页，用户使用 Amazon Cognito 和 AWS Amplify 身份验证登录.我有一个指向该应用程序的链接，可以打开另一个应用程序.我想要单点登录(我不确定这是否是最好的方法)，但是，我已经阅读了一些关于它的信息，有关于获取 ID 令牌和访问令牌以登录到其他应用.如何使用该 JWT 令牌访问我的应用程序?预期结果

I have a web page were the user signs in using Amazon Cognito and AWS Amplify authentication. I have a link into that application that opens another aplication. I want a Single Sign On (I'm not sure if this is the best way to do this), however, I have read a little about it, that there is information about getting the ID Token and the Access Token to login to the other application. How can I use that JWT token to access to my application? The expected result

推荐答案

身份验证后，您的应用程序可以从 Cognito 用户池查询令牌(请参阅 https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)

After authentication, your application can query tokens from Cognito User Pool (see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)

反过来，您的应用程序可以将令牌作为 HTTP 标头传递给第二个应用程序(SSO 的目标).

Your app can, in turn, pass a token to the second app (the target of the SSO) as a HTTP header.

第二个应用程序将验证令牌(即验证签名和声明，请参阅https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-验证-a-jwt.html) 并授予授权用户访问权限.

The second app will verify the token (i.e. verify the signature and the claim, see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html) and grant access to authorised users.

如果未提供令牌或令牌无效，第二个应用将重定向到身份验证页面.

In case no token is provided, or an invalid token, the second app will redirect to an authentication page.

这篇关于Cognito 身份验证和单点登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！