AWS Cognito 用户池 - 只读客户端 [英] AWS Cognito User Pool - read-only client

问题描述

问题已经在标题中说明了 - 有没有办法为 Amazon Cognito 用户池创建一个只有读取权限的应用程序客户端?这有点奇怪，但是当我取消选中可写属性"部分(用户池 -> 常规设置 -> 添加另一个应用程序客户端)中的所有框时，它会返回此警告:

The question is already stated in the title - is there any way to create an App client for Amazon Cognito User Pool, which will have read permissions only? It's a bit weird but when I untick all the boxes in "Writable Attributes" section (User pool -> General settings -> Add another app client), it gives back this warning:

默认情况下所有属性都是可写的，因为没有选择.选择属性以仅使那些可写

All attributes are writable by default because none are selected. Select attributes to make only those writable

这很酷，但我的目的是创建 1 个具有所有写入权限的可信任私人客户端和 1 个公共只读客户端以嵌入到应用程序中.我设法将可写属性的数量减少到一个，这对我来说并不重要，但是这个解决方案看起来很笨拙.有没有人设法正确破解这个?

That's cool, but my intention was to create 1 trustable private client with all write permissions and 1 public read-only client to be embedded into the app. I managed to reduce the number of writable attributes to a single one, which is not so important for me, but this solution looks hacky. Did anyone manage to crack this properly?

我也尝试使用 App 客户端 OAuth 2.0 设置，但没有成功.感谢您提供任何信息.

I also tried to play with App client OAuth 2.0 settings, but had no luck. Thanks for any info.

推荐答案

默认情况下所有属性都是可写的，因为没有选择.选择属性以仅使那些可写

all attributes are writable by default because none are selected. Select attributes to make only those writable

服务提供商基本上将您限制在他们预期的用例中.目前，我认为您的解决方案是唯一的解决方法.

The service provider is basically constraining you to their anticipated use case. Currently, I think your solution is the only work around.

这篇关于AWS Cognito 用户池 - 只读客户端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！