什么是用于登录 Amazon Cognito 用户池的 REST(或 CLI)API [英] What is the REST (or CLI) API for logging in to Amazon Cognito user pools
问题描述
如何在没有官方 SDK 的平台上通过 Amazon Cognito REST API(用于用户池)进行登录? - 请注意,我要求的是用户池 - 不是身份池.
How do i make logins happen via Amazon Cognito REST APIs (for user pools) on platforms for which there is no official SDK? - Note that i am asking for user pools - not identity pools.
Amazon cognito 提供 3 种登录方式:
Amazon cognito provides 3 kinds of logins:
- 联合登录(创建身份池)- 使用社交连接,如 FB、Twitter、G+ 等
- AWS 托管登录(创建用户池)- 使用亚马逊自己的托管注册、登录、忘记密码、重置密码服务
- 开发者提供的登录信息(我自定义设计的身份验证服务由我自己管理)
我正在使用第二个(使用用户池)
Amazon cognito 有多个适用于 android、iOS、javascript、Xamarin 等的 SDK.Cognito 还提供 REST API,用于在官方 SDK 支持的平台以外的平台上进行构建.我正在为不同的平台构建应用程序,因此,REST API 是我唯一的方法,因为我的平台没有官方 SDK.
Amazon cognito has several SDKs for android, iOS, javascript, Xamarin etc. Cognito also provides REST APIs for building on platforms other than those supported by official SDKs. I am building an app for a different platform and, hence, REST API is my only way as there is no official SDK for my platform.
Cognito REST API 为注册"、忘记密码"、确认验证"等提供了各种端点,但令人惊讶的是, REST API 没有任何用于简单登录/登录的端点.
The Cognito REST API provides various endpoints for 'sign up', 'forgot password', 'confirm verification' etc, but surprisingly, the REST API does not have any endpoint for simple signin / login.
来自 CognitoCLI API 文档我拥有注册用户"、确认注册"、更改密码所需的所有官方 CLI API"、验证电话号码"、忘记密码"等.令人惊讶的是,没有提到用于登录的 CLI API.strong> 我希望应该有一些 CLI API,例如$ aws cognito-idp 登录",就像$ aws cognito-idp 注册"或$ aws cognito-idp forgot-password"等
From Cognito CLI API docs I have all the OFFICIAL CLI APIs necessary to "signup users", "confirm signups", "change passwords", "verify phone numbers", "forgot passwords" etc. Surprisingly there is no CLI API mentioned for LOGINs. I was hoping there should be some CLI API like "$ aws cognito-idp log-in" just like there is for "$ aws cognito-idp sign-up" or for "$ aws cognito-idp forgot-password" etc.
也来自 本入门教程 讨论了*应该如何处理AFTER 用户成功验证后收到的令牌*".但是,它没有讨论如何首先使用 Cognito 用户池 API 进行成功的身份验证.示例仅适用于 Android、iOS、javascript SDK.对于没有 SDK 的平台,没有可用的身份验证示例.
Also from this getting started tutorial it talks about "*what should be done with tokens received AFTER successful authentication of a user*". However, it doesn't talk about HOW TO make the successful authentication happen on the first place with Cognito User Pool APIs. Examples are available only for Android, iOS, javascript SDKs. There are no authentication examples available for platforms which do not have SDKs.
因此,如何在没有官方 SDK 的平台上通过 Amazon Cognito REST API(用于用户池)进行登录?
Hence, How do i make logins happen via Amazon Cognito REST APIs (for user pools) on platforms for which there is no official SDK?
推荐答案
更新:
正如您在下面的评论中指出的,身份验证流程记录在此处:http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html.这可能有助于澄清身份验证流程
As you pointed out in the comments below, the authentication flow is documented here: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html. This might help to clarify the authentication flow
这有点违反直觉,但对于您不想让用户明确登录而是为用户随身携带令牌的移动应用程序来说确实有意义.请注意,适用于 iOS 的 AWS Userpools SDK 中有一个显式登录(登录)API.我没有使用过它,但我认为它只是一个备用的客户端 API,用于通过相同的 InitiateAuth() 和 RespondToAuthChallenge() 流程.此处记录了 iOS 登录示例 - IOS SDK 示例:登录用户
It is somewhat counter-intuitive, but it does make sense for mobile apps where you don't want to have the user explicitly sign in, but instead carry tokens around for the user. Note that there is an explicit signin (login) API in the AWS Userpools SDK for iOS. I have not used it, but I suppose it is just an alternate client side API to get through the same InitiateAuth() followed by a RespondToAuthChallenge() flow. The iOS signin example is documented here - IOS SDK Example: Sign in a User
原帖:
用于启动身份验证的 Cognito 用户池 API 文档是 此处可用
The Cognito User Pools API documentation for initiating auth is available here
如果您在其中一个 SDK 中实现用户池应用程序,那么它的工作方式会变得更加清晰(我在 Swift for iOS 中实现了一个,这很清楚,因为 JSON 响应的日志记录是冗长的,您可以看到什么是如果您查看日志,就会继续).
The way it works becomes clearer if you implement a user pools application in one of the SDK's (I did one in Swift for iOS, it is clarified because the logging of the JSON responses is verbose and you can kind of see what is going on if you look through the log).
但假设我理解您的问题:总而言之,您应该 InitiateAuth() 并且对此的响应(来自 Cognito 用户池服务器)是一个挑战.然后你做 RespondToAuthChallenge() (也在那个 API 文档中记录)并且对它的响应是一个身份验证结果 - 假设密码/会话/令牌被接受.
But assuming I understand your question: In summary you should InitiateAuth() and the response to that (from the Cognito User Pools server) is a challenge. Then you do RespondToAuthChallenge() (also documented in that API doc) and the response to that is an authentication result - assuming that the password / session / token were accepted.
我相信,这两件事的结合就是您所说的 LOGIN,它的工作原理类似于登录.在 API 中,它的设置方式是在用户未经身份验证时尝试获取用户信息启动 InitiateAuth() 并且(无论如何在 iOS 中)API 会回调您的代码写信询问密码,然后发送 RespondToAuthChallenge() 请求等
The combination of those two things is, I believe, what you are calling LOGIN, and it works like a login. In the API's, the way it is set up is that attempts to get user information when the user is unauthenticated kicks off that InitiateAuth() and (in iOS anyway) the API does a callback to the code you write to ask for passwords, and send a RespondToAuthChallenge() request etc.
这篇关于什么是用于登录 Amazon Cognito 用户池的 REST(或 CLI)API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
