Amazon Cognito开发人员使用Java SDK验证身份 [英] Amazon Cognito developer authenticated identity with Java SDK

问题描述

我正在尝试使用开发人员验证的Cognito身份向AWS服务验证Java应用程序。这在AWS移动SDK中非常简单（文档），但我似乎无法在Java SDK中找到等效的类。

I am trying to authenticate a java app to AWS services using a developer-authenticated Cognito identity. This is very straightforward in the AWS mobile SDKs (documentation), but I can't seem to find the equivalent classes in the Java SDK.

我遇到的主要问题是Java SDK类（例如WebIdentityFederationSessionCredentialsProvider）要求客户端代码知道所假定角色的arn。使用移动SDK，它使用为联合身份配置的角色。这就是我更喜欢做的事情，但似乎Java SDK没有支持类。

The main issue I am having is that the Java SDK classes (such as WebIdentityFederationSessionCredentialsProvider) require the client code to know the arn of the role being assumed. With the mobile SDK, it uses the role configured for the federated identity. That's what I'd prefer to do, but it seems the Java SDK doesn't have the supporting classes for that.

推荐答案

杰夫的最后评论引导我回答。谢谢Jeff！

The last comment from Jeff led me to the answer. Thanks Jeff!

String cognitoIdentityId = "your user's identity id";
String openIdToken = "open id token for the user created on backend";

Map<String,String> logins = new HashMap<>();
logins.put("cognito-identity.amazonaws.com", openIdToken);
GetCredentialsForIdentityRequest getCredentialsRequest =
    new GetCredentialsForIdentityRequest()
    .withIdentityId(cognitoIdentityId)
    .withLogins(logins);
AmazonCognitoIdentityClient cognitoIdentityClient = new AmazonCognitoIdentityClient();
GetCredentialsForIdentityResult getCredentialsResult = cognitoIdentityClient.getCredentialsForIdentity(getCredentialsRequest);
Credentials credentials = getCredentialsResult.getCredentials();
AWSSessionCredentials sessionCredentials = new BasicSessionCredentials(
    credentials.getAccessKeyId(),
    credentials.getSecretKey(),
    credentials.getSessionToken()
);

AmazonS3Client s3Client = new AmazonS3Client(sessionCredentials);
...

这篇关于Amazon Cognito开发人员使用Java SDK验证身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！