问题描述
我对Cognito的理解是,它可以代替本地Django管理数据库来对网站的用户进行身份验证.但是,我找不到带有通过Cognito登录屏幕的基本"Hello,World"应用程序的任何示例.如果有人可以逐步发表文章,说明如何创建Hello World Django应用和Cognito用户池,然后如何使用对AWS的调用替换Django中的默认身份验证,我将不胜感激Cognito.
My reading of Cognito is that it can be used in place of a local Django admin database to authenticate users of a website. However I am not finding any soup-to-nuts examples of a basic "Hello, World" app with a login screen that goes through Cognito. I would very much appreciate it if someone could post an article that shows, step-by-step, how to create a Hello World Django app and a Cognito user pool, and then how to replace the default authentication in Django with a call to AWS Cognito.
尤其是我需要知道如何从Cognito管理站点收集信息,这是建立对Cognito API的调用以验证用户身份所必需的.
In particular I need to know how to gather the information from the Cognito admin site that is needed to set up a call to Cognito API to authenticate a user.
有两种情况需要考虑:App用户登录到App,以及Admin登录到站点的django Admin URL.我假设我想在两种情况下都使用Cognito,否则我将在Admin URL使用较弱的登录技术时留下一个潜在的漏洞.
There are two cases to consider: App user login to App, and Admin login to django Admin URL of site. I assume that I would want to use Cognito for both cases, otherwise I am leaving a potential hole where the Admin URL is using a weaker login technology.
AWS论坛和StackExchange上的当前答案是:
(1)使用Cognito认证网站是浪费时间,仅用于访问AWS资源
(1) It is a waste of time to use Cognito for authenticating a website, it is only for access to AWS resources
(2)这不是浪费时间.我要放弃了.我所做的只是创建一个示例Cognito用户池和用户组,以及在Web上搜索该用例的正确示例.(没有找到,否则我不会写.)
(2) It is not a waste of time. I am about to give up. I have gone as far as creating a sample Cognito user pool and user groups, and of scouring the web for proper examples of this use case. (None found, or I wouldn't be writing.)
(3) https://github.com/capless/warrant , https://github.com/metametricsinc/django-warrant 是aws论坛中的两种可能的解决方案.
(3) https://github.com/capless/warrant, https://github.com/metametricsinc/django-warrant are two possible solution from the aws forums.
推荐答案
如果您正在阅读此书,则可能用Google搜索了"aws cognito django" xD.
If you are reading this, you probably googled "aws cognito django" xD.
我只想分享我所做的事情,以便使该功能生效:
I just want to share what I did in order to get this thing to work:
- Django-Warrant .伟大的aws cognito包装程序包.
- 确保了解您当前的用户模型结构.如果您使用自定义用户模型,请不要忘记使用
COGNITO_ATTR_MAPPING
设置对其进行映射. -
更改身份验证以支持第三方连接.当您从客户端获取一些Cognito令牌时,请使用oAuth/JWT/Session将其转换为您自己的令牌.
- Django-Warrant. Great aws cognito wrapper package.
- Make sure to understand your current User model structure. If you use custom user model, don't forget to map it using
COGNITO_ATTR_MAPPING
setting. Change your authentication to support 3rd party connectivity. When you get from the client some Cognito token, convert it into your own token using oAuth/JWT/Session.
重新考虑您的登录/注册过程.您想要其他注册吗?django-warrant软件包支持它...
Rethink your login/register process. Do you want different registration? The django-warrant package supports it...
最终,这是用于快速身份验证的 GREAT 解决方案.
At the end of the day, this is a GREAT solution for fast authentication.
这篇关于AWS Cognito作为网站的Django身份验证后端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!