问题描述
我想做的是将API网关设置为我的Lambda函数,以将其中的一些保存在DynamoDB中(或其他我想仅用于已登录用户的内容)。但是我不明白如何验证AccessToken以及如何从中获取用户。
What I am trying to do is to set up API Gateway to my Lambda function that saves some in DynamoDB (or other stuff that I want to be only for logged in users). But I do not understand how to validate AccessToken and how to get user from that.
我发现了这个,我决定尝试方法1。
I found this post on AWS forum and I decided to try approach 1.
Cognito用户池+ API网关+ API网关自定义授权方+ Cognito用户池访问令牌。
Cognito User Pools + API Gateway + API Gateway Custom Authorizer + Cognito User Pools Access Token.
现在我已经登录用户:
var authenticationData = {
Username : 'username', // your username here
Password : 'password', // your password here
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' + result.getAccessToken().getJwtToken());
....
和他的accessToken。我也在我的API中设置了自定义API Gateway Custom Authorizer
and his accessToken. I also set up custom API Gateway Custom Authorizer in my API call.
现在,我应该验证访问令牌并决定是允许还是拒绝方法调用,但是我不知道该怎么做以及如何从中检索用户。
Now I should validate the access token and decide whether to allow or deny method call. But I do not understand how to do that and how to retrieve user from the token?
推荐答案
请查看以下博客文章的示例代码:
Please take a look at the sample code on this blog post: https://mobile.awsblog.com/post/Tx3JK25U7Z9EUIU/Integrating-Amazon-Cognito-User-Pools-with-API-Gateway
这篇关于如何在AWS Lambda中验证Cognito访问令牌以允许网关API调用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!