Amazon cognito 如何创建Cognito用户并获取他们的accountId或cognitoIdentityId?
我正在将Appsync与AWS_IAM授权类型一起使用。用户的标识在$context中提供。冲突解决程序的标识:Amazon cognito 如何创建Cognito用户并获取他们的accountId或cognitoIdentityId?,amazon-cognito,aws-amplify,aws-appsync,Amazon Cognito,Aws Amplify,Aws Appsync,我正在将Appsync与AWS_IAM授权类型一起使用。用户的标识在$context中提供。冲突解决程序的标识: { "accountId": "123456789", "cognitoIdentityAuthProvider": "\"cognito-idp.eu-west-1.amazonaws.com/eu-west-1_ABCDABCD\",\"cognito-idp.eu-west-1.
{
"accountId": "123456789",
"cognitoIdentityAuthProvider": "\"cognito-idp.eu-west-1.amazonaws.com/eu-west-1_ABCDABCD\",\"cognito-idp.eu-west-1.amazonaws.com/eu-west-1_ABCDABCD:CognitoSignIn:SomeGuid\"",
"cognitoIdentityAuthType": "authenticated",
"cognitoIdentityId": "eu-west-1:SomeGuid",
"cognitoIdentityPoolId": "eu-west-1:SomeGuid",
"sourceIp": [
"123.456.78.9"
],
"userArn": "arn:aws:sts::123456789:assumed-role/some-role-name/CognitoIdentityCredentials",
"username": "ABCD1234:CognitoIdentityCredentials"
}
目前,我正在使用cognitoIdentityId作为应用程序中用户的主要标识符。如果需要,我很乐意切换到accountId。我唯一的要求是主标识符来自上面显示的identity对象,因为我不想仅仅为了获得ID而添加额外的请求
问题是:我有一个工作流,要求用户在登录和使用应用程序之前存在。所以我需要创建用户并为其分配数据。在接下来的某个地方,用户可能会第一次登录,并且应该能够访问分配给用户的数据
我可以在Cognito中创建用户,但我似乎找不到一种方法来检索或生成最终登录到应用程序时用户的accountId或cognitoIdentityId。请帮忙
编辑#1
我发现accountId与用户身份无关。它是部署服务的AWS用户的accountId(Appsync或Cognito,我不知道)。所以对所有用户来说都是一样的
因此,我的问题仍然是,在Cognito用户池中创建用户的cognitoIdentityId后,如何生成或检索该用户的cognitoIdentityId?我想出了一个解决方案,该解决方案本质上是以用户身份登录以获取Cognito标识ID:
import { config, CognitoIdentityServiceProvider, CognitoIdentity } from 'aws-sdk';
config.update({
region: process.env.REGION,
apiVersions: {
cognitoidentityserviceprovider: '2016-04-18',
cognitoidentity: '2014-06-30',
// other service API versions
}
});
export async function createUser(name: string, given_name: string, family_name: string, phone_number: string) {
var cognitoidentityserviceprovider = new CognitoIdentityServiceProvider();
var params = {
UserPoolId: process.env.USER_POOL_ID,
Username: phone_number, /* required */
MessageAction: "SUPPRESS",
UserAttributes: [
{
Name: 'name', /* required */
Value: name
},
{
Name: 'given_name', /* required */
Value: given_name
},
{
Name: 'family_name', /* required */
Value: family_name
},
{
Name: 'phone_number', /* required */
Value: phone_number
},
{
Name: "phone_number_verified",
Value: "true"
}
]
};
console.log("adminCreateUser")
let adminCreateUserResonse: CognitoIdentityServiceProvider.AdminCreateUserResponse = await new Promise(resolve => {
cognitoidentityserviceprovider.adminCreateUser(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
console.log(data); // successful response
console.log("adminCreateUser complete")
resolve(data)
}
})
});
let identity: CognitoIdentity.GetIdResponse = await new Promise(resolve => {
setPassword(phone_number, resolve)
});
let user_attributes = adminCreateUserResonse.User.Attributes
let sub = user_attributes.find(a => a.Name == "sub")
}
function setPassword(phone_number: string, resolve: any) {
var cognitoidentityserviceprovider = new CognitoIdentityServiceProvider();
let password = generator.generate({
length: 32,
numbers: true,
symbols: true,
lowercase: true,
uppercase: true
});
var setPasswordParams = {
Password: password, /* required */
UserPoolId: process.env.USER_POOL_ID, /* required */
Username: phone_number, /* required */
Permanent: true
};
console.log("adminSetUserPassword")
cognitoidentityserviceprovider.adminSetUserPassword(setPasswordParams, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
console.log(data); // successful response
console.log("adminSetUserPassword complete")
initiateAuth(phone_number, password, resolve)
}
})
}
function initiateAuth(phone_number: string, password: string, resolve: any) {
var cognitoidentityserviceprovider = new CognitoIdentityServiceProvider();
let initiateAuthParams = {
AuthFlow: "ADMIN_USER_PASSWORD_AUTH",
AuthParameters: {
"USERNAME" : phone_number,
"PASSWORD" : password
},
UserPoolId: process.env.USER_POOL_ID, /* required */
ClientId: process.env.CLIENT_ID
}
console.log("adminInitiateAuth")
cognitoidentityserviceprovider.adminInitiateAuth(initiateAuthParams, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
console.log(data); // successful response
console.log("adminInitiateAuth complete")
getId(data, resolve)
}
})
}
function getId(data: CognitoIdentityServiceProvider.AdminInitiateAuthResponse, resolve: any) {
const cognitoidentity = new CognitoIdentity()
let login_provider = "cognito-idp." + process.env.REGION + ".amazonaws.com/" + process.env.USER_POOL_ID
console.log("login_provider: " + login_provider)
let getIdParams = {
"AccountId": process.env.AWS_ACCOUNT_ID,
"IdentityPoolId": process.env.IDENTITY_POOL_ID,
"Logins": {}
}
getIdParams.Logins[login_provider] = data.AuthenticationResult.IdToken
console.log("getId")
cognitoidentity.getId(getIdParams, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
console.log(data); // successful response
console.log("getId complete")
resolve(data)
}
})
}
您是否检查了Auth.signing方法?它为您提供了识别用户所需的一切,我不太愿意在后端使用Amplify。但是,看起来我必须以用户身份登录才能做到这一点。我目前正在尝试使用Cognito AdminInitiateAuth来完成此操作。如果您使用的是Cognito用户池,那么如果您在API上具有用户池授权,则可以在应用程序中使用用户池子项作为标识符。您不需要将您的用户池与Cognito联合身份联合以获得AWS凭据。