AWSAPIGatewayAuthorizer与CognitoHostedUI配合工作，但与amazon-cognito-identity-js的access_token不兼容 _程序开发

AWSAPIGatewayAuthorizer与CognitoHostedUI配合工作，但与amazon-cognito-identity-js的access_token不兼容

创始人

2024-11-19 04:30:12

0次

1.确保在Cognito用户池中启用了“生成令牌（ID /访问）”选项。

2.确认您的身份验证授权器是否与正确的Cognito用户池和身份验证方法关联。

3.您可以使用以下代码示例来测试您的access_token：

const jwt = require('jsonwebtoken');
const jwksClient = require('jwks-rsa');

const jwksUrl = 'https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json';
const iss = `https://cognito-idp.${region}.amazonaws.com/${userPoolId}`;

const client = jwksClient({
  jwksUri: jwksUrl,
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 10
});

function getKey(header, callback) {
  client.getSigningKey(header.kid, function (err, key) {
    const signingKey = key.publicKey || key.rsaPublicKey;
    callback(null, signingKey);
  });
}

exports.handler = async (event) => {
  const token = event.authorizationToken.split(' ')[1];
  const options = {
    audience: clientId,
    issuer: iss,
    algorithms: ['RS256']
  };

  try {
    const decodedToken = jwt.verify(token, getKey, options);
    const userId = decodedToken.sub;

    return generatePolicy(userId, 'Allow', event.methodArn);
  } catch (err) {
    console.log(err);
    return generatePolicy('user', 'Deny', event.methodArn);
  }
};

function generatePolicy(principalId, effect, resource) {
  const authResponse = {};

  authResponse.principalId = principalId;
  if (effect && resource) {
    const policyDocument = {};
    policyDocument.Version = '2012-10-17';
    policyDocument.Statement = [];
    const statementOne = {};
    statementOne.Action = 'execute-api:Invoke';
    statementOne.Effect = effect;
    statementOne.Resource = resource;
    policyDocument.Statement[0] = statementOne;

上一篇：AWSApiGatewayattachexistingpolicy”改为中文并给出包含代码示例的解决方法。

下一篇：AWSAPIGatewayAuthorizer总是拒绝授权令牌

AWSAPIGatewayAuthorizer与CognitoHostedUI配合工作，但与amazon-cognito-identity-js的access_token不兼容

相关内容

热门资讯