【发布时间】:2022-11-10 07:39:45
【问题描述】:
我的无服务器 YML 创建了一个 Cognito 池和客户端
resources:
Resources:
CognitoUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${self:provider.stage}_pool
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
- Name: verified_phone_number
Priority: 2
AdminCreateUserConfig:
UnusedAccountValidityDays: 30
AutoVerifiedAttributes:
- email
UsernameAttributes:
- email
- phone_number
MfaConfiguration: OFF
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: True
RequireNumbers: True
RequireSymbols: True
RequireUppercase: True
Schema:
- Name: email
AttributeDataType: String
Mutable: false
Required: true
UserPoolTags:
env: ${self:provider.stage}
CognitoUserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
DependsOn:
- CognitoUserPoolIdentityProvider
Properties:
AllowedOAuthFlows:
- code
- implicit
AllowedOAuthFlowsUserPoolClient: true
AllowedOAuthScopes:
- email
- profile
- phone
- openid
- aws.cognito.signin.user.admin
CallbackURLs:
- http://localhost:3000/oauth/login
ClientName: ${self:provider.stage}_retailer_client
EnableTokenRevocation: true
ExplicitAuthFlows:
- ALLOW_ADMIN_USER_PASSWORD_AUTH
- ALLOW_CUSTOM_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
- ALLOW_USER_PASSWORD_AUTH
- ALLOW_USER_SRP_AUTH
GenerateSecret: False
LogoutURLs:
- http://localhost:3000/oauth/logout
PreventUserExistenceErrors: LEGACY
SupportedIdentityProviders: [ "COGNITO", "Google" ]
UserPoolId:
Ref: CognitoUserPool
CognitoUserPoolDomain:
Type: "AWS::Cognito::UserPoolDomain"
Properties:
CustomDomainConfig:
CertificateArn: arn:aws:acm:us-east-1:256645674595:certificate/b6bd7asd1-a8ca-6d19-92a2-cf1s4fsa9a3ha
Domain: "auth.whatnerds.com"
UserPoolId:
Ref: CognitoUserPool
CognitoUserPoolIdentityProvider:
Type: AWS::Cognito::UserPoolIdentityProvider
Properties:
ProviderName: Google
AttributeMapping:
email: email
email_verified: email_verified
family_name: family_name
given_name: given_name
name: name
username: sub
ProviderDetails:
client_id: CLIENT_ID
client_secret: SECRET_ID
authorize_scopes: profile email openid
ProviderType: Google
UserPoolId:
Ref: CognitoUserPool
我正在尝试通过 environment 参数将我的用户池 ID 和用户池客户端 ID 导出到我的 lambda:
provider:
name: aws
runtime: nodejs12.x
environment:
USER_POOL_ID: !Ref CognitoUserPool
CLIENT_ID: !Ref CognitoUserPoolClient
REGION: ca-central-1a
我的 Lambda 环境配置如下所示:
我的 lambda 调用的响应是引发错误,其中 UserPool ID 和客户端 ID 被读取为 [object Object] 并引发错误。
铬错误:
{"message":"2 validation errors detected: Value '[object Object]' at 'clientId' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\w+]+; Value '[object Object]' at 'userPoolId' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\w-]+_[0-9a-zA-Z]+","code":"InvalidParameterException","time":"2022-06-25T15:39:58.851Z","requestId":"5b1ad21d-218a-4cd0-9475-f89b8ec1fc28","statusCode":400,"retryable":false,"retryDelay":49.39420786096056}
对我可能做错的任何建议?
【问题讨论】:
-
您是否找到任何解决方法?
标签: javascript amazon-web-services aws-lambda amazon-cognito serverless