【发布时间】:2018-05-17 09:16:58
【问题描述】:
我有一个认知用户池,我可以使用以下代码成功登录我的应用程序:
const authData = {
ClientId : '2222222222222', // Your client id here
AppWebDomain : '1111111111.auth.us-east-1.amazoncognito.com',
TokenScopesArray : ['openid'],
RedirectUriSignIn : 'https://app.domain.com',
RedirectUriSignOut : 'https://app.domain.com'
};
const CognitoAuth = AmazonCognitoIdentity.CognitoAuth;
const auth = new CognitoAuth(authData);
auth.userhandler = {
/**onSuccess: <TODO: your onSuccess callback here>,
onFailure: <TODO: your onFailure callback here>*/
onSuccess: function(result: any) {
console.log("COGNITO SUCCESS!");
console.log(result);
},
onFailure: function(err: any) {
console.log("COGNITO FAIL!");
console.log(err);
}
};
auth.getSession();
const curUrl = window.location.href;
auth.parseCognitoWebResponse(curUrl);
我现在有一个身份验证对象,我想将它转换为我拥有的 aws-sdk 的某种凭证,以便我可以将项目列出到 S3 存储桶中,假设我附加的角色中的策略是正确的。
类似这样,但意识到这不起作用:
AWS.config.credentials = auth.toCredentials(); //<== hoping for magic
const s3 = new AWS.S3();
s3.listObjectsV2(listObjectsV2Params, function(err: any, data: any) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data.Contents[0]); // successful response
});
这可能吗?如果可以,我该怎么做?
UDPATE
已接受的答案有效,而且帮助很大,根据我遇到的麻烦添加了一些补充内容。
const creds = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:b111111-1111-1111-1111-1111111', // <-- This is in your Federated Identity if you have that set up, you have to "edit" the identity pool to get it, logging into cognito its a different screen.
Logins: {
"cognito-idp.us-east-1.amazonaws.com/us-east-1_BBBB1BBBBV2B": result.idToken.jwtToken // <- this login [POOL ID] is not the pool ARN, you need it in this format.
}
});
【问题讨论】:
-
感谢您的更新,看到具有逼真示例值的实际示例非常有用,因为正如您在 cmets 中提到的,值的确切格式可能难以从官方文档(使用
之类的占位符)。
标签: javascript aws-cognito aws-sdk-js