amazon-cognito

问题 I have a cognito user pool and identity pool. I have created an user in user pool. I got the tokens i.e. access, refresh, id tokens using lambda for that user. Now I want to generate the temporary credentials i.e. access key and secrete access key for that user to access the aws services. How could I do this? This is piece of code i used to generate tokens. var authenticationDetails = new cognito.AuthenticationDetails(authenticationData); var userData = { Username : '*****', Pool : userPool }

问题 I have one Cognito User Pool with a custom attribute organisation_id. One Organisation may have multiple users. There can be multiple organisations. Another Dynamodb table is used to maintain Categories which has _id and organisation_id as partition key. Categories can be owned by Organisation so that users belong to that particular Organisation perform some operation in those categories only. Now, how can I create the IAM policy so that it takes the organisation_id instead of sub/user_id as

问题 I am not able to get custom attribute in ID_TOKEN returned from AWS Cognito after successful user login. Steps I tried : 1.Created user pool 2.Created app client and checked the custom attribute( customattrib1,customattrib2 ) User Pool screen : Check custom attribute in app client config 3.Created user using admin-create-user api Below image shows the value for user attributes: 4.Signed in user using aws-cognito-auth.js in client app.The ID token returned do not contain the custom attribute.

问题 I am not able to get custom attribute in ID_TOKEN returned from AWS Cognito after successful user login. Steps I tried : 1.Created user pool 2.Created app client and checked the custom attribute( customattrib1,customattrib2 ) User Pool screen : Check custom attribute in app client config 3.Created user using admin-create-user api Below image shows the value for user attributes: 4.Signed in user using aws-cognito-auth.js in client app.The ID token returned do not contain the custom attribute.

问题 I am using Pre Token Generation to update the claims of IdToken. I am successfully able to update claim using single key:value pair. Below is the sample example of that. event["response"] = {"claimsOverrideDetails":{"claimsToAddOrOverride":{"scope": "test.debug"}}} But when i am trying to add array of string inside that, it giving me internal server error (Response from AWS Cognito) Ex: event["response"] = {"claimsOverrideDetails":{"claimsToAddOrOverride":{"scope": ["test1","test2]}}} It is

问题 I am using AWS Cognito authentication for signing mechanism. In order to obtain the credentials(access,secret and session token), we need to obtain identity token. I am having username,password,clientId,userPoolId,identityPoolId information. However,when I try to generate the id token using USER_PASSWORD_AUTH as auth flow type I am getting the below error Caused by: com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException: Missing Authentication Token (Service:

问题 I'm using AWS Amplify for authentication in my app. I'm using email address as username and phone number for MFA. But, I also need the phone numbers to be unique, so I created this pre-signup lambda trigger: const aws = require('aws-sdk'); exports.handler = async (event, context, callback) => { const cognito = new aws.CognitoIdentityServiceProvider(); const params = { AttributesToGet: [], Filter: `phone_number = "${event.request.userAttributes.phone_number}"`, Limit: 1, UserPoolId: event

问题 It's a multi-tenant B2B SaaS application. How can I provide the Ability to provide Federated authentication with Tenant's corporate IdP for some tenants only if they choose to? For other tenants, basic UN/Password flow is required. Do I need to use a pool per tenant or a common pool should work here? Also, I am not planning to use the Identity pool but only the user pool as we do not need to give direct access to AWS resources. 来源： https://stackoverflow.com/questions/65621664/how-to-provide

问题 I'm working on auth between a Chrome Extension, Google Cloud Platform, and trying to send the id_token JWT to an AWS server to retrieve user data (and/or establish a session?). My question is this -- how can I prevent chrome extensions with tabs permissions from reading the GET request or the redirected URI which has the fully-validated user JWT? The JWT confirms that a user is who they are, but how do I know my Chrome Extension is the one making the request to my backend? I have a few ideas:

问题 I know that you can pass two provider tokens to merge them to use the same identity, but what if the user logs in through facebook on their ipad and then google on their phone? How do these get merged by aws federated identities? Is the user going to end up with 2 separate accounts? 回答1: To merge accounts as you described, the user has to pass both login tokens at some point, just once. Once it has been done, they only have to pass a single token on any future login and they will get the same