我正在做一个全栈项目。我使用AWS cognito来完成认证部分。在前端,我能成功获取idToken并放入方法header中。下面是get方法代码:
Axios.get(`url`, {
headers: {
'Authorization': Token
}
})
在后端,我使用AWS api网关和lambda。据我所知,如果我想在lambda中获得令牌,我必须在APIgateway的Integration Request中设置映射模板。这是我写的,但我无法获得idToken。有人知道获取idToken的正确方法吗?
{
"idToken":"$context.authorizer.claims.authorization"
}
我自己结束了这个问题。经过我的搜索,如果你使用AWS认证认知,你想获得令牌中的属性,请参考这个文档:
idToken palyloadhttps://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.htmlAPI网关映射模板:https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html context-variable-reference .
示例:如果您想从id令牌中获取userName,在映射模板上,它应该是:
{
"userName" : "$context.authorizer.claims['cognito:username']"
}
当使用节点lambda函数获取访问apiGateway的用户的用户详细信息时,我仍然在努力解决这个问题,这些详细信息都使用相同的模板配置。yml
这是我的解决方案:
设置我的模板。yml
GetMethod:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/getMethod.js
Handler: getMethod.handler
Runtime: nodejs14.x
Timeout: 60
Policies:
- DynamoDBReadPolicy:
TableName: !Ref SomeTable
Events:
ApiEvent:
Type: Api
Properties:
Path: /some/path
Method: get
Auth:
Authorizer: SomeApiCognitoAuthorizer
RestApiId:
Ref: SomeApiGateway
SomeApiGateway:
Type: AWS::Serverless::Api
Properties:
StageName: {Get this from cognito}
Cors: #"'*'"
AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
AllowMethods: "'GET,PUT,POST,OPTIONS'"
AllowOrigin: "'*'"
Auth:
Authorizers:
SomeApiCognitoAuthorizer:
UserPoolArn:
- {Get this from the cognito settings}
Identity:
Header: "Authorization"
然后设置Lambda函数src/getMethod.js
exports.handler = async(event, context) => {
console.log(event.requestContext.authorizer.claims);
}
运行部署
sam package --template-file template.yml --output-template-file package.yml --s3-bucket {BLAH} --region eu-west-1 --profile {aws profile}
sam deploy --template-file package.yml --stack-name {BLAH} --capabilities CAPABILITY_IAM --region eu-west-1 --profile {aws profile}
然后在Function上查看cloudwatch