我想允许用户在字段中输入他们的用户名/密码。继续后,我想运行一个检查,看看该用户是否已经存在于用户池中。如果他们这样做了,请登录并继续使用应用程序,如果他们不这样做,则转到帐户创建流程,在那里他们将被指示添加姓名、电话号码、电子邮件等。
我找不到关于如何使用AWS Cognito让用户登录的文档。我应该能够在呼叫中传递用户名/密码,并得到一个回复,说用户存在/用户不存在或其他什么!我是不是遗漏了什么?
如有任何帮助,我们将不胜感激。我查过文件了。。。
要检查用户是否存在,只需要用户名。
因此,对于您的场景,在用户输入用户名和密码后触发下面的myMethod()。这将
- 检查用户名是否已在用户中
- 如果用户名存在,请执行登录
- 如果用户名不存在,请创建帐户
/**
* let's say you call this method when user enters username and password
* @param context context
* @param identityProvider cognito client
* @param username user entered username
* @param password user entered password
* @return
*/
private void myMethod(Context context, AWSCognitoIdentityProvider identityProvider, String username, String password) {
boolean userExists = userExists(context, identityProvider, username);
if(userExists) {
// perform sign in with provided password
} else {
// create account
}
}
/**
* @param context context
* @param identityProvider cognito client
* @param username user entered username
* @return true if username is already in use, false otherwise
*/
private boolean userExists(Context context, AWSCognitoIdentityProvider identityProvider, String username) {
LambdaLogger logger = context.getLogger();
try {
AdminGetUserRequest getUserRequest = new AdminGetUserRequest();
getUserRequest.setUserPoolId("cognitoPoolId");
getUserRequest.setUsername(username);
AdminGetUserResult getUserResult = identityProvider.adminGetUser(getUserRequest);
return true;
} catch (UserNotFoundException userNotFoundException) {
logger.log("UserNotFoundException! " + userNotFoundException.toString());
return false;
} catch (Exception e) {
return false;
}
}
我不必每次都对Cognito用户池进行全面扫描,而是使用Cognito的功能来触发事件。对于您的用例,Cognito可以运行Lambda。您对"迁移用户"触发器感兴趣。基本上,当用户试图通过Cognito登录到您的系统,并且池中不存在该用户时,会触发一个触发器,让您登录该用户并将其迁移到Cognito。
收到的数据看起来像:
{
"version": "1",
"triggerSource": "UserMigration_Authentication",
"region": "us-west-2",
"userPoolId": "us-west-2_abcdef",
"userName": "theusername@example.com",
"callerContext": {
"awsSdkVersion": "aws-sdk-unknown-unknown",
"clientId": "yourclientid"
},
"request": {
"password": "theuserpassword",
"validationData": null,
"userAttributes": null
},
"response": {
"userAttributes": null,
"forceAliasCreation": null,
"finalUserStatus": null,
"messageAction": null,
"desiredDeliveryMediums": null
}
}
您的Lambda将使用此信息,并最终获取用户名和密码并确定其是否有效。如果是,您将在response.userAttributes字段中返回信息,以及是否要发送Cognito欢迎电子邮件(messageAction(和其他一些值。例如,您可以发回:
{
"version": "1",
"triggerSource": "UserMigration_Authentication",
"region": "us-west-2",
"userPoolId": "us-west-2_abcdef",
"userName": "theusername@example.com",
"callerContext": {
"awsSdkVersion": "aws-sdk-unknown-unknown",
"clientId": "yourclientid"
},
"request": {
"password": "theuserpassword",
"validationData": null,
"userAttributes": null
},
"response": {
"userAttributes": { "email":"theusername@example.com",
"email_verified": "true" }
"forceAliasCreation": null,
"finalUserStatus": "CONFIRMED",
"messageAction": "SUPPRESS",
"desiredDeliveryMediums": null
}
}
你的Lambda在Java:中会是这样的
public class MigrateUserLambda implements RequestStreamHandler {
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context) throws IOException {
LambdaLogger logger = context.getLogger();
ObjectMapper objectMapper = new ObjectMapper();
JsonNode rootNode = objectMapper.readTree(inputStream);
logger.log("input is " + objectMapper.writeValueAsString(rootNode));
String email = rootNode.path("email").asText();
String password = rootNode.path("request").path("password").asText();
// verify user name and password in MySQL. If ok...
String triggerSource = rootNode.path("triggerSource").asText();
if( triggerSource.equals("UserMigration_Authentication")) {
JsonNode responseNode = rootNode.path("response");
if (responseNode != null) {
((ObjectNode) responseNode).with("userAttributes").put("username", "theusername@example.com" );
((ObjectNode) responseNode).with("userAttributes").put("email_verified", "true" );
((ObjectNode) responseNode).put("messageAction", "SUPPRESS");
((ObjectNode) responseNode).put("finalUserStatus", "CONFIRMED");
}
}
String output = objectMapper.writeValueAsString(rootNode);
OutputStreamWriter writer = new OutputStreamWriter(outputStream, StandardCharsets.UTF_8);
writer.write(output);
logger.log("sending back " + output);
writer.close();
}
}
要列出用户,可以使用AWS Java SDK:
public static void list() {
AwsBasicCredentials awsCreds = AwsBasicCredentials.create(AWS_KEY,
AWS_SECRET);
CognitoIdentityProviderClient identityProviderClient =
CognitoIdentityProviderClient.builder()
.credentialsProvider(StaticCredentialsProvider.create(awsCreds))
.region(Region.of(REGION))
.build();
final ListUsersRequest listUsersRequest = ListUsersRequest.builder()
.userPoolId(POOL_ID)
.build();
ListUsersResponse result = identityProviderClient.listUsers(listUsersRequest);
System.out.println("Has users:"+result.hasUsers());
result.users().stream().map(u->u.username()).forEach(System.out::println);
}
它需要下一个依赖项(请使用最新版本(:
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>aws-core</artifactId>
<version>2.13.57</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>cognitoidentityprovider</artifactId>
<version>2.13.57</version>
</dependency>
下面是一个关于如何从Java登录用户的代码示例。