在Appsync中,当使用cognito userpools和auth0作为身份提供者时,身份如下:
"identity": {
"claims": {
"sub": "2e4dd05d-12e8-4c3e-af37-a23198d4bdfa",
"cognito:groups": [
"ap-southeast-1_afHwI1Nss_auth0app"
],
"token_use": "access",
"scope": "aws.cognito.signin.user.admin openid profile email",
"auth_time": 1573038746,
"iss": "https://cognito-idp.ap-southeast-1.amazonaws.com/ap-southeast-1_afHwI1Nss",
"exp": 1573042346,
"iat": 1573038746,
"version": 2,
"jti": "0481d844-3d59-4406-b9c2-83799ef6c1ff",
"client_id": "<lots of numbers>",
"username": "auth0app_auth0|5d9c81872fce3b0ded382498"
},
"defaultAuthStrategy": "ALLOW",
"groups": [
"ap-southeast-1_afHwI1Nss_auth0app"
],
"issuer": "https://cognito-idp.ap-southeast-1.amazonaws.com/ap-southeast-1_afHwI1Nss",
"sourceIp": [
"<>"
],
"sub": "2e4dd05d-12e8-4c3e-af37-a23198d4bdfa",
"username": "auth0app_auth0|5d9c81872fce3b0ded382498"
},
当显示在客户端上时,此用户名根本没有用处。然而,在cognito中,当我检查该用户的属性时,我在配置中映射了一些额外的属性。
Groups ap-southeast-1_afHwI1Nss_auth0app
Account Status Enabled / EXTERNAL_PROVIDER
SMS MFA Status Disabled
Last Modified Nov 6, 2019 11:12:24 AM
Created Oct 25, 2019 8:41:01 AM
sub 2e4dd05d-12e8-4c3e-af37-a23198d4bdfa
identities [{"userId":"auth0|5d9c81872fce3b0ded382498","providerName":"auth0app","providerType":"OIDC","issuer":null,"primary":true,"dateCreated":1571992861820}]
name skillet
given_name skillet
email skillet@nope.com
picture <long-url>
知道我在带有withAuthenticatorHOC的客户端上使用aws-amplifier,我如何从appsync解析器上下文对象中访问这些属性,或者在标识对象中使用更友好的用户名?
AppSync本机支持OIDC身份验证。这应该允许您绕过Cognito并允许直接访问Auth0令牌。我个人没有尝试过使用Auth0,但这些Auth0文档和这些AppSync文档是一个很好的起点。