如何在自定义Cognito UI(JavaScript)中包含Google IDP。

huangapple go评论72阅读模式
英文:

How to include Google IDP in custom Cognito UI (JavaScript)

问题

我正在尝试使用JavaScript重新创建AWS Cognito托管UI(因为我需要国际化)。我使用AWS JavaScript SDK V3。

我的解决方案在用户名/密码登录时运行正常。但在包括外部IDP方面,我遇到了问题。

我按照此处描述的方式配置了Google https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html,并且在托管UI中正常工作。

当我将自己的UI用作回调时,UI会被调用,并带有一个新的URL参数“code”。我不知道在哪里/如何使用此参数来获取Cognito令牌。似乎我用于用户名/密码身份验证的InitiateAuthCommand不是使用代码的正确位置,但我找不到更适合的功能。

有人以前做过这个吗?

英文:

I'm trying to recreate the AWS Cognito Hosted UI in JavaScript (as I need I18N). I use the AWS JavaScript SDK V3.

My solution works fine with username/password logins. But I'm stuck with including external IDPs.

I configured Google described here https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html and it works fine with the Hosted UI.

When I enter my own UI as callback, the UI get's called with a new URL parameter "code". I have no clue where/how to use this parameter to get cognito tokens. It' doesn't seem like the InitiateAuthCommand I use for username/password auth is the correct place to use the code, but I can't find a better suited function.

Anyone done this before?

答案1

得分: 2

你收到的那个代码是一个代码授权,因为登录URL使用了 response_type=code。你可以使用令牌端点来交换该代码以获取令牌,可以在令牌端点文档中看到示例:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token&
        Content-Type='application/x-www-form-urlencoded'&                
        grant_type=authorization_code&
        client_id=1example23456789&
        code=AUTHORIZATION_CODE&
        redirect_uri=com.myclientapp://myclient/redirect

如果查看授权端点文档response_type 参数可以是 codetoken,如果使用 token,它会返回一个隐式授权:

隐式授权是Amazon Cognito附加到重定向URL的ID和访问令牌。隐式授权不够安全,因为它将令牌和潜在的标识信息暴露给用户。你可以在应用程序客户端的配置中停用对隐式授权的支持。

英文:

That code you receive is a code grant as the Login URL is using response_type=code. You can exchange that code for the tokens using the token endpoint, see an example in the Token endpoint documentation:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token&
        Content-Type='application/x-www-form-urlencoded'&                
        grant_type=authorization_code&
        client_id=1example23456789&
        code=AUTHORIZATION_CODE&
        redirect_uri=com.myclientapp://myclient/redirect

If you check the authorize endpoint documentation the response_type parameter can be code or token, if you use token it returns an implicit grant:

> An implicit grant is an ID and access token that Amazon Cognito appends to your redirect URL. An implicit grant is less secure because it exposes tokens and potential identifying information to users. You can deactivate support for implicit grants in the configuration of your app client.

huangapple
  • 本文由 发表于 2023年3月9日 23:18:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75686599.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定