AWS Cognito访问令牌Javascript

Question

我使用帐户链接与Alexa，并得到一个accessToken回来。我正在使用AWS Cognito进行身份验证。我的假设是accessToken是AWS Cognito的令牌--但是我如何使用它呢？我需要得到CognitoUser的信息。我见过使用Facebook SDK的示例，简单地说Fb.setToken(accessToken)很愚蠢，但我找不到对应的Cognito。我遗漏了什么？!

Answer 1

我来晚了一点，但您可以从URL获取AWS Cognito JSON Web Token (JWT)响应，并对其进行解码以获取用户数据：

$( document ).ready(function() {


    var pageURL = window.location.href;
    pageURL = pageURL.toString();

    // Gets url strings
    var paramIndex = pageURL.indexOf("#"); // When page is hosted on the web, use '?'
    if (paramIndex === -1) {
        return;
    }
    // Gets url parameters from AWS Cognito response including the 'access token'
    var parameters = pageURL.substring(paramIndex + 1);

    console.log(" page url: " + pageURL);
    console.log(" url parameters: " + parameters);

    // Extracts the encoded tokens from url parameters
    var idToken = getParameter(parameters, "id_token=");
    var accessToken = getParameter(parameters, "access_token=");
    console.log("id token: " + idToken);
    console.log("access token: " + accessToken);

    // Decodes the tokens
    var idTokenDecoded = atob(idToken.split('.')[1]);
    var accessTokenDecoded = atob(accessToken.split('.')[1]);
    console.log("id token decoded: " + idTokenDecoded);
    console.log("access token decoded: " + accessTokenDecoded);

    // Converts string tokens to JSON
    var idTokenJson = JSON.parse(idTokenDecoded);
    var accessTokenJson = JSON.parse(accessTokenDecoded);

    // Can now access the fields as such using the JSON.parse()
    console.log("email: " + idTokenJson.email);
    console.log("id: " + idTokenJson.sub);
});

/**
 * Takes the url parameters and extracts the field that matches the "param" 
 * input.
 * @param {type} url, contains URL parameters
 * @param {type} param, field to look for in url
 * @returns {unresolved} the param value.
 */
function getParameter(url, param) {
    var urlVars = url.split('&');
    var returnValue;
    for (var i = 0; i < urlVars.length; i++) {
        var urlParam = urlVars[i];

        // get up to index.
        var index = urlParam.toString().indexOf("=");
        urlParam = urlParam.substring(0, index + 1);
        if (param === urlParam) {
            returnValue = urlVars[i].replace(param, "");
            i = urlVars.length; // exits for loop
        }
    }
    return returnValue;
}

Answer 2

这是我的身份验证流，只使用cognito，对我来说很好：

  var authenticationData = {
    Username: document.getElementById("user").value,
    Password: document.getElementById("password").value
  };

  var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);

  var poolData = {
    UserPoolId: AWSConfiguration.UserPoolId,
    ClientId: AWSConfiguration.ClientAppId
  };

  userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

  var userData = {
    Username: document.getElementById("user").value,
    Pool: userPool
  };

  var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);

  cognitoUser.authenticateUser(authenticationDetails, {

  // authenticate here

Answer 3

只需解码Alexa skill Lambda函数中的Cognito访问令牌。

https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt

I此外，您可以通过使用预令牌生成Lambda触发器在用户身份验证时向该jwt令牌添加属性：

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html