AWS Cognito:生成令牌并在使用 amazon-cognito-identity-js SDK 刷新它之后
AWS Cognito: Generate token and after refresh it with amazon-cognito-identity-js SDK
我正在使用 amazon-cognito-identity-js 实现 node.js 后端。
我想创建一个 login(username, password) 和 refreshToken(token) API。
这是我的代码:
import { AuthenticationDetails, CognitoUser, CognitoUserPool, CognitoRefreshToken } from "amazon-cognito-identity-js"
public loginWithAmazonCognitoIdentity (username: string, password: string){
var authenticationData = {
Username : username,
Password : password,
};
var authenticationDetails = new AuthenticationDetails(authenticationData);
var poolData = { UserPoolId : 'eu-north-1_xxxxxx',
ClientId : '3al0l3mhcxxxxxqgnp789987'
};
var userPool = new CognitoUserPool(poolData);
var userData = {
Username : username,
Pool : userPool
};
var cognitoUser = new CognitoUser(userData);
const user = cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
var accessToken = result.getAccessToken().getJwtToken();
console.log("token: " + accessToken);
var refresh = result.getRefreshToken().getToken();
console.log("RefreshToken: " + refresh);
},
onFailure: function(err) {
console.error(err);
},
});
}
这个函数returns一个accessToken和一个refreshToken没有错误。
在此之后,我实现了这个功能:
public refreshToken(refreshToken)
var poolData = { UserPoolId : 'eu-north-1_xxxxxx',
ClientId : '3al0l3mhcxxxxxqgnp789987'
};
var userPool = new CognitoUserPool(poolData);
var userData = {
Username : 'lacucudi',
Pool : userPool
};
var cognitoUser = new CognitoUser(userData);
var token = new CognitoRefreshToken({ RefreshToken: refreshToken })
cognitoUser.refreshSession(token, (err, session) => { if (err) {console.log(err)} else console.log('session: ' + JSON.stringify(session)) });
}
但是传递之前检索到的 refreshToken returns an:
NotAuthorizedException: Invalid Refresh Token.
谁能告诉我这两个 api 的正确后端实现是什么?
我是这样解决的:
import Amplify, { Auth } from "aws-amplify";
import {
AdminCreateUserCommand,
AdminSetUserPasswordCommand,
AuthFlowType,
CognitoIdentityProviderClient,
CognitoIdentityProviderClientConfig,
GetUserCommand,
InitiateAuthCommand,
MessageActionType,
RevokeTokenCommand,
} from "@aws-sdk/client-cognito-identity-provider";
public async login(username: string, password: string): Promise<AuthTokens> {
if (!username || !password) {
throw new HttpException(400, "Please provide both username and password");
}
Amplify.configure({ Auth: config.auth });
const user = await Auth.signIn(username, password);
if (!user.signInUserSession) {
throw new HttpException(500, `Could not authenticate user ${username}`);
}
const {
signInUserSession: {
accessToken: { jwtToken: access_token },
idToken: { jwtToken: id_token },
refreshToken: { token: refresh_token },
},
} = user;
return {
id_token,
access_token,
refresh_token,
};
}
public async refresh(refresh_token: string): Promise<AuthTokens> {
if (!refresh_token) {
throw new HttpException(400, "Please provide a refresh token");
}
const refreshTokenAuth = new InitiateAuthCommand({
ClientId: config.auth.userPoolWebClientId,
AuthFlow: AuthFlowType.REFRESH_TOKEN_AUTH,
AuthParameters: {
REFRESH_TOKEN: refresh_token,
},
});
const response = await this.client.send(refreshTokenAuth);
const {
AuthenticationResult: { AccessToken, IdToken },
} = response;
return {
refresh_token,
access_token: AccessToken,
id_token: IdToken,
};
}
public async logout(refreshToken: string): Promise<boolean> {
if (!refreshToken) {
throw new HttpException(400, "Please provide a refresh token");
}
try {
const command = new RevokeTokenCommand({
ClientId: config.auth.userPoolWebClientId,
Token: refreshToken,
});
const response = await this.client.send(command);
const { httpStatusCode } = response.$metadata;
return httpStatusCode == 200 ?? true;
} catch (e) {
logger.error(e);
throw new HttpException(500, e);
}
}
我使用 aws-amplify 进行登录,aws-sdk/client-cognito-identity-provider 进行其他操作。
NotAuthorizedException: Invalid Refresh Token
由于在 Cognito 设置中启用了设备跟踪选项,因此返回了错误消息。
AWS 提供的服务给出错误的错误消息并且相关文档很少
真是不可思议
我正在使用 amazon-cognito-identity-js 实现 node.js 后端。
我想创建一个 login(username, password) 和 refreshToken(token) API。
这是我的代码:
import { AuthenticationDetails, CognitoUser, CognitoUserPool, CognitoRefreshToken } from "amazon-cognito-identity-js"
public loginWithAmazonCognitoIdentity (username: string, password: string){
var authenticationData = {
Username : username,
Password : password,
};
var authenticationDetails = new AuthenticationDetails(authenticationData);
var poolData = { UserPoolId : 'eu-north-1_xxxxxx',
ClientId : '3al0l3mhcxxxxxqgnp789987'
};
var userPool = new CognitoUserPool(poolData);
var userData = {
Username : username,
Pool : userPool
};
var cognitoUser = new CognitoUser(userData);
const user = cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
var accessToken = result.getAccessToken().getJwtToken();
console.log("token: " + accessToken);
var refresh = result.getRefreshToken().getToken();
console.log("RefreshToken: " + refresh);
},
onFailure: function(err) {
console.error(err);
},
});
}
这个函数returns一个accessToken和一个refreshToken没有错误。
在此之后,我实现了这个功能:
public refreshToken(refreshToken)
var poolData = { UserPoolId : 'eu-north-1_xxxxxx',
ClientId : '3al0l3mhcxxxxxqgnp789987'
};
var userPool = new CognitoUserPool(poolData);
var userData = {
Username : 'lacucudi',
Pool : userPool
};
var cognitoUser = new CognitoUser(userData);
var token = new CognitoRefreshToken({ RefreshToken: refreshToken })
cognitoUser.refreshSession(token, (err, session) => { if (err) {console.log(err)} else console.log('session: ' + JSON.stringify(session)) });
}
但是传递之前检索到的 refreshToken returns an:
NotAuthorizedException: Invalid Refresh Token.
谁能告诉我这两个 api 的正确后端实现是什么?
我是这样解决的:
import Amplify, { Auth } from "aws-amplify";
import {
AdminCreateUserCommand,
AdminSetUserPasswordCommand,
AuthFlowType,
CognitoIdentityProviderClient,
CognitoIdentityProviderClientConfig,
GetUserCommand,
InitiateAuthCommand,
MessageActionType,
RevokeTokenCommand,
} from "@aws-sdk/client-cognito-identity-provider";
public async login(username: string, password: string): Promise<AuthTokens> {
if (!username || !password) {
throw new HttpException(400, "Please provide both username and password");
}
Amplify.configure({ Auth: config.auth });
const user = await Auth.signIn(username, password);
if (!user.signInUserSession) {
throw new HttpException(500, `Could not authenticate user ${username}`);
}
const {
signInUserSession: {
accessToken: { jwtToken: access_token },
idToken: { jwtToken: id_token },
refreshToken: { token: refresh_token },
},
} = user;
return {
id_token,
access_token,
refresh_token,
};
}
public async refresh(refresh_token: string): Promise<AuthTokens> {
if (!refresh_token) {
throw new HttpException(400, "Please provide a refresh token");
}
const refreshTokenAuth = new InitiateAuthCommand({
ClientId: config.auth.userPoolWebClientId,
AuthFlow: AuthFlowType.REFRESH_TOKEN_AUTH,
AuthParameters: {
REFRESH_TOKEN: refresh_token,
},
});
const response = await this.client.send(refreshTokenAuth);
const {
AuthenticationResult: { AccessToken, IdToken },
} = response;
return {
refresh_token,
access_token: AccessToken,
id_token: IdToken,
};
}
public async logout(refreshToken: string): Promise<boolean> {
if (!refreshToken) {
throw new HttpException(400, "Please provide a refresh token");
}
try {
const command = new RevokeTokenCommand({
ClientId: config.auth.userPoolWebClientId,
Token: refreshToken,
});
const response = await this.client.send(command);
const { httpStatusCode } = response.$metadata;
return httpStatusCode == 200 ?? true;
} catch (e) {
logger.error(e);
throw new HttpException(500, e);
}
}
我使用 aws-amplify 进行登录,aws-sdk/client-cognito-identity-provider 进行其他操作。
NotAuthorizedException: Invalid Refresh Token
由于在 Cognito 设置中启用了设备跟踪选项,因此返回了错误消息。
AWS 提供的服务给出错误的错误消息并且相关文档很少
真是不可思议