AWS Cognito:Cognito 用户池的元数据 URL 在哪里?

AWS Coginto: where is the metadata URL of Cognito User Pool?

我正在尝试使用 AWS Cognito 作为我在 AWS API 网关中的 REST API 的授权方。

它让我填写 Issuer URL:

我翻遍了 AWS Cognito 用户池页面,没有这样的东西。

我在这里找到了一个相关的答案: 我引用:

Issuer URL: Check the metadata URL of your Cognito User Pool 
(construct the URL in this format :: https://cognito-idp.
[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration 
:: look for a claim named "issuer". Copy its Value and paste it here.

我当然可以像上面说的那样构建url。

但是,metadata URL of my Cognito User Pool在哪里????

我是不是错过了一些非常基本的东西,问这个问题是不是太傻了?

在哪里??

这让我发疯。

Cognito 用户池的颁发者 URL 具有以下格式:

https://cognito-idp.[region].amazonaws.com/[userPoolId]

如您所述,您可以从 Cognito 著名的元数据端点获取它,该端点位于

https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/openid-configuration

这个文件是JSON格式的,包含一个issuer字段,其中包含上面提到的URL。整个文件如下所示:

{
   "authorization_endpoint":"https://cognito-idp.[region].amazonaws.com/[userPoolId]/authorize",
   "id_token_signing_alg_values_supported":[
      "RS256"
   ],
   "issuer":"https://cognito-idp.[region].amazonaws.com/[userPoolId]",
   "jwks_uri":"https://cognito-idp.[region].amazonaws.com/[userPoolId]/.well-known/jwks.json",
   "response_types_supported":[
      "code",
      "token"
   ],
   "scopes_supported":[
      "openid",
      "email",
      "phone",
      "profile"
   ],
   "subject_types_supported":[
      "public"
   ],
   "token_endpoint":"https://cognito-idp.[region].amazonaws.com/[userPoolId]/token",
   "token_endpoint_auth_methods_supported":[
      "client_secret_basic",
      "client_secret_post"
   ],
   "userinfo_endpoint":"https://cognito-idp.[region].amazonaws.com/[userPoolId]/userInfo"
}