2019-02-14 10:03
浏览 98

AWS Golang SDK是否包括对Cognito提供商的支持?

I have been using the AWS mobile SDK previously with AWS Cognito. So I have an AWS Cognito Identity Pool configured with 2 AWS IAM roles (authenticated and unauthenticated). Via that I am currently calling some AWS Lambda functions. (btw I am aware of the AWS API Gateway)

I'm trying to do something similar with a Go/Golang client now, i.e. call an AWS Lambda (unauthenticated role) from client side Go, but I can't find an example.

I found this info, but it just seems to be for calling the service functions (ie with environment configured secrets etc. similar to CLI)

I also looked through the Go AWS SDK source (credentials) and it is almost like the Cognito Provider option has been excluded from the SDK? and I cant find anything that seems to mention 'identityPoolId'.

If that is the case, could I somehow hook into the Javascript exposed interface in Go without using the SDK?

Although I'm thinking I will need to do this without the Javascript SDK too...

ie A direct HTTPS call to AWS backend? Is the AWS Cognito service exposed in this way?

图片转代码服务由CSDN问答提供 功能建议

我以前一直在使用AWS移动SDK和AWS Cognito。 因此我配置了一个AWS Cognito身份池 2个AWS IAM角色(经过身份验证和未经身份验证)。 我目前正在调用某些AWS Lambda函数。 (顺便说一下,我知道AWS API Gateway)

我现在正在尝试对Go / Golang客户端执行类似的操作,即从客户端调用AWS Lambda(未经身份验证的角色) 转到,但是我找不到示例。


我还浏览了Go AWS开发工具包源 (凭据),几乎就像Cognito Provider选项已从SDK中排除了一样?


尽管我 我以为我也需要在没有Javascript SDK的情况下执行此操作...

ie直接对AWS后端进行HTTPS调用? AWS Cognito服务是否以这种方式公开?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dscss8996 2019-02-20 15:05

    This doesn't seem to be supported within the current SDK. However I found a way to solve this by using the web API. First calling this:

    And once you have the IdendityId calling this:

    With the returned credentials you have guest/unauthenticated role privilege for calling down to your public Lambda. The IdentityId can be cached locally for subsequent calls.

    [edit] work-in-progress example:

    打赏 评论
  • dqqfuth6736 2019-06-12 19:38

    Here's a post I found helpful while I was working on a similar application (accessing a user pool from a Go Lambda):

    His example should be in the ballpark (at least show you a way forward).

    TLDR, adapted

    Create a session:

    ses, _ := session.NewSession(&aws.Config{Region: aws.String("us-east-1")})

    Authenticate from a provider:

    params := &cognitoidentityprovider.InitiateAuthInput{
            AuthFlow: aws.String("USER_PASSWORD_AUTH"),
            AuthParameters: map[string]*string{
                    "USERNAME": aws.String(""),
                    "PASSWORD": aws.String("doremefasolatido"),
            ClientId: aws.String("123456789abcdefghijklmnopq"),
    cip := cognitoidentityprovider.New(ses)
    authResp, _ := cip.InitiateAuth(params)

    Get Identity:

       svc := cognitoidentity.New(ses)
       idRes, _ := svc.GetId(&cognitoidentity.GetIdInput{
               IdentityPoolId: aws.String("us-east-1:123456789-444-4444-123456789abc"),
               Logins: map[string]*string{
                       "cognito-idp.<reg><id>": authResp.AuthenticationResult.IdToken,
       credRes, _ := svc.GetCredentialsForIdentity(&cognitoidentity.GetCredentialsForIdentityInput{
               IdentityId: idRes.IdentityId,
               Logins: map[string]*string{
                       "cognito-idp.<reg><id>": authResp.AuthenticationResult.IdToken,

    Invoke api:

       url := "fill in your endpoint"
       client := new(http.Client)
       req, _ := http.NewRequest("GET", url, nil)


       v := v4.NewSigner(credentials.NewStaticCredentials(
       v.Sign(req, nil, "execute-api", "us-east-1", time.Now())

    Make Response:

       resp, _ := client.Do(req)

    Handle Resp:

       b, _ := ioutil.ReadAll(resp.Body)
    ", b)
    打赏 评论

相关推荐 更多相似问题