dougai0138
2019-02-14 10:03
浏览 98
已采纳

AWS Golang SDK是否包括对Cognito提供商的支持?

I have been using the AWS mobile SDK previously with AWS Cognito. So I have an AWS Cognito Identity Pool configured with 2 AWS IAM roles (authenticated and unauthenticated). Via that I am currently calling some AWS Lambda functions. (btw I am aware of the AWS API Gateway)

I'm trying to do something similar with a Go/Golang client now, i.e. call an AWS Lambda (unauthenticated role) from client side Go, but I can't find an example.

I found this info, but it just seems to be for calling the service functions (ie with environment configured secrets etc. similar to CLI)

https://docs.aws.amazon.com/sdk-for-go/api/service/cognitoidentity/#New

I also looked through the Go AWS SDK source (credentials) and it is almost like the Cognito Provider option has been excluded from the SDK? and I cant find anything that seems to mention 'identityPoolId'.

If that is the case, could I somehow hook into the Javascript exposed interface in Go without using the SDK?

https://docs.aws.amazon.com/cognito/latest/developerguide/getting-credentials.html#getting-credentials-1.javascript

Although I'm thinking I will need to do this without the Javascript SDK too...

ie A direct HTTPS call to AWS backend? Is the AWS Cognito service exposed in this way?

图片转代码服务由CSDN问答提供 功能建议

我以前一直在使用AWS移动SDK和AWS Cognito。 因此我配置了一个AWS Cognito身份池 2个AWS IAM角色(经过身份验证和未经身份验证)。 我目前正在调用某些AWS Lambda函数。 (顺便说一下,我知道AWS API Gateway)

我现在正在尝试对Go / Golang客户端执行类似的操作,即从客户端调用AWS Lambda(未经身份验证的角色) 转到,但是我找不到示例。

我找到了此信息,但它似乎只是用于调用服务功能(即具有环境配置的机密等,类似于CLI)。

https://docs.aws.amazon.com/sdk-for-go/api/service/cognitoidentity/#New

我还浏览了Go AWS开发工具包源 (凭据),几乎就像Cognito Provider选项已从SDK中排除了一样?

如果是这种情况,我是否可以在不使用SDK的情况下以某种方式钩入Go中的Javascript公开接口?

https://docs.aws.amazon.com/cognito/latest/developerguide/getting-credentials.html#getting-credentials-1.javascript

尽管我 我以为我也需要在没有Javascript SDK的情况下执行此操作...

ie直接对AWS后端进行HTTPS调用? AWS Cognito服务是否以这种方式公开?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dscss8996 2019-02-20 15:05
    已采纳

    This doesn't seem to be supported within the current SDK. However I found a way to solve this by using the web API. First calling this:

    https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetId.html

    And once you have the IdendityId calling this:

    https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html

    With the returned credentials you have guest/unauthenticated role privilege for calling down to your public Lambda. The IdentityId can be cached locally for subsequent calls.

    [edit] work-in-progress example: https://github.com/WhiteHexagon/go2aws

    打赏 评论
  • dqqfuth6736 2019-06-12 19:38

    Here's a post I found helpful while I was working on a similar application (accessing a user pool from a Go Lambda): https://benincosa.com/?p=3714

    His example should be in the ballpark (at least show you a way forward).

    TLDR, adapted

    Create a session:

    ses, _ := session.NewSession(&aws.Config{Region: aws.String("us-east-1")})
    

    Authenticate from a provider:

    params := &cognitoidentityprovider.InitiateAuthInput{
            AuthFlow: aws.String("USER_PASSWORD_AUTH"),
            AuthParameters: map[string]*string{
                    "USERNAME": aws.String("maria@vontropps.com"),
                    "PASSWORD": aws.String("doremefasolatido"),
            },
            ClientId: aws.String("123456789abcdefghijklmnopq"),
    }
    cip := cognitoidentityprovider.New(ses)
    authResp, _ := cip.InitiateAuth(params)
    

    Get Identity:

       svc := cognitoidentity.New(ses)
       idRes, _ := svc.GetId(&cognitoidentity.GetIdInput{
               IdentityPoolId: aws.String("us-east-1:123456789-444-4444-123456789abc"),
               Logins: map[string]*string{
                       "cognito-idp.<reg>.amazonaws.com/us-east-1_<id>": authResp.AuthenticationResult.IdToken,
               },
       })
    
       credRes, _ := svc.GetCredentialsForIdentity(&cognitoidentity.GetCredentialsForIdentityInput{
               IdentityId: idRes.IdentityId,
               Logins: map[string]*string{
                       "cognito-idp.<reg>.amazonaws.com/us-east-1_<id>": authResp.AuthenticationResult.IdToken,
               },
       })
    

    Invoke api:

       url := "fill in your endpoint"
       client := new(http.Client)
       req, _ := http.NewRequest("GET", url, nil)
    

    Sign:

       v := v4.NewSigner(credentials.NewStaticCredentials(
              *credRes.Credentials.AccessKeyId,
              *credRes.Credentials.SecretKey,
              *credRes.Credentials.SessionToken,
       ))
    
       v.Sign(req, nil, "execute-api", "us-east-1", time.Now())
    

    Make Response:

       resp, _ := client.Do(req)
    

    Handle Resp:

       b, _ := ioutil.ReadAll(resp.Body)
       resp.Body.Close()
       fmt.Printf("%s
    ", b)
    
    打赏 评论

相关推荐 更多相似问题