authentication - 将 AWS Cognito 用户迁移到 Auth0

将用户导入 Auth0 有两种方法：

1. 批量迁移
2. 自动迁移（即延迟加载）

目前，确实没有简单的方法可以将用户从 AWS Cognito 中导出。即使您这样做了，导出的用户配置文件也不会包含用户的散列密码，因此一旦迁移到 Auth0 作为身份提供者，它就会要求用户重置其帐户密码。不理想。所以批量迁移是不可能的。

• AWS Cognito 用户配置文件导出参考架构
• 从 Amazon Cognito 用户池中导出用户

相反，自动迁移可能是要走的路。您必须在 Auth0 中配置自定义数据库并将其指向您的 AWS Cognito 用户池并定义两个脚本：一个用于获取用户，另一个用于登录用户。

默认情况下，AWS 不会通过 API 公开这些端点，但它们在amazon-cognito-identity-js npm 包中确实具有类似的功能（根据文档中的场景 4）。

感谢@yvovandoorn编写了javascript 代码get-user，您可以在 Auth0 自定义数据库和脚本中使用这个 npm 包login来执行自动迁移。只需确保在自定义数据库设置下将Import Users to Auth0 选中为 true。

get-user.js

/*
Requires Auth0 Global Variables to be set - https://auth0.com/docs/rules/configure-global-variables-for-rules
If testing locally (or not wanting to use Auth0 Global Variables):
const configuration = {
  "accessKeyId": "AKIAIBDT5G4M237CZSMQ",
  "secretAccessKey": "your-cognito-secret-access-key",
  "region": "eu-west-1",
  "UserPoolId": "eu-west-1_V69pvauTp"
*/

function getUser(username, callback) {
    const userParameters =  ["email", "email_verified", "custom:designation"];
    const AWS = require('aws-sdk@2.593.0');
    AWS.config.update({ "accessKeyId": configuration.accessKeyId, "secretAccessKey": configuration.secretAccessKey, "region": configuration.region });
    const cognito = new AWS.CognitoIdentityServiceProvider();

    cognito.adminGetUser({
        UserPoolId: configuration.UserPoolId,
        Username: username
    }, (err, data) => {
        if (err) {
            console.log(err);
            if (err.code === "UserNotFoundException") return callback(null);
            else callback(err);
        }
        else {
            console.log(data);
            if (data.code === "UserNotFoundException") return callback(null);
            else {
                let profile = {
                    "user_id": data.UserAttributes.find(item=>item.Name==="sub").Value,
                    "username": data.Username,
                };
                userParameters.forEach(customParameterName => {
                    profile[customParameterName] = data.UserAttributes.find(item=>item.Name===customParameterName).Value;
                });
                return callback(null, profile);
            }
        }

    });

}

login.js

/*
Read StackOverflow article about potential window issue: https://stackoverflow.com/questions/40219518/aws-cognito-unauthenticated-login-error-window-is-not-defined-js

Requires Auth0 Global Variables to be set - https://auth0.com/docs/rules/configure-global-variables-for-rules

If testing locally (or not wanting to use Auth0 Global Variables):
const configuration = {
  "ClientId": "nzHNdG0XGS4qSaS5p0EZZesoIO2xfKQDRMgWPoce",
  "UserPoolId": "eu-west-1_V69pvauTp"
*/

function login(username, password, callback) {
    global.fetch = require('node-fetch@2.6.0');
    var AmazonCognitoIdentity = require('amazon-cognito-identity-js@3.0.14');
    var poolData = {
        UserPoolId: configuration.UserPoolId,
        ClientId: configuration.ClientId

    };
    var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

    var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails({
        Username: username,
        Password: password
    });
    var userData = {
        Username: username,
        Pool: userPool
    };
    var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
            //console.log(result);
            var idTokenPayload = result.getIdToken().payload;
            console.log(idTokenPayload);
            var profile = {
              user_id: idTokenPayload.sub,
              email: idTokenPayload.email,
              /* might want to set this to false if you're not validating email addresses */
              email_verified: true,
            };
            console.log({ result, idTokenPayload, profile });
            callback(null, profile);
        },
        onFailure: (function (err) {
            return callback(new WrongUsernameOrPasswordError(username))
        })
    });
}