node.js - 使用 icognito 身份池时，在 Lambda 函数中获取 context.identity 中的用户信息

问题描述

我正在使用 lambda post 身份验证来触发 appsync 突变以将用户详细信息存储在 dynamodb 中。我想使用文档中指定的用户 context.identity.cognitoIdentityId https://docs.aws.amazon.com/appsync/latest/devguide/resolver-context-reference.html#aws-appsync-resolver-context-将 IAM 授权与从 Amazon Cognito 身份池提供的凭证一起使用时的 reference-identity 。但是，当我在云手表中记录上下文时，云手表中的身份对象丢失了，因此我无法将用户的详细信息存储在 dynamodb 中。

const env = require('process').env;
const fetch = require('node-fetch');
const AWS = require('aws-sdk');

AWS.config.update({
    region: env.AWS_REGION,
    credentials: new AWS.Credentials(env.AWS_ACCESS_KEY_ID, 
env.AWS_SECRET_ACCESS_KEY, env.AWS_SESSION_TOKEN)
});


module.exports  = {
    postAuthSignup: (event, context, callback) => {

        console.log(`Event = ${JSON.stringify(event, null, 2)}`);
        console.log(`Context = ${JSON.stringify(context, null, 2)}`);
        console.log(`Env = ${JSON.stringify(env, null, 2)}`);

        const Signup = `mutation Signup($input: CreateSignUpInput) {
            signup(input: $input) {
                id
                firstname
                middlename
                lastname
                phone{
                    mobile
                }
                email
            }
        }`;

        const details = {
            input: {
                id: context.identity.cognitoIdentityId,
                firstname: event.request.userAttributes.name,
                lastname: event.request.userAttributes.family_name,
                middlename: event.request.userAttributes.middle_name,
                phone: {
                    mobile: event.request.userAttributes.phone_number
                },
                email: event.request.userAttributes.email
            }
        };

        const post_body = {
            query: Signup,
            operationName: 'Signup',
            variables: details
        };

        console.log(`Posting ${JSON.stringify(post_body, null, 2)}`);

        // post GraphQl mutation to AWS AppSync using signed connection

        const uri = new URL(env.GRAPHQL_API);
        const httpRequest = new AWS.HttpRequest(uri.href, env.REGION);
        httpRequest.headers.host = uri.host;
        httpRequest.headers['Content-Type'] = 'application/json';
        httpRequest.method = 'POST';
        httpRequest.body = JSON.stringify(post_body);

        AWS.config.credentials.get(err => {
            const signer = new AWS.Signers.V4(httpRequest, "appsync", true);
            signer.addAuthorization(AWS.config.credentials, AWS.util.date.getDate());


            const options = {
                method: httpRequest.method,
                body: httpRequest.body,
                headers: httpRequest.headers
            };

            fetch(uri.href, options)
            .then(res => res.json())
            .then(json => {
                console.log(`JSON Response = ${JSON.stringify(json, null, 2)}`);
                callback(null, event);
            })
            .catch(err => {
                console.error(`FETCH ERROR: ${JSON.stringify(err, null, 2)}`);
                callback(err);
            });
        });
    }
};

这是我的 lambda 身份验证功能。我很乐意协助从 lambda 函数中获取 context.identity。

标签： node.jsaws-lambdaamazon-cognitoserverless-frameworkaws-appsync