ios - AWS Cognito 组通过 Amplify (swift)
问题描述
我希望能够使用 Cognito 上的组来启用/禁用我正在构建的应用程序上的某些功能 - 例如,只有编辑器可以编辑。
基本的 Cognito 功能(注册/登录/退出等)有效,但对于我来说,我找不到访问登录用户组的方法。
我正在使用的测试用户是两个组的成员。我有 accessToken 和 idToken,但这里也没有显示任何内容。
_ = Amplify.Auth.fetchAuthSession() { result in
do {
let session = try result.get()
// Get user sub or identity id
if let identityProvider = session as? AuthCognitoIdentityProvider {
let usersub = try identityProvider.getUserSub().get()
let identityId = try identityProvider.getIdentityId().get()
print("User sub - \(usersub) and identity id \(identityId)")
}
// Get aws credentials
if let awsCredentialsProvider = session as? AuthAWSCredentialsProvider {
let credentials = try awsCredentialsProvider.getAWSCredentials().get()
print("Access key - \(credentials.accessKey) ")
}
// Get cognito user pool token
if let cognitoTokenProvider = session as? AuthCognitoTokensProvider {
print(try cognitoTokenProvider.getCognitoTokens().get().accessToken)
let tokens = try cognitoTokenProvider.getCognitoTokens().get()
print("Id token - \(tokens.idToken) ")
}
} catch {
print("Fetch auth session failed with error - \(error)")
}
}
有任何想法吗?
解决方案
您可以通过解析令牌声明来获取与登录用户关联的 Cognito 组,您可以从 id 令牌中检索这些声明。
这是您获得 idToken 后所需要的。首先,获取令牌声明:
let tokenClaims = try AWSAuthService().getTokenClaims(tokenString: tokens.idToken).get()
要从令牌声明中获取 Cognito 组:
if let groups = (tokenClaims["cognito:groups"] as? NSArray) as Array?{
let cognitoGroups : Set<String> = []
for group in groups {
print("Cognito group: \(group)")
if let groupString = group as? String {
cognitoGroups.insert(groupString)
}
}
}
把它们放在一起:
_ = Amplify.Auth.fetchAuthSession() { result in
do {
let session = try result.get()
// Get user sub or identity id
if let identityProvider = session as? AuthCognitoIdentityProvider {
let usersub = try identityProvider.getUserSub().get()
let identityId = try identityProvider.getIdentityId().get()
print("User sub - \(usersub) and identity id \(identityId)")
}
// Get aws credentials
if let awsCredentialsProvider = session as? AuthAWSCredentialsProvider {
let credentials = try awsCredentialsProvider.getAWSCredentials().get()
print("Access key - \(credentials.accessKey) ")
}
// Get cognito user pool token
if let cognitoTokenProvider = session as? AuthCognitoTokensProvider {
print(try cognitoTokenProvider.getCognitoTokens().get().accessToken)
let tokens = try cognitoTokenProvider.getCognitoTokens().get()
print("Id token - \(tokens.idToken) ")
let tokenClaims = try AWSAuthService().getTokenClaims(tokenString: tokens.idToken).get()
print("Token Claims: \(tokenClaims)")
if let groups = (tokenClaims["cognito:groups"] as? NSArray) as Array?{
let cognitoGroups : Set<String> = []
for group in groups {
print("Cognito group: \(group)")
if let groupString = group as? String {
cognitoGroups.insert(groupString)
}
}
}
}
} catch {
print("Fetch auth session failed with error - \(error)")
}
}
推荐阅读
- webpack - 如何通过服务器端渲染在 webpack 4 中获取供应商和应用程序块?
- typescript - 为什么`延期
.resolve` 接受`IWhenable ` 而不是 `any`? - elasticsearch - 多个索引的类似联接的查询
- javascript - 动态添加表上的keydown
- go - 我如何将时间打印成这种格式 23:44:22.184320
- r - 使用 unname 后,write.csv 中仍然会生成一个空白的列名标题行
- flutter - 特定页面的 MaterialApp Builder 自定义
- python - multipart-form-data,POST 方法,页面中有多个表单
- clojure - Clojure - 何时取消引用原子?
- algorithm - 如何找到包含给定边的最小生成树?