作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
登录后,我可以在控制台返回的用户数据对象中看到用户分配的用户池组。我尝试将组分配给变量的所有尝试都失败了。我缺少什么?我可以轻松获取 client_id、JWT 和属性。
对象路径:
let userGroup = user.signInUserSession.accessToken.payload.cognito.groups[0];
但是,这有效:
user.signInUserSession.accessToken.payload.client_id;
对象的这一部分看起来像这样。我可以检索 token 、用户名以及除组之外的几乎任何内容。
signInUserSession: CognitoUserSession
accessToken: CognitoAccessToken
jwtToken: ...
payload:
auth_time: 1539824552
client_id: "5u7o1o1...."
cognito:groups: Array(1)
0: "admin-full"
length: 1
... more properties here...
token_use: "access"
username: "me"
我正在使用 Angular 6 和 AWS-Amplify,但我怀疑这是否重要。我的部分代码:
constructor(
private amplifyService: AmplifyService,
) {}
this.amplifyService.auth().currentAuthenticatedUser()
.then(user => {
console.log('user data in checkLogin: ', user); // The whole object.
console.log('user token in checkLogin: ', user.signInUserSession.accessToken.jwtToken); // Retrieves the token.
我的整个 session 对象用于澄清:
CognitoUser {username: "me", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
Session: null
attributes: {phone_number: "########", locale: "Silicon Valley", given_name: "J", family_name: "Preston", email: "j@whatever.com"}
authenticationFlowType: "USER_SRP_AUTH"
client: Client {endpoint: "https://cognito-idp.us-west-2.amazonaws.com/", userAgent: "aws-amplify/0.1.x js"}
pool: CognitoUserPool {userPoolId: "us-west-2_UW9KsJm0o", clientId: "5u7o1o1v288e...", client: Client, advancedSecurityDataCollectionFlag: true, storage: Storage}
preferredMFA: "NOMFA"
signInUserSession: CognitoUserSession
accessToken: CognitoAccessToken
jwtToken: "eyJraWQiOiJwaUdRSnc..."
payload:
auth_time: 1539881072
client_id: "5u7o1o1v2..."
cognito:groups: ["admin"]
event_id: "168d9cc3-d2f5-11e8-ae71-f734087f965a"
exp: 1539884672
iat: 1539881072
iss: "https://cognito-idp.us-west-2.amazonaws.com/us-west-2_UW9KsJm0o"
jti: "13c4c552-ee70-4f8a-b64d-f95e0bdc81cf"
scope: "aws.cognito.signin.user.admin openid"
sub: "96a047b2-ae9a-42ff-af09-fc1c0802b88f"
token_use: "access"
username: "me"
version: 2
__proto__: Object
__proto__: CognitoJwtToken
clockDrift: 0
idToken: CognitoIdToken {jwtToken: "eyJraWQiOiI...", payload: {…}}
refreshToken: CognitoRefreshToken {token: ""}
__proto__: Object
storage: Storage {CognitoIdentityServiceProvider.5u7o1o1....LastAuthUser: "me", CognitoIdentityServiceProvider.5u7o1o1v....jimadmin.accessToken: "eyJraWQiOiJ...", CognitoIdentityServiceProvider.5u7o1o1....jimadmin.idToken: "eyJraWQiOiI3...", CognitoIdentityServiceProvider.5u7o1o1....jimadmin.refreshToken: "", CognitoIdentityServiceProvider.5u7o1o1....jimadmin.tokenScopesString: "email openid aws.cognito.signin.user.admin", …}
username: "me"
最佳答案
该组位于 session 对象和 idToken 有效负载中,如下所示。
如果您的用户不在组中,则该组不存在。您应该能够像 accessToken.payload['cognito:groups'];
我碰巧有一个可供组中用户使用的认知 session 对象,它显示了所有 token 及其所有有效负载。以及当你获取用户属性时你会得到什么。
session :
{
"idToken":{
"jwtToken":"eyJraWQiOiJQS1wvMHNNMlk...",
"payload":{
"sub":"ceb234234-b0e0-4c3d-8abc-af08c002b4de",
"cognito:groups":[
"user"
],
"email_verified":true,
"iss":"https://cognito-idp.us-east-2.amazonaws.com/us-east-2_sinJIhGA8",
"phone_number_verified":false,
"cognito:username":"ceba8336-b0e0-4c3d-8abc-af08c002b4de",
"aud":"203e1rl2o1d8d5chhs9v6s1i79",
"event_id":"89502ffe-d2fe-11e8-8427-1b3482253d90",
"token_use":"id",
"auth_time":1539885130,
"exp":1539888730,
"iat":1539885130,
"email":"r32423423@icloud.com"
}
},
"refreshToken":{
"token":"eyJjdHkiOiJKV1QiLCJlb..."
},
"accessToken":{
"jwtToken":"eyJraWQiOiI4N2pRRnpqSm..",
"payload":{
"sub":"ceba8336-b0e0-4c3d-8abc-af08c002b4de",
"device_key":"us-east-2_94234234234b-4cec-ae49-b1f90555d979",
"cognito:groups":[
"user"
],
"iss":"https://cognito-idp.us-east-2.amazonaws.com/us-east-2_sinJIhGA8",
"client_id":"203e1rl223423hhs9v6s1i79",
"event_id":"895234fe-d2fe-11e8-8427-1b3482253d90",
"token_use":"access",
"scope":"aws.cognito.signin.user.admin",
"auth_time":1539885130,
"exp":1539888730,
"iat":1539885130,
"jti":"936fd8f9-c091-4f642345f-ba9454f16b9c",
"username":"ceba83362342-4c3d-8abc-af08c002b4de"
}
},
"clockDrift":0
}
用户属性:
{
"details":[
{
"Name":"sub",
"Value":"ceba8336-4234-4c3d-8abc-af08c002b4de"
},
{
"Name":"email_verified",
"Value":"true"
},
{
"Name":"phone_number_verified",
"Value":"false"
},
{
"Name":"email",
"Value":"r23423423@icloud.com"
}
]
}
关于amazon-web-services - AWS Cognito - 如何从 token 对象获取用户组,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52878146/
我是一名优秀的程序员,十分优秀!