gpt4 book ai didi

amazon-web-services - Firebase 作为 Cognito/AWS 的身份提供者

转载 作者:行者123 更新时间:2023-12-03 23:55:58 28 4
gpt4 key购买 nike

我很难将 Firebase 用作 Open ID Connect 提供商。
您能否进一步描述您在完成这项工作之前和之后所经历的步骤?

有关信息,这是我迄今为止所做的:
在 AWS 控制台中:

1 - 创建 IAM 身份提供商 (OpenID Connect) 并使用 securetoken.google.com/<FIREBASE_PROJECT_ID>作为 URL,<FIREBASE_PROJECT_ID>观众

2 - 手动检查指纹(它与 AWS 生成的指纹匹配)

3 - 创建一个有权访问所需服务的角色

4 - 在 Cognito 中创建了一个身份池,并在“已验证角色”下拉列表中选择了我新创建的角色

5 - 在身份验证提供者 > OpenID 类别下选择我的身份提供者(因此格式为):securetoken.google.com/<FIREBASE_PROJECT_ID>
在我的代码中(我使用的是 Vue.js),这里是我经历的逻辑步骤:

  • 导入/设置 AWS SDK
  • 调用 Firebase 身份验证服务
  • 创建新的 CognitoIdentity
  • 使用 getOpenIdTokenForDeveloperIdentity 并推送从 Firebase 收到的 tokenID

  • 问题是我不断收到“配置中缺少凭据”错误。

    编码:
    import axios from 'axios';
    const AWS = require('aws-sdk');

    AWS.config.region = 'eu-west-1';
    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'MY_COGNITO_POOL_ID',
    });

    export default {
    name: 'My Vue.js component name',
    data() {
    return {
    email: '',
    password: '',
    msg: '',
    };
    },
    methods: {
    submit() {
    axios
    .post(
    'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=MY_KEY',
    {
    email: this.email,
    password: password,
    returnSecureToken: true,
    },
    )
    .then((res) => {
    // stores tokens locally
    localStorage.setItem('jwt', JSON.stringify(res.data));
    const cognitoidentity = new AWS.CognitoIdentity();
    const params = {
    IdentityPoolId: 'MY_COGNITO_POOL_ID',
    Logins: {
    'securetoken.google.com/<PROJECT_ID>': res.data.idToken,
    },
    IdentityId: null,
    TokenDuration: 3600,
    };
    cognitoidentity.getOpenIdTokenForDeveloperIdentity(params, (err, data) => {
    if (err) console.log(err, err.stack); // an error occurred
    else console.log(data); // successful response
    });
    });
    },
    },
    };

    以下是我迄今为止在尝试进行这项工作时使用的资源:

    http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html

    Using Firebase OpenID Connect provider as AWS IAM Identity Provider

    https://github.com/aws/amazon-cognito-identity-js/blob/master/examples/babel-webpack/src/main.jsx

    http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html

    https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-authentication/

    https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-authentication-part-2-developer-authenticated-identities/

    https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-authentication-part-3-roles-and-policies/

    https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-authentication-part-4-enhanced-flow/

    最佳答案

    最终代码如果对任何人都有帮助:

    import axios from 'axios';

    const AWS = require('aws-sdk');
    const aws4 = require('aws4');

    export default {
    name: 'VUE_CPNT_NAME',
    data() {
    return {
    email: '',
    password: '',
    msg: '',
    idToken: '',
    };
    },
    methods: {
    submit() {
    // Firebase SignIn API
    // Doc: https://firebase.google.com/docs/reference/rest/auth/
    axios
    .post(
    'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[MY_KEY]',
    {
    email: this.email,
    password: this.password,
    returnSecureToken: true,
    },
    )
    .then((res) => {
    this.idToken = res.data.idToken;
    localStorage.setItem('jwt', JSON.stringify(res.data));
    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: 'IDENTITY_POOL_ID',
    Logins: {
    'securetoken.google.com/<FIREBASE_PROJECT_ID>': res.data.idToken,
    },
    }, {
    region: 'eu-west-1',
    });
    // AWS.config.crendentials.get() methods works as well
    // or a call to cognitoidentity.getId() followed by a call to getCredentialsForIdentity()
    // will achieve the same thing. Cool. But why!?
    AWS.config.getCredentials((err) => {
    if (err) {
    console.log(err);
    }
    const request = {
    host: 'API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com',
    method: 'GET',
    url: 'https://API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com/PATH',
    path: '/API_ENDPOINT_PATH',
    };
    // Signing the requests to API Gateway when the Authorization is set AWS_IAM.
    // Not required when Cognito User Pools are used
    const signedRequest = aws4.sign(request,
    {
    secretAccessKey: AWS.config.credentials.secretAccessKey,
    accessKeyId: AWS.config.credentials.accessKeyId,
    sessionToken: AWS.config.credentials.sessionToken,
    });
    // removing the Host header to avoid errors in Chrome
    delete signedRequest.headers.Host;
    axios(signedRequest);
    });
    });
    },
    },
    };

    关于amazon-web-services - Firebase 作为 Cognito/AWS 的身份提供者,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47228334/

    28 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com