0

我有一个 AWS Cognito 用户池,用于在带有amplify auth. 我想限制从我公司的域登录 Google 帐户,因此我创建了一个自定义 lambda 函数(如下)并将其配置为我的用户池的 AWS 控制台中的预身份验证触发器:

exports.handler = (event, context, callback) => {
  console.log ("Trigger function: ", event.triggerSource);

  if (event.request.userAttributes.email.endsWith('@mycompany.com')) {
        console.log ("Authentication successful: ", event.request);
        callback(null, event);
  } else {
    console.log ("Authentication failed (non-company domain): ", event.request);
    callback("Non-company domain account", event)
  }
};

触发器正确地允许公司帐户登录,但如果有人尝试使用非公司帐户登录,则应用程序会引发错误并崩溃:

OAuth.js:380 Uncaught (in promise) Error: Exception+processing+authorization+code
at OAuth.<anonymous> (OAuth.js:380)
at step (OAuth.js:146)
at Object.next (OAuth.js:77)
at OAuth.js:49
at new Promise (<anonymous>)
at push../node_modules/@aws-amplify/auth/lib/OAuth/OAuth.js.__awaiter (OAuth.js:26)
at OAuth.handleAuthResponse (OAuth.js:361)
at AuthClass.<anonymous> (Auth.js:2199)
at step (Auth.js:136)
at Object.next (Auth.js:67)
at Auth.js:39
at new Promise (<anonymous>)
at push../node_modules/@aws-amplify/auth/lib/Auth.js.__awaiter (Auth.js:16)
at AuthClass._handleAuthResponse (Auth.js:2166)
at Auth.js:323
at Object.push../node_modules/@aws-amplify/auth/lib/urlListener.js.exports.default (urlListener.js:24)
at AuthClass.configure (Auth.js:320)
at Amplify.js:36
at Array.map (<anonymous>)
at Function.Amplify.configure (Amplify.js:35)
at Module../src/index.tsx (index.tsx:14)
at __webpack_require__ (bootstrap:781)
at fn (bootstrap:149)
at Object.0 (materialUi.ts:46)
at __webpack_require__ (bootstrap:781)
at checkDeferredModules (bootstrap:45)
at Array.webpackJsonpCallback [as push] (bootstrap:32)
at main.chunk.js:1

我的 lambda 函数有什么问题?看起来,当它返回带有错误的回调时,应用程序代码没有处理该错误,但我不知道为什么。

4

1 回答 1

0

您必须使用错误对象作为callback().

var error = new Error("Non-company domain account");
callback(error, event);

您可以在 Cognito 文档中找到具有正确错误处理的预身份验证示例。

于 2019-09-05T14:40:27.037 回答