1

I am using a Cognito Identity Pool with Developer Authenticated Identities Authflow Setup - this auth flow was chosen because we are not able to use Cognito User Pools for some business reasons. Hence I implemented a User Identity Provider Service myself using API Gateway with an auth endpoint, which fires a Lambda function.

So I generated a temporary AccessKey and SecretKey by running cognitoidentity.getOpenIdTokenForDeveloperIdentity and afterwards cognitoidentity.getCredentialsForIdentity and got temporary AWS Credentials (temporary AccessKey and SecretKey).

Now I want to generate an AccessToken in order to authenticate my requests on AWS API Gateway on which I am using IAM authorization (so it needs an AccessToken to authorize requests).

My question is - how do I generate an AccessToken?

AuthenticationResult contents

4

1 回答 1

1

我认为您不需要生成 AccessToken。查看API Gateway IAM Auth 文档

注意:要使用其他工具或环境手动验证发送到 API Gateway 的请求,您必须使用 Signature Version 4 签名过程。有关更多信息,请参阅API Gateway REST API 参考中的签名请求。

按照上面的链接,您将看到:

Amazon API Gateway 要求您通过签署请求来验证您发送的每个请求。要签署请求,您需要计算数字签名 [...]

也看看这个问题,这是关于做上面的签名:Integrating an ID Pool with API Gateway

我自己没有这样做,但是如果您必须从前端手动执行上述操作,我会感到非常惊讶。应该有一个客户端可以用来为您处理签名,就像 Postman 在上面的 AWS 文档中的示例中所做的那样。即,您向客户端提供 IAM 凭证,客户端在您要求时发出 API 请求,使用您提供的 IAM 凭证自动处理签名。例如,AWS Amplify 似乎可以为您做到这一点

于 2020-01-13T21:43:25.047 回答