- 新しい順
- 投票が多い順
- コメントが多い順
I am going to answer my own question but I'm interested in whether or not people think this is good or bad. If nothing else, this might serve as an example for somebody else who stumbles across this post trying to do the same thing.
It looks like if you have an access token you can always call GetUser to get the ID. The access token contains an issuer URL which must be how CognitoIdenttityProviderClient knows how to follow back to the correct user pool. This seems to work fine. it's not clear to me whether or not GetUser checks the validity of the token, but I suspect it must because it says the access token must be unexpired. The docs don't explicitly say this, though. (Can anybody confirm GetUser thoroughly validates the access token? Seems like It must.)
export function getAllCustomers(request: APIGatewayProxyEventV2WithJWTAuthorizer, context: Context):
Promise<APIGatewayProxyResultV2<GetCustomersResponse>> {
/* get the authorization header from API gateway v2 proxy event */
const authHeader = request.headers['authorization'];
if (authHeader === undefined) {
return Promise.resolve({
body: "No bearer token",
statusCode: http2.constants.HTTP_STATUS_FORBIDDEN
})
}
/* See if it starts with Bearer implying it's an access token */
if(!authHeader.startsWith("Bearer ")) {
return Promise.resolve({
body: "Auth header is invalid",
statusCode: http2.constants.HTTP_STATUS_FORBIDDEN
})
}
const accessToken = authHeader.substring(7)
const cc = new CognitoIdentityProviderClient({})
const ccReq = new GetUserCommand({AccessToken: accessToken});
return cc.send<GetUserCommandInput, GetUserCommandOutput>(ccReq)
.then((result: GetUserCommandOutput) => {
/* do something useful now that we have the full ID */
...
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 10ヶ月前