- Mais recentes
- Mais votos
- Mais comentários
I am going to answer my own question but I'm interested in whether or not people think this is good or bad. If nothing else, this might serve as an example for somebody else who stumbles across this post trying to do the same thing.
It looks like if you have an access token you can always call GetUser to get the ID. The access token contains an issuer URL which must be how CognitoIdenttityProviderClient knows how to follow back to the correct user pool. This seems to work fine. it's not clear to me whether or not GetUser checks the validity of the token, but I suspect it must because it says the access token must be unexpired. The docs don't explicitly say this, though. (Can anybody confirm GetUser thoroughly validates the access token? Seems like It must.)
export function getAllCustomers(request: APIGatewayProxyEventV2WithJWTAuthorizer, context: Context):
Promise<APIGatewayProxyResultV2<GetCustomersResponse>> {
/* get the authorization header from API gateway v2 proxy event */
const authHeader = request.headers['authorization'];
if (authHeader === undefined) {
return Promise.resolve({
body: "No bearer token",
statusCode: http2.constants.HTTP_STATUS_FORBIDDEN
})
}
/* See if it starts with Bearer implying it's an access token */
if(!authHeader.startsWith("Bearer ")) {
return Promise.resolve({
body: "Auth header is invalid",
statusCode: http2.constants.HTTP_STATUS_FORBIDDEN
})
}
const accessToken = authHeader.substring(7)
const cc = new CognitoIdentityProviderClient({})
const ccReq = new GetUserCommand({AccessToken: accessToken});
return cc.send<GetUserCommandInput, GetUserCommandOutput>(ccReq)
.then((result: GetUserCommandOutput) => {
/* do something useful now that we have the full ID */
...
Conteúdo relevante
- AWS OFICIALAtualizada há 2 meses
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há um ano