1. 首頁
  2. 問答
  3. 代碼更新:AWS Cognito用戶標識池授權? Objective-C

代碼更新:AWS Cognito用戶標識池授權? Objective-C

2016-06-08 99 views
1

所以我一直在想這個,文檔不夠清晰。代碼更新:AWS Cognito用戶標識池授權? Objective-C

我正在嘗試使用AWS cognito用戶池和聯合標識池。

在線他們說你可以連接兩者,然後通過用戶池對用戶進行身份驗證,以從身份池獲取憑據。現在我將它們連接起來,它顯示爲授權方法,但我無法弄清楚在objective-c中要做些什麼才能使其運行。我只能將未經授權的用戶轉移到我的聯合身份驗證池中。

我也有一切工作在用戶池(創建和認證用戶)所以它只是讓他們進入聯合身份池的權限。

有人可以發佈Objective-C中的代碼示例瞭解如何做到這一點?或者讓我瞭解如何做到這一點的邏輯步驟?

我一直在尋找這些鏈接: http://mobile.awsblog.com/post/TxGNH1AUKDRZDH/Announcing-Your-User-Pools-in-Amazon-Cognito

How to combine Cognito User Pools with external providers like Facebook?

和幾乎所有其他AWS鏈接

的更新,這裏的問題是一些代碼:

我我能夠註冊並驗證用戶,但它不會在用戶聯合身份池的控制檯上註冊,只有未經身份驗證。這是我的AWSServiceConfiguration的問題嗎? (ETC)

這是在註冊方法,我們用它來創建用戶

RCT_EXPORT_METHOD(submitUser: (NSString*) email and: 

         (NSString*) gender and: 

         (NSString*) name and: 

         (NSString*) nickname and: 

         (NSString*) picture and: 

         (NSString*) phone_number and: 

         (NSString*) preferred_username and: 

         (NSString*) hashedPass and: 

         (RCTResponseSenderBlock)callback){ 



    AWSCognitoIdentityUserPool *pool = [AWSCognitoIdentityUserPool CognitoIdentityUserPoolForKey:@"UserPool"]; 





    NSMutableArray * attributes = [NSMutableArray new]; 

    AWSCognitoIdentityUserAttributeType * userEmail = [AWSCognitoIdentityUserAttributeType new]; 

    userEmail.name = @"email"; 

    userEmail.value = email; 

    AWSCognitoIdentityUserAttributeType * userGender = [AWSCognitoIdentityUserAttributeType new]; 

    userGender.name = @"gender"; 

    userGender.value = gender; 

    AWSCognitoIdentityUserAttributeType * userName = [AWSCognitoIdentityUserAttributeType new]; 

    userName.name = @"name"; 

    userName.value = name; 

    AWSCognitoIdentityUserAttributeType * userNickname = [AWSCognitoIdentityUserAttributeType new]; 

    userNickname.name = @"nickname"; 

    userNickname.value = nickname; 

    AWSCognitoIdentityUserAttributeType * userPicture = [AWSCognitoIdentityUserAttributeType new]; 

    userPicture.name = @"picture"; 

    userPicture.value = picture; 

    AWSCognitoIdentityUserAttributeType * userPhone = [AWSCognitoIdentityUserAttributeType new]; 

    userPhone.name = @"phone_number"; 

    userPhone.value = phone_number; 

    AWSCognitoIdentityUserAttributeType * userPreferredUsername = [AWSCognitoIdentityUserAttributeType new]; 

    userPreferredUsername.name = @"preferred_username"; 

    userPreferredUsername.value = preferred_username; 



    [attributes addObject:userEmail]; 

    [attributes addObject:userGender]; 

    [attributes addObject:userName]; 

    [attributes addObject:userNickname]; 

    [attributes addObject:userPicture]; 

    [attributes addObject:userPhone]; 

    [attributes addObject:userPreferredUsername]; 


    NSMutableString *str = [NSMutableString string]; 

    [str appendString:name]; 

    [str appendString:name]; 

    NSString *immutableString = str; // Change later to unique identifier 


    [[pool signUp:immutableString password:hashedPass userAttributes:attributes validationData:nil] 

    continueWithBlock:^id(AWSTask<AWSCognitoIdentityUser*> *task) { 

    if (task.error) { 

     RCTLog(@"Error: %@", task.error); 

    } 

    if (task.exception) { 

     RCTLog(@"Exception: %@", task.exception); 

    } 

    if (task.result) { 

     RCTLog(@"Successfully registered user: %@",task.result); 

    } 

    callback(@[[NSNull null],@NO]); 

    return nil; 

     }]; 

}

與通過電子郵件發送的碼方法驗證用戶

RCT_EXPORT_METHOD(verifyUser:(nonnull NSString *)userName and: 

          (nonnull NSString *)code and: 

          (RCTResponseSenderBlock)callback) { 



    AWSCognitoIdentityUserPool *pool = [AWSCognitoIdentityUserPool CognitoIdentityUserPoolForKey:@"UserPool"]; 

    AWSCognitoIdentityUser * user = [pool getUser:userName]; 




    [[user confirmSignUp:code] continueWithBlock:^id(AWSTask<AWSCognitoIdentityProviderConfirmSignUpResponse*> *task) { 

    bool pass = NO;  

    if(task.error){ 

     RCTLog(@"Error: %@", task.error); 

    } 

    else if(task.exception){ 

     RCTLog(@"Exception: %@", task.exception); 

    } 

    else{ 

     RCTLog(@"Successfully confirmed user: %@",user.username); pass = YES; 

    } 

    // Return TRUE If Succead 

    if(pass){ 

     callback(@[[NSNull null],@YES]); 

    } 

    else{ 

     callback(@[[NSNull null],@NO]); 

    } 

    return nil; 

    }]; 


}

在Appdelegate.m

AWSServiceConfiguration *serviceConfiguration = [[AWSServiceConfiguration alloc] initWithRegion:AWSRegionUSEast1 credentialsProvider:nil]; 

    AWSCognitoIdentityUserPoolConfiguration *configuration = [[AWSCognitoIdentityUserPoolConfiguration alloc] 

                  initWithClientId:@"clientidhere" 

                  clientSecret:@"clientsecrethere" 

                  poolId:@"poolidhere"]; 



    [AWSCognitoIdentityUserPool registerCognitoIdentityUserPoolWithConfiguration:serviceConfiguration userPoolConfiguration:configuration forKey:@"UserPool"]; 



    AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc] 

                 initWithRegionType:AWSRegionUSEast1 

                 identityPoolId:@"identitypoolIDhere"]; 







    AWSServiceConfiguration *config = [[AWSServiceConfiguration alloc] initWithRegion:AWSRegionUSEast1 credentialsProvider:credentialsProvider]; 

    [AWSServiceManager defaultServiceManager].defaultServiceConfiguration = config; 



    [AWSSQS registerSQSWithConfiguration:config forKey:@"USWest2SQS"]; // Needed for sqs work throughout the app

來源

2016-06-08 wdlax11

+0

你怎麼您的用戶池連接到您的聯合身份池?你是否像博客文章那樣提供identityProviderManager?或者你是否實現了自己的identityProviderManager?請務必在每次切換用戶時致電clearCredentials:http://docs.aws.amazon.com/AWSiOSSDK/latest/Classes/AWSCognitoCredentialsProvider.html#//api/name/clearCredentials – behrooziAWS

+0

behrooziAWS請參閱最新的代碼。抱歉耽擱了。 – wdlax11

回答

0

我通過提供一個CustomIdentityProvider解決了這個問題

@interface CustomIdentityProvider : NSObject <AWSIdentityProviderManager> 
    @property (nonatomic, retain) NSDictionary *tokens; 
    - (AWSTask *) logins; 
@end 

@implementation CustomIdentityProvider 

- (AWSTask *) logins { 
    AWSTask *task = nil; 

    if (nil != self.tokens) { 
     return [AWSTask taskWithResult:self.tokens]; 
    } 

    return task; 
} 

@end

當您創建AWSCognitoCredentialsProvider您需要分配identityProviderManager

self.identityProviderManager = [[CustomIdentityProvider alloc] init]; 

self.credentialsProvider = [[AWSCognitoCredentialsProvider alloc] 
          initWithRegionType:AWSRegionUSEast1 
          identityPoolId:self.identityPoolId 
          identityProviderManager:self.identityProviderManager];

一旦你有這樣的設置,你需要填充令牌的NSDictionary。這是在調用getSession並獲得AWSCognitoIdentityUserSession之後完成的。

AWSCognitoIdentityUserSession *session; // Obtained from getSession 
NSString *userPoolName = [NSString stringWithFormat:@"cognito-idp.us-east-1.amazonaws.com/%@", self.poolId]; 
NSDictionary *dict = @{userPoolName : session.idToken.tokenString}; 
self.customIdentityProvider.tokens = dict;

假設你是通過API網關內的SDKGeneration功能生成您AWSAPIGatewayClient代碼,你應該是所有設置,讓你的API調用網關作爲身份驗證的用戶。

(PS不要忘了配置您的聯合身份設置您的IAMS作用,爲您的身份驗證的用戶允許執行的API:。調用)

來源

2016-10-21 20:38:44

相關問題

 相關問題