search
HomeOperation and MaintenanceSafetyHow to replace Cognito with Authing and AWS JWT Authorizer

Use Authing's OIDC Provider as the authenticator for AWS API Gateway to protect Lambda functions. There is no need to write any authentication code, just configure it on both sides. It also demonstrates Authing's ability to issue OIDC IdToken for custom fields based on different contexts.

Authing console configuration

Register an Authing account

  1. ##Visit https://console.authing.cn and register an account

如何使用Authing和AWS JWT Authorizer替换Cognito

  1. Log in to the Authing console

如何使用Authing和AWS JWT Authorizer替换Cognito

Create a user pool

如何使用Authing和AWS JWT Authorizer替换Cognito

如何使用Authing和AWS JWT Authorizer替换Cognito

Create an application

如何使用Authing和AWS JWT Authorizer替换Cognito

如何使用Authing和AWS JWT Authorizer替换Cognito

Find the application you just created in the application list and click Configure. Select RS256 for Signature Algorithm below.

Create User

Enter

User Management> User List, click the New button in the upper right corner, create two users, and finally click Save.

如何使用Authing和AWS JWT Authorizer替换Cognito

如何使用Authing和AWS JWT Authorizer替换Cognito

Set Token custom field

Enter

Extension capabilities> Pipeline Pipeline, click the plus sign below at the "Before OIDC issues Token" position on the far right.

如何使用Authing和AWS JWT Authorizer替换Cognito

Choose to add a custom IdToken.

如何使用Authing和AWS JWT Authorizer替换Cognito

#In the pop-up drawer, enter the following custom code to customize the Token field. Finally click upload.

async function pipe(user, context, callback) {
  if(user.email === 'sample@sample.com') {
    user.addIdToken("companyCode", "sample")
  }
  if(user.email === 'sample2@sample.com') {
    user.addIdToken("companyCode", "sample2")
  }
  callback(null, user, context)
}

如何使用Authing和AWS JWT Authorizer替换Cognito

AWS console configuration

Create API Gateway

Enter the AWS API Gateway console and click "Create API".

如何使用Authing和AWS JWT Authorizer替换Cognito

Select HTTP API and click "Build".

如何使用Authing和AWS JWT Authorizer替换Cognito

Fill in the API name and click "Next".

如何使用Authing和AWS JWT Authorizer替换Cognito

Click "Next".

如何使用Authing和AWS JWT Authorizer替换Cognito

Click "Next"

如何使用Authing和AWS JWT Authorizer替换Cognito

Click "Create".

如何使用Authing和AWS JWT Authorizer替换Cognito

Create a Lambda function

Enter the AWS Lambda console and click "Create Function".

如何使用Authing和AWS JWT Authorizer替换Cognito

Create the Lambda function as shown below. The function name can be filled in arbitrarily.

如何使用Authing和AWS JWT Authorizer替换Cognito

Add a trigger for the Lambda function

如何使用Authing和AWS JWT Authorizer替换Cognito

Select API Gateway.

如何使用Authing和AWS JWT Authorizer替换Cognito

Select the API Gateway you just created and click "Add".

如何使用Authing和AWS JWT Authorizer替换Cognito

点击 Lambda 函数,向下滚动浏览器窗口,进入编辑界面。

如何使用Authing和AWS JWT Authorizer替换Cognito

输入以下代码,用于返回 Token 中的信息,包括 companyCode。

exports.handler = async (event) => {
    // TODO implement
    const token = event.headers.authorization.replace('Bearer ', '');
    const claims = event.requestContext.authorizer.claims;
    const response = {
        statusCode: 200,
        body: JSON.stringify({
            token,
            claims,
            companyCode: claims.companyCode
        })
    
    };
    return response;
};

最后点击「Deploy」。

如何使用Authing和AWS JWT Authorizer替换Cognito

设置 API Gateway 路由 Authorizer

进入 AWS API Gateway 控制台,找到刚创建的 API。

如何使用Authing和AWS JWT Authorizer替换Cognito

找到刚刚为 Lambda 函数设置的触发器路由,点击「附加授权」。

如何使用Authing和AWS JWT Authorizer替换Cognito

点击「创建并附加授权方」。

如何使用Authing和AWS JWT Authorizer替换Cognito

选择 JWT 授权方类型

如何使用Authing和AWS JWT Authorizer替换Cognito

授权方按照以下方式设置。

如何使用Authing和AWS JWT Authorizer替换Cognito

上面的信息可以在 Authing 控制台找到:

应用> 应用列表,找到你的应用,点击「配置」。

如何使用Authing和AWS JWT Authorizer替换Cognito

发布者 URL 填写这里的 Issuer,受众填写应用 ID。

如何使用Authing和AWS JWT Authorizer替换Cognito

最后点击「创建并附加」。

如何使用Authing和AWS JWT Authorizer替换Cognito

到此所有配置完毕

登录示例

安装 NodeJS

http://nodejs.cn/download/

克隆项目

git clone https://git.authing.co/yezuwei/sample-poc

安装依赖

cd sample-poc
npm install

运行

node bin/www

然后在浏览器访问 https://kone.authing.cn

在登录页面输入账号和密码

如何使用Authing和AWS JWT Authorizer替换Cognito

收到来自 Lambda 的响应:

如何使用Authing和AWS JWT Authorizer替换Cognito

点击登出,再使用账号和密码登录

如何使用Authing和AWS JWT Authorizer替换Cognito

收到来自 Lambda 的响应:

如何使用Authing和AWS JWT Authorizer替换Cognito

注意 companyCode 已经根据用户的信息字段,进行逻辑判断然后返回了另外一个。

The above is the detailed content of How to replace Cognito with Authing and AWS JWT Authorizer. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools