在AWS CDK中无法设置ALLOW_ADMIN_USER_PASSWORD_AUTH
我正在尝试在我的Cognito用户池的应用客户端中设置认证流程,想要在AWS CDK中使用以下流程。
- 允许管理员用户密码认证(ALLOW_ADMIN_USER_PASSWORD_AUTH)
- 允许自定义认证(ALLOW_CUSTOM_AUTH)
- 允许刷新令牌认证(ALLOW_REFRESH_TOKEN_AUTH)
- 允许用户SRP认证(ALLOW_USER_SRP_AUTH)
但是我只能添加以下这些流程。
- 允许刷新令牌认证(ALLOW_REFRESH_TOKEN_AUTH)
- 允许自定义认证(ALLOW_CUSTOM_AUTH)
- 允许用户SRP认证(ALLOW_USER_SRP_AUTH)
我缺少了允许管理员用户密码认证(ALLOW_ADMIN_USER_PASSWORD_AUTH)。
我用来创建应用客户端的代码如下。
cognito.CfnUserPoolClientProps(
user_pool_id=self.user_pool.user_pool_id,
explicit_auth_flows=["ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH"]
)
self.user_pool.add_client('cognito-app-client',
user_pool_client_name='cognito-app-client',
access_token_validity=Duration.minutes(60),
id_token_validity=Duration.minutes(60),
refresh_token_validity=Duration.days(1),
# auth_flows=cognito.AuthFlow(user_password=True),
o_auth=cognito.OAuthSettings(
flows=cognito.OAuthFlows(
implicit_code_grant=True,
)
),
prevent_user_existence_errors=True,
generate_secret=True,
enable_token_revocation=True)
有没有人能给我一些指引呢?
1 个回答
0
更新 - 我明显把这个搞得太复杂了。:-)
https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_cognito/AuthFlow.html
self.user_pool.add_client('poc-cognito-app-client',
user_pool_client_name='poc-cognito-app-client',
access_token_validity=Duration.minutes(60),
id_token_validity=Duration.minutes(60),
refresh_token_validity=Duration.days(1),
auth_flows=cognito.AuthFlow(admin_user_password=True, user_srp=True, custom=True),
o_auth=cognito.OAuthSettings(
flows=cognito.OAuthFlows(
implicit_code_grant=True
)
),
# scopes=aws_cdk.aws_cognito.OAuthScope.resource_server(aws_cdk.aws_cognito.OAuthScope.OPENID, aws_cdk.aws_cognito.OAuthScope.resource_server(resource_server, nested-stack_api_read_scope))),
prevent_user_existence_errors=True,
generate_secret=True,
enable_token_revocation=True)