1、通过username密码登录
通过username和 password登录,登录成功后会返回access_token、id_token、refresh_token
const AWS = require('aws-sdk');
AWS.config.update({region: 'us-east-1'});
const crypto = require('crypto');
const userPoolId = 'us-east-1_**'; // 用户池id
const clientId = '***'; // clientId
const secret = '***'; // clientSecret 当创建的client有secret需要
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({});
async function signIn(username, password) {
let params = {
AuthFlow: 'ADMIN_USER_PASSWORD_AUTH', // 通过密码授权登录
ClientId: clientId,
UserPoolId: userPoolId,
AuthParameters: {
// SECRET_HASH: sha256(username, clientId, secret), // client有secret时必填
USERNAME: username,
PASSWORD: password
}
};
try {
let data = await cognitoidentityserviceprovider.adminInitiateAuth(params).promise();
console.log(data);
} catch (err) {
console.log(err);
}
}
function sha256(username, clientID, secret) {
let strUtf8 = Buffer.from(username + clientID).toString('utf8');
let secretUtf8 = Buffer.from(secret).toString("utf8");
let hash = crypto.createHmac('sha256', secretUtf8)
.update(strUtf8, 'utf8')
.digest();
let strBase64 = Buffer.from(hash).toString("base64");
return strBase64;
}
返回结果:
{
ChallengeParameters: {},
AuthenticationResult: {
AccessToken: '****',
ExpiresIn: 3600,
TokenType: 'Bearer',
RefreshToken: '*****',
IdToken: '****'
}
}
2、获取用户信息通过access_token
/**
* 获取信息从access_token
*/
async function getUserByAccessToken(accessToken) {
let param = {
AccessToken: accessToken // 登录后获取的access_token
};
try {
let data = await cognitoidentityserviceprovider.getUser(param).promise();
console.log(data);
} catch (err) {
console.log(err);
}
}
返回结果:
{
Username: '****',
UserAttributes: [
{ Name: 'sub', Value: '****' },
{ Name: 'email_verified', Value: 'true' },
{ Name: 'email', Value: '****' }
]
}
3、通过refresh_token重新获取access_token
保存refresh_token,通过refresh_token再重新获取,会返回新的access_token、id_token,不返回refresh_token
/**
* 刷新token
*/
async function refreshToken(refresh_token) {
let params = {
AuthFlow: 'REFRESH_TOKEN_AUTH',
ClientId: clientId,
UserPoolId: userPoolId,
AuthParameters: {
username: '****',
SECRET_HASH: sha256(username, clientId, secret),
REFRESH_TOKEN: refresh_token
}
};
try {
let data = await cognitoidentityserviceprovider.adminInitiateAuth(params).promise();
console.log(data);
} catch (err) {
console.log(err);
}
}
返回结果:
{
ChallengeParameters: {},
AuthenticationResult: {
AccessToken: '****',
ExpiresIn: 3600,
TokenType: 'Bearer',
IdToken: '****'
}
}