我正在尝试将用户的Cognito身份与他们在注册推送通知时创建的SNS端点相关联。 我创建了一个连接到SNS应用程序的EndpointAdded主题的Lambda函数。 无论何时创建端点,它都会被触发,但它不包含我可以看到的任何可用于将端点关联到用户的信息。
我看到许多人将用户ID添加为自定义用户数据的示例,但这允许任何用户注册任何其他用户的通知。 是否有更安全的方式来建立这种关联?
I'm trying to associate my user's Cognito identity with the SNS endpoints they create when registering for push notifications. I've created a Lambda functions connected to the SNS application's EndpointAdded topic. It is fired whenever an endpoint is created, but it does not include any information I can see that I can use to associate the endpoint to a user.
I see many examples where people are adding the user ID as custom user data, but this allows any user to sign up for any other user's notifications. Is there a more secure way to make this association?
最满意答案
如果您使用Lambda或APIGateway注册端点并使用Cognito提供的SigV4凭据进行呼叫,则传入的上下文将包含从进行呼叫的凭据中提取的Cognito Identity Id。 这将确保您与端点关联的身份ID未被篡改。
If you front registering the endpoint with Lambda or APIGateway and you use SigV4 credentials vended by Cognito to make the call, the context passed in will contain the Cognito Identity Id extracted from the credentials that made the call. This will ensure that the identity id you associate with the endpoint hasn't been tampered with.
更多推荐
发布评论