read.acloud.guru/backend-graphql-how-to-trigger-an-aws-appsync-mutation-from-aws-lambda-eda13ebc96c3 描述了一种调用AppSync的好方法假设使用了AppSync上的IAM身份验证,就可以使用来自Lambda的简单HTTP请求进行突变,但是我希望能够使用AMAZON_COGNITO_USER_POOLS进行此操作。
The post on read.acloud.guru/backend-graphql-how-to-trigger-an-aws-appsync-mutation-from-aws-lambda-eda13ebc96c3 describes a nice way to call AppSync mutations using a simple HTTP requests from a Lambda assuming that IAM authentication is being used on AppSync, but I would like to be able to do this with AMAZON_COGNITO_USER_POOLS.
使用IAM凭证对请求进行签名即可完成此操作。据我所确定,当使用AMAZON_COGNITO_USER_POOLS时,请求未签名,但带有JWT令牌,但我正在努力寻找有关此工作原理的详细信息。 AWS.CognitoIdentityServiceProvider提供adminInitiateAuth作为在Lambda中获取用户池令牌的简便方法,但是我不知道如何使用这些令牌来验证AppSync的HTTP请求。我可以只将它们放在特定的标头中,还是过程更复杂?
The way it is done there is by signing the request using IAM credentials. As far as I could determine, when AMAZON_COGNITO_USER_POOLS is used, the requests are not signed but come with a JWT token but I am struggling to find details on how this works. AWS.CognitoIdentityServiceProvider provides adminInitiateAuth as an easy way to get User Pool tokens inside a Lambda but I have no idea how to use these tokens to authenticate HTTP requests for AppSync. Can I just put them in a specific header or is the process more complicated?
推荐答案您必须将其传递给授权标头。
You will have to pass it to the authorization header.
更多推荐
使用adminInitiateAuth对AppSync请求进行身份验证
发布评论