关于用alexa skill传过来的access token访问cognito 的问题
遇到一个很蛋疼的问题。。。作为一个新手我实在是无能为力了,希望高手们帮帮忙
是这样的,我用Cognito建立了账户系统, 然后也配置了identity pool,这样就可以在cognito中申请账号,然后在dataset里面存一些数据。
然后我想利用Cognito里面的账号登录alexa ,实现alexa smart skill。
到目前为止,登录已经搞定了。用aws sdk (js)也能拿到dataset里面的数据。但是问题来了。。。
Logins = {};
Logins['cognito-idp.' + AWSCognito.config.region + '.amazonaws.com/' + poolData.UserPoolId] = token;
AWS.config.region = AWSCognito.config.region;
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId : identityPoolId,
region: AWSCognito.config.region,
Logins : Logins
});
利用这个地方初始化credentials的时候。。。那个token要的是id_token, 但是alexa skill只能把access token传过来。
这两个token都是JWT格式的。我用它一个直接做网页login的demo把这两个token都抓来解析,发现长得还挺像。
access token +
{
"kid": "9dOMRdWtmeCnopfHvFz6kIDwkITdFTsdA+IkYbtABSQ=",
"alg": "RS256"
}
{
"sub": "3123888e-76df-48b2-87e4-d7c9b65e32ba",
"token_use": "access",
"scope": "aws.cognito.signin.user.admin",
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_S5kbwuSkN",
"exp": 1499227860,
"iat": 1499224260,
"jti": "ea9ad8a6-f3c3-4f13-920e-65dff62e9901",
"client_id": "31imp79ppkscn5if53nei6tqvb",
"username": "rainycode@hotmail.com"
}
idToken +
{
"kid": "Y55SEAf1CCzVkWkYXMfxlNluyiLVfOyc8r4vYnzp8VM=",
"alg": "RS256"
}
{
"sub": "3123888e-76df-48b2-87e4-d7c9b65e32ba",
"aud": "31imp79ppkscn5if53nei6tqvb",
"email_verified": true,
"token_use": "id",
"auth_time": 1499224260,
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_S5kbwuSkN",
"cognito:username": "rainycode@hotmail.com",
"exp": 1499227860,
"iat": 1499224260,
"email": "rainycode@hotmail.com"
}
下面是从alexa skill登陆之后通过lambda拿到的access token
"accessToken":.."
{
"kid": "9dOMRdWtmeCnopfHvFz6kIDwkITdFTsdA+IkYbtABSQ=",
"alg": "RS256"
}
{
"sub": "3123888e-76df-48b2-87e4-d7c9b65e32ba",
"token_use": "access",
"scope": "aws.cognito.signin.user.admin",
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_S5kbwuSkN",
"exp": 1499152959,
"iat": 1499149359,
"version": 2,
"jti": "f77a82b2-3eaf-42ca-90fc-e0228f934ea2",
"client_id": "6raclfd4r92uj78m1hr8rfcrmv",
"username": "rainycode@hotmail.com"
}
从这个上面看,alexa 的account link应该是正确的,他给我的token也是正确的,,,,但是这东西咋用啊。。。aws的文档只说了用ID token来实现cognito identity pool的访问,,,没有说 这个access token 咋用。。。。求大侠帮忙