Skip to main content

AWS Cognito 提供商设置用户和权限

¥AWS Cognito provider setup for Users & Permissions

本页面说明如何为 用户和权限功能 设置 AWS Cognito 提供程序。

¥The present page explains how to setup the AWS Cognito provider for the Users & Permissions feature.

Prerequisites

你已阅读 用户和权限提供商文档

¥You have read the Users & Permissions providers documentation.

AWS Cognito 配置

¥AWS Cognito configuration

注意

AWS Cognito 接受 localhost URL。
不需要使用 ngrok

¥AWS Cognito accepts the localhost urls.
The use of ngrok is not needed.

  1. 访问 AWS 管理控制台
    [https://aws.amazon.com/console/](https://aws.amazon.com/console/) 

    ¥Visit the AWS Management Console
    https://aws.amazon.com/console/ 

  2. 如果需要,请在右上角“支持”下拉列表旁边选择你的区域

    ¥If needed, select your Region in the top right corner next to the Support dropdown

  3. 选择左上角的服务下拉菜单

    ¥Select the Services dropdown in the top left corner

  4. 单击 Security, Identity & Compliance 部分中的 Cognito

    ¥Click on Cognito in the Security, Identity & Compliance section

  5. 然后单击管理用户池按钮

    ¥Then click on the Manage User Pools button

  6. 如果适用,创建或使用现有用户池。你将在后面找到创建用户池的教程
    [https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html](https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html) 

    ¥If applicable either create or use an existing user pool. You will find hereafter a tutorial to create a User Pool
    https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html 

  7. 转到 Cognito 用户池中的“应用客户端”部分,创建一个名为 Strapi Auth 的新客户端并设置所有参数,然后单击“创建应用客户端”

    ¥Go to the App clients section in your cognito user pool and create a new client with the name Strapi Auth and set all the parameters and then click on Create app client

  8. 你现在应该有一个应用客户端 ID,通过单击“显示详细信息”按钮,你将能够看到应用客户端密钥。请务必将这两个值应用客户端 ID 和应用客户端密钥复制到某处,以便稍后在 Strapi 中配置 AWS Cognito 提供程序时使用。

    ¥You should now have an App client id and by clicking on the button Show Details you will be able to see the App client secret. Do copy those two values App client id and App client secret somewhere for later use when configuring the AWS Cognito provider in Strapi.

  9. 转到应用集成部分,然后单击应用客户端设置

    ¥Go to the App integration section and click on App client settings

  10. 查找名为 Strapi Auth 的应用客户端,并通过在新创建的应用客户端的启用身份提供商部分中选中它来启用 Cognito 用户池

    ¥Look for your app client named Strapi Auth and enable Cognito User Pool by checking it in the Enabled Identity Providers section of your newly created App client

  11. 使用值 http://localhost:1337/api/connect/cognito/callback 或你的 AWS Cognito 提供者在 Strapi 中提供的值填写你的回调 URL 和注销 URL

    ¥Fill in your callback URL and Sign out URL with the value http://localhost:1337/api/connect/cognito/callback or the one provided by your AWS Cognito provider in Strapi

  12. 在 Oauth 2.0 部分中,为允许的 OAuth 流程选择 Authorization code grantImplicit grant,为允许的 OAuth 范围选择 emailopenidprofile

    ¥In the Oauth 2.0 section select Authorization code grant and Implicit grant for the Allowed OAuth Flows and select email, openid and profile for the Allowed OAuth Scopes

  13. 你现在可以单击“保存更改”,如果你已经配置了域名,那么你应该能够看到指向“启动托管 UI”的链接。你可以单击它以显示 AWS Cognito 登录页面。如果你尚未配置域名,请使用页面右下角的链接选择域名来配置你的域名。在该页面上,你将有一个 Amazon Cognito Domain 部分,其中已设置 Domain prefix。输入用于 Amazon Cognito 托管的注册和登录页面的域前缀,该域前缀与 .auth.YOUR_REGION.amazoncognito.com 一起将成为稍后你的 Strapi 配置的主机 URI(子域)值。

    ¥You can now click on Save changes and if you have already configured your domain name then you should be able to see a link to the Launch Hosted UI. You can click on it in order to display the AWS Cognito login page. In case you haven't yet configured your domain name, use the link Choose domain name at the bottom right of the page in order to configure your domain name. On that page you will have an Amazon Cognito Domain section where a Domain prefix is already setup. Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, this domain prefix together with the .auth.YOUR_REGION.amazoncognito.com will be the Host URI (Subdomain) value for your strapi configuration later on.

表带配置

¥Strapi configuration

  1. 访问用户和权限提供商设置页面位于 [http://localhost:1337/admin/settings/users-permissions/providers](http://localhost:1337/admin/settings/users-permissions/providers) 

    ¥Visit the User & Permissions provider settings page at http://localhost:1337/admin/settings/users-permissions/providers 

  2. 单击 Cognito 提供商

    ¥Click on the Cognito provider

  3. 填写信息(替换为你自己的客户端 ID 和密码):

    ¥Fill the information (replace with your own client ID and secret):

    • 使能够:ON

      ¥Enable: ON

    • 客户编号:填写 App 客户端 id(5bd7a786qdupjmi0b3s10vegdt

      ¥Client ID: fill in the App client id (5bd7a786qdupjmi0b3s10vegdt)

    • 客户秘密:填写 App 客户端密钥(19c5c78dsfsdfssfsdfhpdb4nkpb145vesdfdsfsffgh7vwd6g45jlipbpb

      ¥Client Secret: fill in the App client secret (19c5c78dsfsdfssfsdfhpdb4nkpb145vesdfdsfsffgh7vwd6g45jlipbpb)

    • 主机 URI(子域):填写你之前复制的 URL 值 (myapp67b50345-67b50b17-local.auth.eu-central-1.amazoncognito.com)

      ¥Host URI (Subdomain): fill in the URL value that you copied earlier (myapp67b50345-67b50b17-local.auth.eu-central-1.amazoncognito.com)

    • 前端应用的重定向 URL:如果你使用的是 strapi react-login [https://github.com/strapi/strapi-examples/tree/master/examples/login-react/](https://github.com/strapi/strapi-examples/tree/master/examples/login-react/) ,请使用 http://localhost:3000/connect/cognito/redirect,但如果你还没有前端应用来测试你的 Cognito 配置,则可以使用以下 URL http://localhost:1337/api/auth/cognito/callback

      ¥The redirect URL to your front-end app: if you are using strapi react-login https://github.com/strapi/strapi-examples/tree/master/examples/login-react/  use http://localhost:3000/connect/cognito/redirect but if you do not yet have a front-end app to test your Cognito configuration you can then use the following URL http://localhost:1337/api/auth/cognito/callback

你的配置已完成。启动后端和 react login 示例应用 ,转到 http://localhost:3000 并尝试连接到你配置的提供商。

¥Your configuration is done. Launch the backend and the react login example application , go to http://localhost:3000 and try to connect to the provider you configured.