Skip to main content

AWS Cognito 用户与权限提供者设置

🌐 AWS Cognito provider setup for Users & Permissions

本页面解释了如何为 用户与权限功能 设置 AWS Cognito 提供程序。

🌐 The present page explains how to setup the AWS Cognito provider for the Users & Permissions feature.

Prerequisites

你已阅读 用户与权限提供程序文档

🌐 You have read the Users & Permissions providers documentation.

AWS Cognito 配置

🌐 AWS Cognito configuration

Note

AWS Cognito 接受 localhost URL。
不需要使用 ngrok

  1. 访问 AWS 管理控制台
    https://aws.amazon.com/console/
  2. 如有需要,请在右上角支持下拉菜单旁选择你的区域
  3. 在左上角选择 服务 下拉菜单
  4. 点击 Security, Identity & Compliance 部分中的 Cognito
  5. 然后点击 管理用户池 按钮
  6. 如适用,请创建或使用现有的用户池。你将在下文找到创建用户池的教程
    https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html
  7. 进入你的 Cognito 用户池中的 应用客户端 部分,创建一个名为 Strapi Auth 的新客户端,设置所有参数,然后点击 创建应用客户端
  8. 你现在应该有一个 应用客户端 ID,通过点击 显示详情 按钮,你将能够看到 应用客户端密钥。请将这两个值 应用客户端 ID应用客户端密钥 复制到某个地方,以便在稍后配置 Strapi 中的 AWS Cognito 提供程序时使用。
  9. Go to the App integration section and click on App client settings10. Look for your app client named Strapi Auth and enable Cognito User Pool by checking it in the Enabled Identity Providers section of your newly created App client11. Fill in your callback URL and Sign out URL with the value http://localhost:1337/api/connect/cognito/callback or the one provided by your AWS Cognito provider in Strapi12. In the Oauth 2.0 section select Authorization code grant and Implicit grant for the Allowed OAuth Flows and select email, openid and profile for the Allowed OAuth Scopes13. You can now click on Save changes and if you have already configured your domain name then you should be able to see a link to the Launch Hosted UI. You can click on it in order to display the AWS Cognito login page. In case you haven't yet configured your domain name, use the link Choose domain name at the bottom right of the page in order to configure your domain name. On that page you will have an Amazon Cognito Domain section where a Domain prefix is already setup. Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, this domain prefix together with the .auth.YOUR_REGION.amazoncognito.com will be the Host URI (Subdomain) value for your strapi configuration later on.

Strapi 配置

🌐 Strapi configuration

  1. 访问用户与权限提供程序设置页面,网址为 http://localhost:1337/admin/settings/users-permissions/providers
  2. 点击 Cognito 提供商
  3. 填写信息(替换为你自己的客户端 ID 和密码):
    • 启用ON
    • 客户ID:填写 应用客户端ID (5bd7a786qdupjmi0b3s10vegdt)
    • 客户密钥:填写 应用客户端密钥 (19c5c78dsfsdfssfsdfhpdb4nkpb145vesdfdsfsffgh7vwd6g45jlipbpb)
    • 主机 URI(子域):填写你之前复制的 URL 值(myapp67b50345-67b50b17-local.auth.eu-central-1.amazoncognito.com
    • 重定向到你的前端应用的 URL:如果你正在使用 strapi react-login https://github.com/strapi/strapi-examples/tree/master/examples/login-react/ ,请使用 http://localhost:3000/connect/cognito/redirect,但如果你尚未有前端应用来测试你的 Cognito 配置,则可以使用以下 URL http://localhost:1337/api/auth/cognito/callback

你的配置已完成。启动后端和 react login example application,转到http://localhost:3000并尝试连接你配置的提供程序。