创建 Cognito 用户后
let AWS = require("aws-sdk");
AWS.config.update({
region: "us-east-1"
});
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({
apiVersion: "2016-04-19",
region: "us-east-1"
});
let USER_POOL_ID = "my-cognito-user-pool-id"
var poolData = {
UserPoolId: USER_POOL_ID,
Username: "[email protected]",
DesiredDeliveryMediums: ["EMAIL"],
TemporaryPassword: "Test123456",
UserAttributes: [
{
Name: "email",
Value: "[email protected]"
},
{
Name: "email_verified",
Value: "true"
}
]
};
cognitoidentityserviceprovider.adminCreateUser(poolData, (error, data) => {
console.log(error);
console.log(data);
});
命令的输出如下
{
User: {
Username: 'e9c137e4-6482-4bf5-9fb9-03f764dd0b4b',
Attributes: [ [Object], [Object], [Object] ],
UserCreateDate: 2021-04-27T14:17:43.856Z,
UserLastModifiedDate: 2021-04-27T14:17:43.856Z,
Enabled: true,
UserStatus: 'FORCE_CHANGE_PASSWORD'
}
}
从此输出中,我获取
Username
值,然后使用它通过 adminConfirmSignUp
命令确认用户:
var params = {
UserPoolId: USER_POOL_ID,
Username: 'e9c137e4-6482-4bf5-9fb9-03f764dd0b4b',
ClientMetadata: {
'STRING_KEY_1': 'STRING_VALUE_1',
'STRING_KEY_2': 'STRING_VALUE_2'
}
};
cognitoidentityserviceprovider.adminConfirmSignUp(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});
但我收到错误:
NotAuthorizedException: User cannot be confirmed. Current status is FORCE_CHANGE_PASSWORD
后来我发现,我可以使用
adminSetUserPassword
命令来更改用户密码。它碰巧也确认了用户并且工作正常,除了它不会触发我需要触发的确认后 lambda
var params = {
Password: 'New-password',
UserPoolId: USER_POOL_ID,
Username: 'e9c137e4-6482-4bf5-9fb9-03f764dd0b4b',
Permanent: true
};
cognitoidentityserviceprovider.adminSetUserPassword(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});
如何确认使用
adminCreateUser
命令创建的用户。我不想用 adminSetUserPassword
来确认。我宁愿使用 adminConfirmSignUp
命令来确认用户并触发确认后 lambda。请指教。
这是 Cognito 的一个已知问题。以下解决方法可能适合您的用例,具体取决于您期望的行为。
在身份验证后处理程序中执行检查,并在其中以及确认后处理程序中执行后确认逻辑。
def handler(event, _):
''' handle post auth event '''
status = event['request']['userAttributes']['cognito:user_status']
# If the status hasn't been confirmed yet, we can assume it now is
if status == 'FORCE_CHANGE_PASSWORD':
# Do Something
return event
AdminConfirmSignUp
仍然不会调用确认后处理程序,所以不要浪费时间让它工作。如果您想在用户配置步骤中执行某些逻辑,只需自己调用处理程序,不要指望 cognito 有意义。