Nest.js 与 AWS Cognito,如何访问用户属性

Posted

技术标签:

【中文标题】Nest.js 与 AWS Cognito,如何访问用户属性【英文标题】:Nest.js with AWS Cognito, How to get access to the user attributes 【发布时间】:2021-11-27 08:28:08 【问题描述】:

我创建了 Nest.js 应用。我使用 AWS Cognito 来管理用户身份验证和授权。我使用 amazon-cognito-identity-js 来处理用户登录/注销和 @nestjs/passport / @UseGuards(AuthGuard('jwt')) strong> 用于验证路由的令牌和用户访问权限。 现在我需要访问应用程序其他路由中的当前用户属性(电子邮件、电话号码...)。最好的方法是什么?

auth.service.ts

import  AuthConfig  from './auth.config';
import  Injectable  from '@nestjs/common';

import 
  AuthenticationDetails,
  CognitoUser,
  CognitoUserPool,
  CognitoUserAttribute,
 from 'amazon-cognito-identity-js';

@Injectable()
export class AuthService 
  private userPool: CognitoUserPool;
  private sessionUserAttributes: ;
  constructor(private readonly authConfig: AuthConfig) 
    this.userPool = new CognitoUserPool(
      UserPoolId: this.authConfig.userPoolId,
      ClientId: this.authConfig.clientId,
    );
  
  registerUser(registerRequest: 
    name: string;
    email: string;
    password: string;
  ) 
    const  name, email, password  = registerRequest;
    return new Promise((resolve, reject) => 
      return this.userPool.signUp(
        name,
        password,
        [new CognitoUserAttribute( Name: 'email', Value: email )],
        null,
        (err, result) => 
          if (!result) 
            reject(err);
           else 
            resolve(result.user);
          
        ,
      );
    );
  

  authenticateUser(user:  name: string; password: string ) 
    const  name, password  = user;
    const authenticationDetails = new AuthenticationDetails(
      Username: name,
      Password: password,
    );
    const userData = 
      Username: name,
      Pool: this.userPool,
    ;

    const newUser = new CognitoUser(userData);
    return new Promise((resolve, reject) => 
      return newUser.authenticateUser(authenticationDetails, 
        onSuccess: (result) => 
          resolve(result);
        ,
        onFailure: (err) => 
          reject(err);
        ,
      );
    );
  

jwt.strategi.ts

import  ExtractJwt, Strategy  from 'passport-jwt';
import  PassportStrategy  from '@nestjs/passport';
import  Injectable  from '@nestjs/common';
import  AuthService  from './auth.service';
import  passportJwtSecret  from 'jwks-rsa';
import  AuthConfig  from './auth.config';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) 
  constructor(
    private readonly authService: AuthService,
    private authConfig: AuthConfig,
  ) 
    super(
      secretOrKeyProvider: passportJwtSecret(
        cache: true,
        rateLimit: true,
        jwksRequestsPerMinute: 5,
        jwksUri: `$authConfig.authority/.well-known/jwks.json`,
      ),

      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      audience: authConfig.clientId,
      issuer: authConfig.authority,
      algorithms: ['RS256'],
    );
  

  public async validate(payload: any) 
    return !!payload.sub;
  

app.controller.ts

import  Controller, Get, UseGuards, Header  from '@nestjs/common';
import  AppService  from './app.service';
import  AuthGuard  from '@nestjs/passport';

@Controller()
export class AppController 
  constructor(private readonly appService: AppService) 

  @Get()
  @UseGuards(AuthGuard('jwt'))
  @Header('Content-Type', 'text/html')
  getHello(): string 
    return this.appService.getHello();
  

【问题讨论】:

【参考方案1】:

user 在护照成功验证用户身份时被设置为请求的属性。

然后访问控制器和用户属性中的request can be injected。

import  Controller, Get, UseGuards, Header, Request  from '@nestjs/common';
import  AppService  from './app.service';
import  AuthGuard  from '@nestjs/passport';

@Controller()
export class AppController 
  constructor(private readonly appService: AppService) 

  @Get()
  @UseGuards(AuthGuard('jwt'))
  @Header('Content-Type', 'text/html')
  getHello(@Request() req): string 
    console.log(req.user);
    return this.appService.getHello();
  

【讨论】:

? 谢谢您,先生!只是不要忘记从验证乐趣中返回用户对象export class JwtStrategy extends PassportStrategy(Strategy) .... public async validate(payload: any) return payload; 随时更新答案。

以上是关于Nest.js 与 AWS Cognito,如何访问用户属性的主要内容,如果未能解决你的问题,请参考以下文章

AWS Cognito 与 django 休息框架反应 js?

将 Cognito 中的用户信息与 AWS Amplify GraphQL 关联

将Cognito的用户信息与AWS Amplify GraphQL关联起来。

如何通过 aws-cognito 属性将用户分组?

AWS Cognito - 使用 JWT 与 cognito.getUser 开发工具包验证令牌

如何在iOS中使用AWSMobileClient获取AWS Cognito用户属性?