Cognito 用户池:如何刷新访问令牌 Android
Cognito User Pool: How to refresh Access Token Android
如何使用 Cognito 为 Android 刷新访问令牌?文档建议如下 (https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.html):
// Implement authentication handler
AuthenticationHandler handler = new AuthenticationHandler {
@Override
public void onSuccess(CognitoUserSession userSession) {
// Authentication was successful, the "userSession" will have the current valid tokens
// Time to do awesome stuff
}
@Override
public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID) {
// User authentication details, userId and password are required to continue.
// Use the "continuation" object to pass the user authentication details
// After the user authentication details are available, wrap them in an AuthenticationDetails class
// Along with userId and password, parameters for user pools for Lambda can be passed here
// The validation parameters "validationParameters" are passed in as a Map<String, String>
AuthenticationDetails authDetails = new AuthenticationDetails(userId, password, validationParameters);
// Now allow the authentication to continue
continuation.setAuthenticationDetails(authDetails);
continuation.continueTask();
}
@Override
public void getMFACode(final MultiFactorAuthenticationContinuation continuation) {
// Multi-factor authentication is required to authenticate
// A code was sent to the user, use the code to continue with the authentication
// Find where the code was sent to
String codeSentHere = continuation.getParameter()[0];
// When the verification code is available, continue to authenticate
continuation.setMfaCode(code);
continuation.continueTask();
}
@Override
public void authenticationChallenge(final ChallengeContinuation continuation) {
// A custom challenge has to be solved to authenticate
// Set the challenge responses
// Call continueTask() method to respond to the challenge and continue with authentication.
}
@Override
public void onFailure(final Exception exception) {
// Authentication failed, probe exception for the cause
}
};
user.getSession(handler);
这就是为什么这不起作用。当令牌过期时,我为其获取会话的用户对象不再经过身份验证。所以通过下面检索缓存的用户,将 return null
CognitoUser user = userPool.getCurrentUser();
因为上面的returns null,我尝试通过id
获取用户对象
CognitoUser user = userPool.getUser(userId);
除了用户未通过身份验证并且在随后的回调阶段将失败,因为用户 ID 为 null
@Override
public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID)
只有当我在令牌过期之前尝试此调用时,此操作才会起作用,并且我可以收到新的访问令牌。但是令牌过期后怎么办呢?对此的任何帮助将不胜感激。提前致谢
当您调用 getSession(...) 获取令牌时,如果缓存的令牌已过期,SDK 将自动刷新令牌(只要刷新令牌未过期)。如果刷新令牌也已过期,则会调用 getAuthenticationDetails(...),因为现在需要用户凭据(用户名、密码等)才能获取新的令牌集。获取用户对象的方式无关紧要,即通过 getCurrentUser() 或 getUser(...) 方法,只要存在有效的缓存令牌或令牌可以刷新,您将通过 getSession(. ..).
使用最新的 SDK(版本 2.3.1)重试。
如何使用 Cognito 为 Android 刷新访问令牌?文档建议如下 (https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.html):
// Implement authentication handler
AuthenticationHandler handler = new AuthenticationHandler {
@Override
public void onSuccess(CognitoUserSession userSession) {
// Authentication was successful, the "userSession" will have the current valid tokens
// Time to do awesome stuff
}
@Override
public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID) {
// User authentication details, userId and password are required to continue.
// Use the "continuation" object to pass the user authentication details
// After the user authentication details are available, wrap them in an AuthenticationDetails class
// Along with userId and password, parameters for user pools for Lambda can be passed here
// The validation parameters "validationParameters" are passed in as a Map<String, String>
AuthenticationDetails authDetails = new AuthenticationDetails(userId, password, validationParameters);
// Now allow the authentication to continue
continuation.setAuthenticationDetails(authDetails);
continuation.continueTask();
}
@Override
public void getMFACode(final MultiFactorAuthenticationContinuation continuation) {
// Multi-factor authentication is required to authenticate
// A code was sent to the user, use the code to continue with the authentication
// Find where the code was sent to
String codeSentHere = continuation.getParameter()[0];
// When the verification code is available, continue to authenticate
continuation.setMfaCode(code);
continuation.continueTask();
}
@Override
public void authenticationChallenge(final ChallengeContinuation continuation) {
// A custom challenge has to be solved to authenticate
// Set the challenge responses
// Call continueTask() method to respond to the challenge and continue with authentication.
}
@Override
public void onFailure(final Exception exception) {
// Authentication failed, probe exception for the cause
}
};
user.getSession(handler);
这就是为什么这不起作用。当令牌过期时,我为其获取会话的用户对象不再经过身份验证。所以通过下面检索缓存的用户,将 return null
CognitoUser user = userPool.getCurrentUser();
因为上面的returns null,我尝试通过id
获取用户对象CognitoUser user = userPool.getUser(userId);
除了用户未通过身份验证并且在随后的回调阶段将失败,因为用户 ID 为 null
@Override
public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID)
只有当我在令牌过期之前尝试此调用时,此操作才会起作用,并且我可以收到新的访问令牌。但是令牌过期后怎么办呢?对此的任何帮助将不胜感激。提前致谢
当您调用 getSession(...) 获取令牌时,如果缓存的令牌已过期,SDK 将自动刷新令牌(只要刷新令牌未过期)。如果刷新令牌也已过期,则会调用 getAuthenticationDetails(...),因为现在需要用户凭据(用户名、密码等)才能获取新的令牌集。获取用户对象的方式无关紧要,即通过 getCurrentUser() 或 getUser(...) 方法,只要存在有效的缓存令牌或令牌可以刷新,您将通过 getSession(. ..).
使用最新的 SDK(版本 2.3.1)重试。