您现在可以使用Amazon S3转移经理(开发人员预览版)
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 Amazon Cognito
利用 Amazon Cognito,您可以快速地将用户注册或登录功能添加到 Web 或移动应用程序中。此处的示例演示了Amazon Cognito.
创建用户池
用户池是可以为 Web 或移动应用程序配置的用户目录。
要创建用户池,请先构建一个 CreateUserPoolRequest 对象,并将用户池的名称用作该对象的 poolName()
的值。调用createUserPool()
您的方式CreateUserPoolRequest,传入到中CreateUserPoolRequest
对象。可以将此请求的结果作为 CreateUserPoolResponse 对象捕获,如以下代码段中所示。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;
代码
public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName ) { try { CreateUserPoolResponse response = cognitoClient.createUserPool( CreateUserPoolRequest.builder() .poolName(userPoolName) .build() ); return response.userPool().id(); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }
请参阅 GitHub 上的完整示例
列出用户池中的用户
要列出用户池中的用户,请先构建一个 ListUserPoolsRequest 对象,并将最大结果数用作该对象的 maxResults()
的值。调用 CognitoIdentityProviderClient
的 listUserPools()
方法,并传入 ListUserPoolsRequest
对象。可以将此请求的结果作为 ListUserPoolsResponse 对象捕获,如以下代码段中所示。创建一个 UserPoolDescriptionType 对象以轻松遍历结果并提取每个用户的属性。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
代码
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient ) { try { ListUserPoolsRequest request = ListUserPoolsRequest.builder() .maxResults(10) .build(); ListUserPoolsResponse response = cognitoClient.listUserPools(request); response.userPools().forEach(userpool -> { System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id() ); } ); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅 GitHub 上的完整示例
创建 身份池
身份池是一个容器,可整理来自外部身份提供商的 ID,并为每个用户保留一个唯一标识符。要创建身份池,请先构建一个 CreateIdentityPoolRequest,并将用户池的名称用作其 identityPoolName()
的值。将 allowUnauthenticatedIdentities()
设置为 true
或 false
。调用 CognitoIdentityClient
对象的 createIdentityPool()
方法,并传入 CreateIdentityPoolRequest
对象。可以将此请求的结果作为 CreateIdentityPoolResponse 对象捕获,如以下代码段中所示。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
代码
public static String createIdPool(CognitoIdentityClient cognitoClient, String identityPoolName ) { try { CreateIdentityPoolRequest poolRequest = CreateIdentityPoolRequest.builder() .allowUnauthenticatedIdentities(false) .identityPoolName(identityPoolName) .build() ; CreateIdentityPoolResponse response = cognitoClient.createIdentityPool(poolRequest); return response.identityPoolId(); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }
请参阅 GitHub 上的完整示例
添加应用程序客户端
要为您的应用程序启用托管 Web 注册或登录 UI,请创建应用程序客户端。要创建应用程序客户端,请先构建一个 CreateUserPoolClientRequest 对象,并将客户端的名称用作该对象的 clientName()
的值。将 userPoolId()
设置为要将此应用程序客户端附加到的用户池的 ID。调用 CognitoIdentityProviderClient
的 createUserPoolClient()
方法,并传入 CreateUserPoolClientRequest
对象。可以将此请求的结果作为 CreateUserPoolClientResponse 对象捕获,如以下代码段中所示。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
代码
public static void createPoolClient ( CognitoIdentityProviderClient cognitoClient, String clientName, String userPoolId ) { try { CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient( CreateUserPoolClientRequest.builder() .clientName(clientName) .userPoolId(userPoolId) .build() ); System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: " + response.userPoolClient().clientId()); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅 GitHub 上的完整示例
添加第三方身份提供商
通过添加外部身份提供商 (IdP),可允许您的用户使用该服务的登录机制登录您的应用程序。要添加第三方 IdP,请先构建一个 UpdateIdentityPoolRequest 对象,并将身份池的名称用作该对象的 identityPoolName()
的值。将 allowUnauthenticatedIdentities()
设置为 true
或 false
,指定 identityPoolId()
,并使用 supportedLoginProviders()
定义将受支持的登录提供商。调用 CognitoIdentityClient
的 updateIdentityPool()
方法,并传入 UpdateIdentityPoolRequest
对象。可以将此请求的结果作为 UpdateIdentityPoolResponse 对象捕获,如以下代码段中所示。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CognitoIdentityProvider; import software.amazon.awssdk.services.cognitoidentity.model.UpdateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.UpdateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import java.util.ArrayList; import java.util.List;
代码
public static void createNewUser(CognitoIdentityProviderClient cognitoClient, String userPoolId, String name, String email, String password){ try{ AttributeType userAttrs = AttributeType.builder() .name("email") .value(email) .build(); AdminCreateUserRequest userRequest = AdminCreateUserRequest.builder() .userPoolId(userPoolId) .username(name) .temporaryPassword(password) .userAttributes(userAttrs) .messageAction("SUPPRESS") .build() ; AdminCreateUserResponse response = cognitoClient.adminCreateUser(userRequest); System.out.println("User " + response.user().username() + "is created. Status: " + response.user().userStatus()); } catch (CognitoIdentityProviderException e){ System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅 GitHub 上的完整示例
获取 ID 的凭证
要获取身份池中身份的凭证,请先构建GetCredentialsForIdentityRequest以身份 ID 作为其价值identityId()
. 调用 CognitoIdentityClient
的 getCredentialsForIdentity()
方法,并传入 GetCredentialsForIdentityRequest
对象。可以将此请求的结果作为 GetCredentialsForIdentityResponse 对象捕获,如以下代码段中所示。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityRequest; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
代码
public static void getCredsForIdentity(CognitoIdentityClient cognitoClient, String identityId) { try { GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = GetCredentialsForIdentityRequest.builder() .identityId(identityId) .build(); GetCredentialsForIdentityResponse response = cognitoClient.getCredentialsForIdentity(getCredentialsForIdentityRequest); System.out.println("Identity ID " + response.identityId() + ", Access key ID " + response.credentials().accessKeyId()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅 GitHub 上的完整示例
有关更多信息,请参见 Amazon Cognito 开发人员指南。