Created
June 3, 2021 11:29
-
-
Save lieuzhenghong/5dfd27b4275b1904f04daa1244bbf1b0 to your computer and use it in GitHub Desktop.
sample auth flow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Login to User Pool | |
const userPoolToken = ... // Get JWT Token from signing in to Cognito User pool here | |
// Not 100% sure how to do this. AWS Amplify? | |
// Get Id | |
const getIdParams = { | |
AccountId: 'what is this?', | |
IdentityPoolId: 'identity pool', | |
Logins: { | |
"cognito-idp.<region>.amazonaws.com/<user_pool_id>": userPoolToken | |
} | |
} | |
const cognitoIdentity = new AWS.CognitoIdentity({ /* api version */ }) | |
const identityId = await cognitoIdentity.getId(getIdParams).promise() | |
// GetCredentialsForIdentity | |
const getCredentialsParams = { | |
IdentityId: identityId, | |
CustomRoleArn: 'Some role here', // Pick the role we want that allows us to access the S3 bucket | |
Logins: { | |
"cognito-idp.<region>.amazonaws.com/<user_pool_id>": userPoolToken | |
} | |
} | |
const credentials = await cognitoIdentity.getCredentialsForIdentity(getCredentialsParams).promise() | |
// Now we have credentials for a particular role, which should let us access the S3 bucket | |
/* | |
{ | |
"Credentials": { | |
"AccessKeyId": "string", | |
"Expiration": number, | |
"SecretKey": "string", | |
"SessionToken": "string" | |
}, | |
"IdentityId": "string" | |
} | |
*/ | |
// TODO Get the bucket name somehow. | |
// Make a call to the backend to get the bucket name. | |
// ListBuckets can't be called in the browser | |
const s3 = new AWS.S3({ | |
accessKeyId: credentials.Credentials?.AccessKeyId | |
secretAccessKey: credentials.Credentials?.SecretKey | |
// no need session token? so weird | |
}) | |
// List the objects in the bucket | |
const listObjectParams = { | |
Bucket: ... // bucket name | |
} | |
const objects = await s3.listObjectsV2(listObjectParams) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment