我是 Cognito 的新手,希望我没有错过这里明显的东西。我尝试通过 Terraform 创建用户池并托管 UI。创建后,托管 UI 完全空白。审核网络调用会发现多个失败的资源 GET 请求。
最小示例:
# main.tf
provider "aws" {
region = "us-west-1"
}
resource "aws_cognito_user_pool" "user_pool" {
name = "user-pool"
username_attributes = ["email"]
password_policy {
minimum_length = 7
require_lowercase = true
require_numbers = true
require_symbols = true
require_uppercase = true
temporary_password_validity_days = 7
}
device_configuration {
challenge_required_on_new_device = true
}
verification_message_template {
default_email_option = "CONFIRM_WITH_CODE"
}
email_configuration {
reply_to_email_address = "[email protected]"
}
schema {
name = "email"
attribute_data_type = "String"
required = true
mutable = false
}
}
resource "aws_cognito_user_pool_domain" "hosted_ui" {
domain = "companybi-auth"
user_pool_id = aws_cognito_user_pool.user_pool.id
}
data "aws_region" "current" {}
output "user_pool_id" {
value = aws_cognito_user_pool.user_pool.id
}
output "hosted_ui_url" {
value = "https://${aws_cognito_user_pool_domain.hosted_ui.domain}.auth.${data.aws_region.current.name}.amazoncognito.com/"
}
前端错误:
(404) GET https://companybi-auth.auth.us-west-1.amazoncognito.com/null/null/css/bootstrap.min.css
(404) GET https://companybi-auth.auth.us-west-1.amazoncognito.com/null/null/css/cognito-login.css
(404) GET https://companybi-auth.auth.us-west-1.amazoncognito.com/null/null/js/amazon-cognito-advanced-security-data.min.js
(404) GET https://companybi-auth.auth.us-west-1.amazoncognito.com/null/null/js/jquery-3.5.1.min.js
我知道 404 被标准化为
NOT FOUND
来表示资源。我想我假设前端将由 AWS 动态构建,以满足附加用户池配置的要求。还有更多吗?
目标是让这个前端 UI 正确加载登录表单。
根据您的评论,@mrchadmwood,缺失的代码看起来会是这样的:
resource "aws_cognito_user_pool_client" "client" {
name = "client"
user_pool_id = aws_cognito_user_pool.user_pool.id
generate_secret = true
allowed_oauth_flows_user_pool_client = true
allowed_oauth_flows = ["code"]
allowed_oauth_scopes = ["email", "openid", "profile"]
supported_identity_providers = ["COGNITO"]
callback_urls = ["http://localhost:5001"]
logout_urls = ["http://localhost:5001"]
}
output "hosted_ui_url" {
value = "https://${aws_cognito_user_pool_domain.hosted_ui.domain}/login?response_type=code&client_id=${aws_cognito_user_pool_client.client.id}&redirect_uri=${aws_cognito_user_pool_client.client.callback_urls[0]}"
}