我决定用精细上传我目前的AngularJS项目的（这是连接到主机上的火力地堡）的，因为它有很多，我需要在一个上传已建成的核心功能，但是，我有麻烦了解如何使用火力地堡的电子邮件和放大器; 与AWS（亚马逊Web服务）进行通信的密码验证方法，让我的用户使用精细上传S3 来上传内容。基于精细上传博客文章上传无任何服务器code ，工作流程是这样：

在用户进行身份验证与身份提供者的帮助，如谷歌 使用临时令牌从你的ID提供商从AWS抢临时访问键 在通过方向键来细上传S3 您的用户现在可以上传到您的S3存储

现在的问题是，我的不会将使用OAuth 2.0的（这是由谷歌，Facebook和亚马逊提供用户身份）的让我的用户签署进入我的应用程序和上传的内容。相反，我将使用火力地堡的电子邮件和放大器;密码验证。

那么，如何可以让火力地堡的电子邮件和放大器;密码验证方法创建一个临时令牌抓住从AWS临时访问键和以精细上传S3通过这些按键，让我的用户的内容上传到S3？

解决方案

要与外部应用程序连接AWS，Cognito将是一个很好的解决方案。它可以让你使用AWS节点SDK和你的密钥在后台生成一个OpenID令牌，然后你可以使用AWS的JavaScript SDK和 WebIdentityCredentials 在客户端使用。

请注意，我是不熟悉你的具体的插件/工具，但有一点至少会得到你的OpenID和我的工作，它让我连接使用 WebIdentityCredentials ，这是我想象的是什么，他们正在使用。

在配置Cognito在AWS上

设置上Cognito是相当容易 - 这是多了还是少了演练。它涉及到在AWS上配置IAM规则，虽然。如何设置这是pretty的具体项目，所以我想我需要你点到官方资源。 他们最近取得了一些不错的更新，但我固然不加快速度上的所有变化。

通过配置，你将要建立一个开发验证的身份，请注意身份池ID和IAM角色ARN设置由Cognito的。

设置节点服务器可以处理接收的路由信息​​

有很多资料在那里就如何做到这一点，但你要一定要包括和配置的 AWS SDK 。我还建议使用身体解析器的，因为它会在你的POST请求阅读更轻松

  VAR应用= EX preSS（）;
VAR bodyParser =需要（'身体解析器'）;
VAR AWS =需要（'AWS-SDK）;
app.use（bodyParser.urlen codeD（{扩展：真}））;
app.use（bodyParser.json（））;
 

创建自检功能与Cognito谈

一旦你有你的服务器设置，你再伸手向Cognito使用 getOpenIdTokenForDeveloperIdentity 。在我的设置中，我使用的身份验证的用户，因为我希望他们回来，并希望能够继续的关联，所以这就是为什么我发送的用户名中的 req.body.UserIDFromAngularApp 。

这是用我的功能 EX press.router（）。

 。员额（功能（REQ，RES）{
   如果（req.body.UserIDFromAngularApp）{
      VAR cognitoidentity =新AWS.CognitoIdentity（）;
      VAR PARAMS = {
         IdentityPoolId：your_cognito_identity_pool_id，
         登录：{
            your_developer_authenticated_identity_name：req.body.UserIDFromAngularApp
         }
      };
      cognitoidentity.getOpenIdTokenForDeveloperIdentity（PARAMS，功能（ERR，数据）{
         如果（ERR）{执行console.log（ERR，err.stack）; res.json（{失败：连接失败'}）; }
         其他 {
            的console.log（数据）; //所以你可以看到你的结果的服务器端
            res.json（数据）; //发送回
         }
      }）;
   }
   其他{res.json（{失败：连接失败'}）; }
}）;
 

如果一切顺利的话，将返回一个OpenID令牌还给你。然后，您可以返回回到你的角度应用程序。

从角POST，从无极收集

最起码，你需要发布到新的节点服务器，然后收集的OpenID标记出的承诺。采用这种模式，将在 data.Token 找到。

这听起来像从那里，你可能只需要传递令牌到你的插件/工具。

在情况下，你需要处理验证进一步，我有包括code来处理 WebIdentityCredentials 。

  angular.module（'yourApp）。厂（AWSmaker'，['$ HTTP'，函数（$ HTTP）{
   返回 {
      reachCognito：函数（的authData）{
         $ http.post（'的http：//本地主机：8888 /简单API / AWS'，{
            UserIDFromAngularApp：authData.uid，
         }）
         .success（功能（数据，状态，头，配置）{
            如果（！data.failure）{
               VAR PARAMS = {
                  RoleArn：your_role_arn_setup_by_cognito，
                  WebIdentityToken：data.Token
               };
               AWS.config.credentials =新AWS.WebIdentityCredentials（PARAMS，功能（错误）{
                  的console.log（ERR，err.stack）;
               }）;
            }
         }）;
      }
}]）;
 

这应该让你对你的方式。让我知道如果我能帮助进一步。

I decided to use Fine Uploader for my current AngularJS project (which is connected to hosted on Firebase) because it has many core features that I will need in an uploader already built in but, I am having trouble understanding how to use Firebase's email & password authentication method to communicate with AWS (Amazon Web Services) to allow my users to use Fine Uploader S3 to upload content. Based on Fine Uploader blog post Uploads without any server code, the workflow goes like:

Authenticate your users with the help of an identity provider, such as Google Use the temporary token from your ID provider to grab temporary access keys from AWS Pass the keys on to Fine Uploader S3 Your users can now upload to your S3 bucket

The problem is that I won't be using OAuth 2.0 (which is used by Google, Facebook or Amazon to provide user identities) to allow my user's to sign into my app and upload content. Instead I will be using Firebase's email & password authentication.

So how can I make Firebase's email & password authentication method create a temporary token to grab temporary access keys from AWS and pass those keys on to Fine Uploader S3 to allow my users to upload content to S3?

解决方案

To connect AWS with an outside application, Cognito is going to be a good solution. It will let you generate an OpenID token using the AWS Node SDK and your secret keys in your backend, that you can then use with the AWS JavaScript SDK and WebIdentityCredentials in your client.

Note that I'm unfamiliar with your specific plugin/tool, but this much will at least get you the OpenID and in my work it does let me connect using WebIdentityCredentials, which I imagine is what they are using.

Configure Cognito on AWS

Setup on Cognito is fairly easy - it is more or less a walkthrough. It does involve configuring IAM rules on AWS, though. How to set this up is pretty project specific, so I think I need to point you to the official resources. They recently made some nice updates, but I am admittedly not up to speed on all the changes.

Through the configuration, you will want to setup a 'developer authenticated identity', take note of the 'identity pool id', and the IAM role ARN setup by Cognito.

Setup a Node Server that can handle incoming routes

There are a lot of materials out there on how to accomplish this, but you want to be sure to include and configure the AWS SDK. I also recommend using body-parser as it will make reading in your POST requests easier.

var app        = express();
var bodyParser = require('body-parser');
var AWS        = require('aws-sdk');
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());

Create POST Function to talk with Cognito

Once you have your server setup, you then reach out to Cognito using getOpenIdTokenForDeveloperIdentity. In my setup, I use authenticated users because I expect them to come back and want to be able to continue the associations, so that is why I send in a UserID in req.body.UserIDFromAngularApp.

This is my function using express.router().

.post(function(req, res) {
   if(req.body.UserIDFromAngularApp) {
      var cognitoidentity = new AWS.CognitoIdentity();
      var params = {
         IdentityPoolId: 'your_cognito_identity_pool_id',
         Logins: {
            'your_developer_authenticated_identity_name': req.body.UserIDFromAngularApp
         }
      };
      cognitoidentity.getOpenIdTokenForDeveloperIdentity(params, function(err, data) {
         if (err) { console.log(err, err.stack); res.json({failure: 'Connection failure'}); }
         else {
            console.log(data); // so you can see your result server side
            res.json(data); // send it back
         }
      });
   }
   else { res.json({failure: 'Connection failure'}); }
});

If all goes well, that will return an OpenID Token back to you. You can then return that back to your Angular application.

POST from Angular, Collect from Promise

At the very least you need to post to your new node server and then collect the OpenID token out of the promise. Using this pattern, that will be found in data.Token.

It sounds like from there you may just need to pass that token on to your plugin/tool.

In case you need to handle authentication further, I have included code to handle the WebIdentityCredentials.

angular.module('yourApp').factory('AWSmaker', ['$http', function($http) {
   return {
      reachCognito: function(authData) {
         $http.post('http://localhost:8888/simpleapi/aws', {
            'UserIDFromAngularApp': authData.uid,
         })
         .success(function(data, status, headers, config) {
            if(!data.failure) {
               var params = {
                  RoleArn: your_role_arn_setup_by_cognito,
                  WebIdentityToken: data.Token
               };
               AWS.config.credentials = new AWS.WebIdentityCredentials(params, function(err) {
                  console.log(err, err.stack);
               });
            }
         });
      }
}]);

This should get you on your way. Let me know if I can help further.