Use cognito login instead of certificates to authenticate and subscribe to aws IoT MQTT topics?

问题

I'm new to learning AWS and I'm trying to figure out if my use-case is possible. I want to create a mobile app where the user can login (email/facebook/google etc.) and then subscribe to a few MQTT topics on aws IoT to receive realtime sensor data for a gardening system. There are many tutorials on AWS that show you how to do this (prime example: https://github.com/awslabs/aws-sdk-android-samples/blob/master/AndroidPubSub/README.md)

but all of them require you to download certificates, insert app IDs, secret keys etc. in the code/keystore itself. I'd really like to avoid all of this and just use the login as all the authorization you would need to subscribe to these topics.

is this possible? or do I need to build some custom system?

回答1:

Short answer, Yes, it is possible. To do that you should do the following:

• Create Cognito user pool. User Pool ID and App client id will be used in the next step. You can find more information here.

• Create Cognito Identity pool. Under Authentication Providers you should give User Pool ID and App client id, more information here. When you create this, it will create two Roles for Authenticated and Unauthenticated users in IAM. You should add IoT access permissions (Connect, Publish, Subscribe and Receive) to those roles.

• On client side (your App), after choosing your preferred AWS SDK (Android, iOS, React, JS, etc.) and configuring User pool ID, Identity pool and App client ID you should first authenticate the user by sending the user information (usually Email/Username and Password) to the Cognito user pool. In return, you will get some tokens.

• Among those IdToken (JWT) will be sent to the Identity pool and in return you will get User Identity ID along with credentials (accessKeyId, secretAccessKey, sessionToken) needed to access AWS other services like IoT.

• Last step would be using aws-iot-sdk for your App along with those credentials to publish and subscribe to your IoT topics. You can find more information about aws-iot-sdk here.

来源：https://stackoverflow.com/questions/61110436/use-cognito-login-instead-of-certificates-to-authenticate-and-subscribe-to-aws-i