Spring Boot集成AWS Cognito后自定义属性sector无法在AccessToken中返回的问题求助
2026-4-8
Spring Boot集成AWS Cognito后自定义属性sector无法在AccessToken中返回的问题求助
大家好,我现在在做Spring Boot后端集成AWS Cognito的实验,目前登录和登出功能都能正常工作,但遇到一个头疼的问题:我在Cognito用户池里添加了自定义属性sector,但调用client.getAccessToken().getTokenValue()拿到的AccessToken里完全看不到这个属性。
我已经提前排查了几个常见的坑,确认了以下几点:
- 自定义属性
sector对应的值绝对不是空的,用户数据里确实已经填充了内容 - 这个属性已经开启了读和写的权限
- OpenID Connect Scopes已经勾选了
aws.cognito.signin.user.admin、Email、OpenID、Phone
下面是我所有的配置和代码,麻烦大家帮忙看看哪里出问题了?
application.yml 配置
spring: security: oauth2: client: registration: cognito: client-id: <> client-secret: <> scope: - phone - openid - email - profile - aws.cognito.signin.user.admin # Spring Security by default uses a redirect-uri in the format: {baseUrl}/login/oauth2/code/{registrationId} # For example: http://localhost:8080/login/oauth2/code/cognito # See more: https://docs.spring.io/spring-security/reference/servlet/oauth2/login/core.html#oauth2login-sample-redirect-uri # redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}" provider: cognito: issuerUri: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_EGiczpUh8 user-name-attribute: username
CognitoLogoutHandler.java
public class CognitoLogoutHandler extends SimpleUrlLogoutSuccessHandler { /** * The domain of your user pool. */ private String domain = "https://us-east-1egicxpuh8.auth.us-east-1.amazoncognito.com"; /** * An allowed callback URL. */ private String logoutRedirectUrl = "http://localhost:8080"; /** * The ID of your User Pool Client. */ private String userPoolClientId = "6nvqeqk9t7fjkieecetmsqnsnm"; /** * Here, we must implement the new logout URL request. We define what URL to send our request to, and set out client_id and logout_uri parameters. */ @Override protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { return UriComponentsBuilder .fromUri(URI.create(domain + "/logout")) .queryParam("client_id", userPoolClientId) .queryParam("logout_uri", logoutRedirectUrl) .encode(StandardCharsets.UTF_8) .build() .toUriString(); } }
WebConfiguration.java
@Configuration public class WebConfiguration implements WebMvcConfigurer { @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/").setViewName("home"); } }
SecurityConfiguration.java
@Configuration @EnableWebSecurity public class SecurityConfiguration { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { CognitoLogoutHandler cognitoLogoutHandler = new CognitoLogoutHandler(); http.csrf(Customizer.withDefaults()) .authorizeHttpRequests(authz -> authz .requestMatchers("/").permitAll() .anyRequest() .authenticated()) .oauth2Login(Customizer.withDefaults()) .logout(logout -> logout.logoutSuccessHandler(cognitoLogoutHandler)); return http.build(); } }
Controller.java
@RestController public class Controller { @GetMapping("/profile") public String profile(@RegisteredOAuth2AuthorizedClient("cognito") OAuth2AuthorizedClient client, Model model) { String jwt = client.getAccessToken().getTokenValue(); // <-- 这里拿到的bearer token里没有sector属性 model.addAttribute("token", jwt); return jwt; } }
内容来源于stack exchange
