AWS Cognito - JavaScript 身份验证不起作用
[英]AWS Cognito - JavaScript Authentication Not Working
问题描述
I've been trying to get Google Sign-In to work with Cognito through the JS SDK.
我一直在尝试通过 JS SDK 使 Google Sign-In 与 Cognito 一起使用。 I've been reading the docs: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityCredentials.html我一直在阅读文档: http : //docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityCredentials.html
This below code is in my function that gets run once I get the callback from Google.下面的代码在我的函数中,一旦我从谷歌获得回调就会运行。 I have verified that I am logged in through Google and have an access_token.我已验证我已通过 Google 登录并拥有 access_token。 According to the docs I should only need the role name if the role is configured through cognito so it can automatically figure out the pool id.根据文档,如果角色是通过 cognito 配置的,我应该只需要角色名称,这样它就可以自动找出池 ID。 Which it is.它是哪个。 The function calls the get and returns successfully.该函数调用 get 并成功返回。
Now what I don't understand is two things:现在我不明白的是两件事:
1) Shouldn't I see a new identity in my pool in Cognito once the get method is called? 1) 调用 get 方法后,我不应该在 Cognito 的池中看到新身份吗? I am not seeing any logins through cognito.我没有看到通过 cognito 进行的任何登录。 When should I see logins through cognito on the dashboard?我什么时候应该在仪表板上看到通过 cognito 登录的信息?
2) Trying to use AWS now to reach specific resources such as maybe read an S3 bucket or something fails due to Auth, and that would make sense if issue #1 is having issues. 2) 现在尝试使用 AWS 来访问特定资源,例如可能读取 S3 存储桶或由于身份验证而失败,如果问题 #1 出现问题,这将是有意义的。
I am guessing I am missing something simple here since, any help would be appreciated.我猜我在这里遗漏了一些简单的东西,因为任何帮助将不胜感激。 I have also looked at this link: http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-configuring.html and tried using WebIdentityToken as well, with no success.我还查看了此链接: http ://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-configuring.html 并尝试使用 WebIdentityToken,但没有成功。
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '<POOL ID>',
Logins: {
'accounts.google.com': googleUser.wc.access_token
}
});
// Obtain AWS credentials
AWS.config.credentials.get(function(){
// Credentials will be available when this function is called.
var accessKeyId = AWS.config.credentials.accessKeyId;
var secretAccessKey = AWS.config.credentials.secretAccessKey;
var sessionToken = AWS.config.credentials.sessionToken;
console.log("accessKeyId: " + accessKeyId);
});
3 个解决方案
解决方案1
1 2015-10-19 21:51:29
So the issue came down to 2 things.所以问题归结为两件事。
Just like Scott was saying I needed to use the IdentityPoolId and Logins within the CognitoIdentityCredentials method.正如 Scott 所说,我需要在 CognitoIdentityCredentials 方法中使用 IdentityPoolId 和 Logins。
The second was the token from google.第二个是来自谷歌的令牌。 Its not the access token that AWS needs, it is the id_token!它不是 AWS 需要的访问令牌,而是 id_token! So on the google success callback we get the googleUser object, which has a wc object on it, on that which contains a id_token.因此,在 google 成功回调中,我们获得了 googleUser 对象,该对象上有一个 wc 对象,该对象上包含一个 id_token。 You use that token on the Logins dictionary and you have yourself a successful login!您在登录字典中使用该令牌,您就成功登录了!
解决方案2
0 2015-10-19 18:31:37
You actually need to specify the Identity Pool ID, not the role ARN (as long as you have configured the UnAuth and Auth roles when you setup your identity pool - which is the default).您实际上需要指定身份池 ID,而不是角色 ARN(只要您在设置身份池时配置了 UnAuth 和 Auth 角色 - 这是默认设置)。 See the example code at http://docs.aws.amazon.com/cognito/devguide/identity/getting-credentials/请参阅http://docs.aws.amazon.com/cognito/devguide/identity/getting-credentials/ 上的示例代码
Please let me us know if you continue to have trouble.如果您仍然遇到问题,请告诉我们。
解决方案3
0 2016-09-01 19:12:22
Make sure you have 'Generate client secret' unchecked on AWS->Cognito->UserPool->YourPool->Apps->Add App确保在 AWS->Cognito->UserPool->YourPool->Apps->Add App 上取消选中“生成客户端密钥”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.