AWS Cognito:无法获取凭据
[英]AWS Cognito: Can't get Credentials
问题描述
i can't get the Credentials for my CognitoIdentity. 
我无法获得CognitoIdentity的凭据。 When the User is successfully authenticated, he needs to get a Identity to access other AWS Services. 用户成功通过身份验证后,需要获取Identity才能访问其他AWS服务。 In my case thats AWS IoT. 在我的案例中,这是AWS IoT。 But for somehow, i can't get any credentials. 但不知何故,我无法获得任何凭据。
This is the Error Message: 这是错误消息:
Error retrieving credentials: NotAuthorizedException: Access to Identity 'eu-central-1:XXXXXXXXXX' is forbidden.
My Code is almost exactly like the Tutorial on Github: 我的代码几乎与Github上的教程完全一样:
var cognitoUser = new AWSCognito.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log("Logged in");
console.log('access token + ' + result.getAccessToken().getJwtToken());
// window.location.href = "index.html";
AWS.config.region = AWSConfiguration.region;
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: AWSConfiguration.IdPoolId,
Logins : {
'cognito-idp.eu-central-1.amazonaws.com/eu-central-1_XXXX' : result.getIdToken().getJwtToken()
}
});
var cognitoIdentity = new AWS.CognitoIdentity();
AWS.config.credentials.get(function(err, data) {
if (!err) {
console.log('retrieved identity: ' + AWS.config.credentials.identityId);
var params = {
IdentityId: AWS.config.credentials.identityId
};
cognitoIdentity.getCredentialsForIdentity(params, function(err, data) {
if (!err) {
thingShadows.updateWebSocketCredentials(data.credentials.AccessKeyId,
data.credentials.SecretKey,
data.credentials.SessionToken);
}
else {
console.log('error retrieving credentials: ' + err);
}
});
}
else {
console.log('error retrieving identity:' + err);
}
});
}
});
Please note that i skipped not related code. 请注意,我跳过了不相关的代码。 authenticated users have full access to all AWS services i'm using. 经过身份验证的用户可以完全访问我正在使用的所有AWS服务。
1 个解决方案
解决方案1
2 已采纳 2017-10-18 05:01:50
I don't think you need to call cognitoIdentity.getCredentialsForIdentity() . 我认为你不需要调用cognitoIdentity.getCredentialsForIdentity() 。 Your IAM keys should be put into the AWS.config.credentials object when you call AWS.config.credentials.get() . 调用AWS.config.credentials.get()时,应将IAM密钥放入AWS.config.credentials对象。 You can access them directly in the callback you provide when you call it. 您可以在调用时直接在回调中访问它们。
In other words, when you're logging out the retrieved identity: to the console, the credentials object should already have your secret key, access key id, and session token in it. 换句话说,当您将retrieved identity:到的retrieved identity:注销到控制台时,凭证对象应该已经拥有您的密钥,访问密钥ID和会话令牌。
All of this (give or take a curly brace): 所有这一切(给予或采取大括号):
var params = {
IdentityId: AWS.config.credentials.identityId
};
cognitoIdentity.getCredentialsForIdentity(params, function(err, data) {
if (!err) {
thingShadows.updateWebSocketCredentials(data.credentials.AccessKeyId,
data.credentials.SecretKey,
data.credentials.SessionToken);
}
else {
console.log('error retrieving credentials: ' + err);
}
});
Can probably be replaced with something like this: 可能会被这样的东西取代:
thingShadows.updateWebSocketCredentials(AWS.config.credentials.accessKeyId,
AWS.config.credentials.secretKey,
AWS.config.credentials.sessionToken);
If you pass in a Logins map with the user pool id and access token in it, the getCredentialsForIdentity() call might succeed; 如果传入一个包含用户池ID和访问令牌的Logins映射,则getCredentialsForIdentity()调用可能会成功; I didn't test it. 我没有测试它。 I haven't yet run into a use case where I needed to use this particular API, and I suspect you don't need it either. 我还没有遇到需要使用这个特殊API的用例,我怀疑你也不需要它。
Source: I work on a 100% javascript application that uses both authenticated and unauthenticated Cognito identities. 来源:我在100%的javascript应用程序上工作,该应用程序使用经过身份验证和未经身份验证的Cognito身份。 We don't call getCredentialsForIdentity() anywhere, and trying to insert it produced the same error you're getting. 我们不会在任何地方调用getCredentialsForIdentity() ,并且尝试插入它会产生相同的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.