AWS Cognito联合身份池-身份验证角色
[英]AWS Cognito Federated Identity Pool - Role on Authentication
问题描述
I have 2 identity pools - one for Unauth (with only Unauth role set) and other for Federated Identities (FB and Google - with only Auth role set). 
我有2个身份池-一个用于Unauth(仅设置了Unauth角色),另一个用于联合身份(FB和Google-仅设置了Auth角色)。
I have an iOS app in with 2 classes implementing AWSIdentityProviderManager protocol - GuestProvider which returns an empty logins and FBProvider which populates the FB token in logins. 我有一个iOS应用程序,其中包含2个实现AWSIdentityProviderManager协议的类-GuestProvider返回一个空的登录名,而FBProvider填充登录名中的FB令牌。
When I launch the app and browse as guest, it works, Similarly if I launch the app and directly login to FB, it also works with proper auth role. 当我启动该应用程序并以访客身份浏览时,它可以工作。类似地,如果我启动该应用程序并直接登录FB,它也可以使用适当的身份验证角色。
The problem comes when I login as Guest and then switch to FB - though I get the Auth token and set it in Provider and update the defaultServiceConfiguration, but Lambda invoke fails with AccessDenied error - logs show it still has the unauth role. 当我以来宾身份登录然后切换到FB时,问题就来了-尽管我获得了Auth令牌并将其设置在Provider中并更新defaultServiceConfiguration,但是Lambda调用失败并出现AccessDenied错误-日志显示它仍然具有unauth角色。 This does not happen if I launch the app and login via FB (not going to Guest first). 如果我启动应用程序并通过FB登录(不会先去访客),则不会发生这种情况。
These are the functions that set the AWS config for resp use case: 这些是用于为用例设置AWS配置的功能:
func initializeGuestCredentialsProvider() {
// AWS
credentialsProvider = AWSCognitoCredentialsProvider(
regionType: Constants.AWS_REGION,
identityPoolId: Constants.COGNITO_UNAUTH_IDENTITY_POOL_ID);
let configuration = AWSServiceConfiguration(
region: Constants.AWS_REGION,
credentialsProvider: credentialsProvider
);
AWSServiceManager.default().defaultServiceConfiguration = configuration
}
func initializeFBCredentialsProvider() {
credentialsProvider = AWSCognitoCredentialsProvider(
regionType: Constants.AWS_REGION,
identityPoolId: Constants.COGNITO_IDENTITY_POOL_ID,
identityProviderManager: FacebookProvider());
let configuration = AWSServiceConfiguration(
region: AWSRegionType.USWest2,
credentialsProvider: credentialsProvider
);
AWSServiceManager.default().defaultServiceConfiguration = configuration
}
I am not sure what could be the reason for this error. 我不确定导致此错误的原因是什么。 Possibly the first credentials provider that has been set in config, can not be changed ? 可能是第一个在config中设置的凭据提供程序,不能更改吗?
1 个解决方案
解决方案1
0 2017-12-08 01:25:46
I would suggest using a single identity pool. 我建议使用一个身份池。 When a user switches from Guest to Authenticated, then just pass the identityId and the provider token (in the logins map) to GetCredentialsForIdentity. 当用户从Guest切换到Authenticated时,只需将identityId和提供者令牌(在登录映射中)传递给GetCredentialsForIdentity。 This would link the same identityId to the provider (Facebook) user. 这会将相同的identityId链接到提供者(Facebook)用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.