React 和 Axios 获取 AWS 客户端凭证
[英]React and Axios get AWS client credentials
问题描述
I'm using latest version of react with axios and want to get an authentication token from aws / cognito.
我正在使用最新版本的 react with axios 并希望从 aws / cognito 获取身份验证令牌。 Therefore I have my client and client secret.因此我有我的客户和客户的秘密。 When I send a curl request, it works as expected, but when I send the request via axios, I always get a status 405 response.当我发送 curl 请求时,它按预期工作,但是当我通过 axios 发送请求时,我总是收到状态 405 响应。
My code looks as follows:我的代码如下所示:
...
axios({
url: 'https://xyz.amazoncognito.com/oauth2/token?grant_type=client_credentials',
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'client_id': '***************',
'client_secret': '****************'
'redirect_uri': 'http://localhost:4200'
}
})
.then((response) => {
console.log(response);
}, (error) => {
console.log(error);
});
Instead of setting client_id, client_secret and redirect_uri to the headers, I added them in the url like我没有将 client_id、client_secret 和 redirect_uri 设置到标头,而是将它们添加到 url 中,例如
...grant_type=client_credentials&client_id=************&client_secret=*************&redirect_uri=http%3A%2F%2Flocalhost%3A4200
with the same result.结果相同。 Any ideas, what I'm doing wrong?任何想法,我做错了什么? As a side remark: I'm using axios for all my api requests and so I would like to stay at axios also in this case.作为附带说明:我正在为我的所有 api 请求使用 axios,因此在这种情况下我也想留在 axios。
Thanks and kind regards,谢谢和亲切的问候,
Balu巴鲁
1 个解决方案
解决方案1
0 已采纳 2020-04-25 23:17:54
You are not passing the required parameters correctly.您没有正确传递所需的参数。 Have a look at the example here: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html看看这里的例子: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
The required headers will be:所需的标头将是:
Authorization If the client was issued a secret, the client must pass its client_id and client_secret in the authorization header through Basic HTTP authorization.授权 如果客户端被授予一个秘密,客户端必须通过基本 HTTP 授权在授权 header 中传递其 client_id 和 client_secret。 The secret is Basic Base64Encode(client_id:client_secret).秘密是 Basic Base64Encode(client_id:client_secret)。
Content-Type Must always be 'application/x-www-form-urlencoded'. Content-Type 必须始终为“application/x-www-form-urlencoded”。
The other information will be passed as request parameters.其他信息将作为请求参数传递。
This being said, you should not store your client and client secret on the client side (React application).话虽这么说,您不应该在客户端(React 应用程序)存储您的客户端和客户端密码。 If this is exposed on the client, anyone can get your client ID and Client secret and obtain a Cognito Token.如果这在客户端上公开,任何人都可以获取您的客户端 ID 和客户端密码并获得 Cognito 令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.