[英]Getting 401 when making a call to AWS Cognito secured endpoint
I have a Cognito user pool.我有一个 Cognito 用户池。 The pool has an application integration for JavaScript that does not have a secret.
该池具有 JavaScript 的应用程序集成,但没有密钥。 I am able to login using the following code
我可以使用以下代码登录
private static async signin(role: UserRole): Promise<string> {
const user = getUser();
const cognitoUser = new CognitoUser({
Username: user.username,
Pool: "myuserpool"
});
const authDetails = new AuthenticationDetails({
Username: user.username,
Password: user.password
});
return new Promise((resolve, reject): void => {
cognitoUser.authenticateUser(authDetails, {
onSuccess: result => {
this.credentials[role] = result.getIdToken().getJwtToken();
resolve(this.credentials[role]);
},
onFailure: err => {
console.log(`Failed login to cognito with ${role}: `, err);
reject(err);
}
});
});
}
When I make a call to my endpoint with the aws-api-gateway-client, I can see the token attached, but it always returns a 401 unauthorized.当我使用 aws-api-gateway-client 调用我的端点时,我可以看到附加的令牌,但它总是返回 401 未经授权。
It's super confusing because I can take this token and paste it into the ApiGateway Authorizer and receive a 200 ok.这非常令人困惑,因为我可以获取此令牌并将其粘贴到 ApiGateway Authorizer 中并收到 200 ok。 So it seems the token is valid, just not working properly.
所以看起来令牌是有效的,只是不能正常工作。
EDIT: Here is the flow....编辑:这是流程....
I don't think you need the "bearer" part for the header value.我认为您不需要 header 值的“承载”部分。 Cognito authorizers are just looking for the key/token.
Cognito 授权者只是在寻找密钥/令牌。 Try a header of
"Authorization": "<token_goes_here>".
尝试
"Authorization": "<token_goes_here>".
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.