AWS Cognito仅在USEast1中工作

时间:2015-01-03 14:31:35

标签: ios amazon-cognito

我使用AWS Cognito API在Swift中编写了一个iOS应用程序。连接到USEast1按预期工作并验证我的用户

var awsProperties = NSDictionary(contentsOfFile: NSBundle.mainBundle().pathForResource("AWS", ofType: "plist")!)
var credentialsProvider : AWSCognitoCredentialsProvider
var loggedIn = false

override init() {
    credentialsProvider  = AWSCognitoCredentialsProvider.credentialsWithRegionType(
        AWSRegionType.USEast1,
        accountId:awsProperties?.valueForKey(GlobalConstants.AccountId) as String,
        identityPoolId:awsProperties?.valueForKey(GlobalConstants.USIdentityPoolId) as String,
        unauthRoleArn:awsProperties?.valueForKey(GlobalConstants.UnauthDefaultRole) as String,
        authRoleArn:awsProperties?.valueForKey(GlobalConstants.AuthDefaultRole) as String)
}

func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: NSDictionary?) -> Bool {
    let defaultServiceConfiguration = AWSServiceConfiguration(
        region: AWSRegionType.USEast1,
        credentialsProvider: credentialsProvider)
    AWSServiceManager.defaultServiceManager().setDefaultServiceConfiguration(defaultServiceConfiguration)
    credentialsProvider.getIdentityId().continueWithBlock { (task: BFTask!) -> AnyObject! in
        if((task.error) != nil) {
            NSLog("%@", task.error)
        } else {
            NSLog("%@", self.credentialsProvider.identityId)
            self.loggedIn = true
        }
        return self.loggedIn
    }

    return true
}

我有必要的代码允许在单独的登录控制器中登录G +,没有特定区域。

但是,如果我使用完全相同的代码,但是将区域更改为EUWest1并使用我的基于EU的识别池,则会出现以下异常:

AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:453 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | In refresh, but identityId is nil.
AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:454 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | Result from getIdentityId is (null)

我的IAM角色上的信任策略允许访问两个身份池:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "accounts.google.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": [
            "eu-west-1:XXXXXX",
            "us-east-1:XXXXXX"
          ]
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}

我错过了某个地方,我应该压倒该地区吗?

1 个答案:

答案 0 :(得分:0)

通常情况下,经过几天的努力,我已经发现问题最终发布到了SO。

问题在于,在框架搜索路径上链接了以前版本的AWS iOS SDK,它没有EUCentral1。在枚举中包含它似乎已经改变了索引,并且只有在USEast1和EUWest1中支持Cognito它才会尝试针对不正确的区域进行身份验证。

相关问题
最新问题