AWS Cognito:调用getOpenIdToken()时禁止访问标识

时间:2015-06-14 15:16:33

标签: amazon-web-services amazon-cognito

成功获得认知身份后,我们尝试获取openIdToken()

AWS.config.credentials.get(function(err) {
    if (!err) {
      var cognitoIdentity = new AWS.CognitoIdentity();
      cognitoIdentity.getOpenIdToken({IdentityId: AWS.config.credentials.identityId}, function(err, data) {
        if (err) console.log(err, err.stack); // an error occurred
        else     console.log(data);           // successful response
      });

    } else {
      console.log('cognito error: ' + err);
    }
  });

然而,这失败了:

"NotAuthorizedException: Access to Identity 'us-east-1:xxxxx' is forbidden.

完整错误跟踪:

    POST https://cognito-identity.us-east-1.amazonaws.com/ 400 (Bad Request)
    aws-sdk.min.js:5 [AWS cognitoidentity 400 0.192s 0 retries] getOpenIdToken({IdentityId: 'us-east-1:xxxxx' })
routing.html:64 Error: Access to Identity 'us-east-1:xxxxx' is forbidden.
    at a (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:3548)
    at r.SequentialExecutor.r.util.inherit.callListeners (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:28594)
    at r.SequentialExecutor.r.util.inherit.emit (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:28390)
    at a.Request.n.emitEvent (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:16483)
    at u.setupStates.e (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:12946)
    at r.runTo (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:7:25031)
    at https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:7:25238
    at null.<anonymous> (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:12982)
    at null.<anonymous> (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:16538)
    at r.SequentialExecutor.r.util.inherit.callListeners (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:28607) "NotAuthorizedException: Access to Identity 'us-east-1:xxxxx' is forbidden.

1 个答案:

答案 0 :(得分:1)

此错误的两个最常见原因是:

  • 您尚未在身份池配置中正确设置角色。
  • 您正在尝试获取经过身份验证的身份的令牌,而不提供身份提供商提供的令牌。

请检查上述两种情况的代码,如果错误仍然存​​在,请告诉我你的identityId / identityPoolId,我将很乐意深入挖掘。

谢谢,
Rachit

相关问题
最新问题