AWS Cognito数据集和Google Identity Toolkit错误

时间:2015-10-08 06:45:57

标签: android amazon-web-services jwt amazon-cognito google-identity-toolkit

我正在使用新的(有点)Google Identity Toolkit,我面临一个奇怪的问题。

由它生成的JWT令牌如下:

{
  "alg": "RS256",
  "kid": "qwYevA"
}
{
  "iss": "https://identitytoolkit.google.com/",
  "aud": "950882198692-jrb8d5t979qahaechf5gd4t3g59gpvou.apps.googleusercontent.com",
  "iat": 1444275809,
  "exp": 1445485409,
  "user_id": "05244125885327377646",
  "email": "**********@gmail.com",
  "provider_id": "facebook.com",
  "verified": false,
  "display_name": "NOT_MY_NAME",
  "photo_url": "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-xaf1/v/t1.0-1/c155.48.597.597/s50x50/notmyphotonotmyphotonotmyphotonotmyphoto.jpg?oh=notmyphotonotmyphotonotmyphotonotmyphoto&oe=notmyphoto&__gda__=notmyphotonotmyphotonotmyphotonotmyphotonotmyphoto"
} 
{
*signature*
}

我正在设置 iss 

CognitoSyncClientManager.addLogins("https://identitytoolkit.google.com/",
                  idToken.getTokenString());

每当我尝试同步数据集时都会出现错误:

 Dataset dataset = syncClient.openOrCreateDataset("myTestDataset");
    dataset.put("myTestKey", "myTestValue");
    dataset.synchronize(new DefaultSyncCallback() {
        @Override
        public void onSuccess(Dataset dataset, List newRecords) {
            System.out.println(dataset.get("myTestKey"));
        }
    });

错误日志:

com.google.identitytoolkit.demo E/DefaultSyncCallback: Failure occurred during sync
***: com.amazonaws.mobileconnectors.cognito.exceptions.DataStorageException: Failed to list records in dataset: myTestDataset
***:     at com.amazonaws.mobileconnectors.cognito.internal.storage.CognitoSyncStorage.handleException(CognitoSyncStorage.java:293)
***:     at com.amazonaws.mobileconnectors.cognito.internal.storage.CognitoSyncStorage.listUpdates(CognitoSyncStorage.java:152)
***:     at com.amazonaws.mobileconnectors.cognito.DefaultDataset.synchronizeInternal(DefaultDataset.java:388)
***:     at com.amazonaws.mobileconnectors.cognito.DefaultDataset$1.run(DefaultDataset.java:149)
***:     at java.lang.Thread.run(Thread.java:818)
***:  Caused by: com.amazonaws.AmazonServiceException: 1 validation error detected: Value '{https://identitytoolkit.google.com/=eyJhb---*MASSIVE-JWT*---c5demjsRlQtqjz8A}' at 
'logins' failed to satisfy constraint: Map keys must satisfy constraint: [Member must have length less than or equal to 128, Member must have length greater than or equal to 1, 
Member must satisfy regular expression pattern: [\w._/-]+] (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: ValidationException; Request ID: ab0d6028-6d80-11e5-ac9f-33bc83bfc548)
......
***: failed to synchronize myTestDataset

那么,我可能做错了什么?

这是我第一次在AWS工作,而且我对JWT也很新。任何帮助表示赞赏。

我应该提一下,我正在使用此项目的课程和样本:https://github.com/awslabs/aws-sdk-android-samples/tree/master/CognitoSyncDemo

1 个答案:

答案 0 :(得分:2)

Google的OpenID Connect发布者名称为“accounts.google.com”,这应该作为addLogins的第一个参数而不是“https://identitytoolkit.google.com/”传递给Google令牌。

但是,您的令牌实际上指定“https://identitytoolkit.google.com/”作为发行人。如果这是您从Identity Toolkit收到的令牌类型,我担心您将无法使用它们使用Cognito对Google进行身份验证,因为它不是有效的OpenID Connect颁发者according to this。可能值得向Identity Toolkit的人询问,因为它看起来像是他们身边的一个bug。

相关问题
最新问题