我是一名尝试使用PHP连接服务器的开发人员。这是我的服务器开发人员身份验证代码:
<?php
require 'aws.phar';
use Aws\CognitoIdentity\CognitoIdentityClient;
use Aws\Sts\StsClient;
use Aws\Credentials\Credentials;
use Aws\S3\S3Client;
$identityClient = CognitoIdentityClient::factory(array(
'version' => 'latest',
'region' => 'ap-northeast-1'
));
$idResp = $identityClient->getId(array(
'AccountId' => 'XXXXXXXXXXX',
'IdentityPoolId' => 'XXXXXXXXXXXXXX',
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$identityId = $idResp["IdentityId"];
$tokenResp = $identityClient->getOpenIdToken(array(
'IdentityId' => $identityId,
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$token = $tokenResp["Token"];
$stsClient = StsClient::factory(array(
'region' => 'us-east-1',
'version' => '2011-06-15'
));
$stsResp = $stsClient->assumeRoleWithWebIdentity(array(
'RoleArn' =>'arn:aws:iam::XXXXXXXXXX:role/Cognito_appAuth_Role',
'RoleSessionName' => 'App', // you need to give the session a name
'WebIdentityToken' => $token
));
$credentials = new Credentials(
$stsResp['Credentials']['AccessKeyId'],
$stsResp['Credentials']['SecretAccessKey'],
$stsResp['Credentials']['SessionToken']
);
$s3Client = new S3Client([
'version' => '2006-03-01',
'region' => 'us-east-1',
'credentials' => $credentials
]);
代码非常复杂,以及我收到的以下错误消息。我无法理解这一点:
PHP Fatal error: Uncaught exception
'Aws\CognitoIdentity\Exception\CognitoIdentityException' with message
'Error executing "GetId" on "https://cognito-identity.ap-northeast-
1.amazonaws.com"; AWS HTTP error:
Client error:
`POST https://cognito- identity.ap- northeast-1.amazonaws.com` resulted
in a `400 Bad Request` response:
{"__type":"ValidationException","message":
"1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login (truncated...)
ValidationException (client):
1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login.blupinch.app}' at 'logins'
failed to satisfy constraint:
Map keys must satisfy constraint:
[Member must have length less than or equal to 128, Member must have
length greater than or equal to 1, Member must satisfy regular expression
pattern: [\w._/-]+] - {"__type":
"ValidationException","message":
"1 validation error detected:
Value '{cognito- identity.amazonaws.com:amr=login.blupinch.app}' at
'logins' failed to satisfy constraint:
Map keys must satisfy constraint:
[Mem in phar:///home/ubuntu/aws.phar/Aws/WrappedHttpHandler.php on
我认为错误与密钥cognito-identity.amazonaws.com:amr的值有关。所以我想知道,我应该为该密钥设置什么值?
答案 0 :(得分:0)
因此后端服务器不需要调用GetId或GetOpenIdToken API。在您的服务器上,您需要调用Amazon Cognito的GetOpenIdTokenForDeveloperIdentity API。对于登录映射,密钥应该是您在Amazon Cognito Console中为此标识池指定的开发人员提供商名称,该值应该是已从本机应用程序向您的服务器进行身份验证的用户的唯一用户标识符。 Cognito会将与该用户名相关联的identityId和OpenId Connect Token返回给您的后端,并将其传回应用程序。
我强烈建议您关注我们的blog post和developer guide,它会深入解释这一流程。与往常一样,如果您有任何疑问,请随时提出。
感谢。