将用户池与Amazon Cognito Identity与身份验证提供程序

时间:2016-10-25 12:18:21

标签: amazon-s3 amazon-cognito

我按照链接http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html中描述的步骤将我的用户池与认知身份进行整合。但每次我尝试使用身份验证提供程序访问amazone S3时,我都会收到以下错误:

  

E / CognitoCachingCredentialsProvider:无法获取凭据                                                                                            com.amazonaws.services.cognitoidentity.model.NotAuthorizedException:   登录不匹配。请至少包含一个有效的登录信息   身份或身份池。 (服务:AmazonCognitoIdentity;状态   代码:400;错误代码:NotAuthorizedException;请求ID:   ff4da8ad-9a96-11e6-9c64-67a5c841c727)                                                                                                 在   com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:712)                                                                                                 在   com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:388)                                                                                                 在   com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:199)                                                                                                 在   com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:558)                                                                                                 在   com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getId(AmazonCognitoIdentityClient.java:444)                                                                                                 在   com.amazonaws.auth.AWSAbstractCognitoIdentityProvider.getIdentityId(AWSAbstractCognitoIdentityProvider.java:172)                                                                                                 在   com.amazonaws.auth.AWSEnhancedCognitoIdentityProvider.refresh(AWSEnhancedCognitoIdentityProvider.java:76)                                                                                                 在   com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:561)                                                                                                 在   com.amazonaws.auth.CognitoCredentialsProvider.getCredentials(CognitoCredentialsProvider.java:371)                                                                                                 在   com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:441)                                                                                                 在   com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:76)                                                                                                 在   com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4369)                                                                                                 在   com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1704)                                                                                                 在   com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.uploadSinglePartAndWaitForCompletion(UploadTask.java:203)                                                                                                 在   com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.call(UploadTask.java:85)                                                                                                 在   com.amazonaws.mobileconnectors.s3.transferutility.UploadTask.call(UploadTask.java:44)                                                                                                 在java.util.concurrent.FutureTask.run(FutureTask.java:234)                                                                                                 在   java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)                                                                                                 在   java.util.concurrent.ThreadPoolExecutor中的$ Worker.run(ThreadPoolExecutor.java:573)                                                                                                 在java.lang.Thread.run(Thread.java:864)。

以下是代码:

public static TransferUtility getTransferUtility(Context context) {
        if (sTransferUtility == null) {
            sTransferUtility = new TransferUtility(getS3Client(context.getApplicationContext()),
                    context.getApplicationContext());
        }

        return sTransferUtility;
    }



public static AmazonS3Client getS3Client(Context context) {
        if (sS3Client == null) {
            sS3Client = new AmazonS3Client(getCredProvider(context.getApplicationContext()));
        }
        return sS3Client;
    }



 private static CognitoCachingCredentialsProvider getCredProvider(Context context) {
        if (sCredProvider == null) {
            sCredProvider = new CognitoCachingCredentialsProvider(
                    context.getApplicationContext(),
                    Constants.COGNITO_POOL_ID,
                    Regions.EU_WEST_1);
            Map<String, String> logins = new HashMap<>();
            logins.put("cognito-idp.eu-west-1.amazonaws.com/eu-west-1_xxxxxxxxx", idToken);
            sCredProvider.setLogins(logins);
        }
        return sCredProvider;
    }

这是我如何获得令牌

AuthenticationHandler authenticationHandler = new AuthenticationHandler() {
        @Override
        public void onSuccess(CognitoUserSession cognitoUserSession, CognitoDevice device) {
            Log.e(TAG, "***Auth Success***");
            idToken = cognitoUserSession.getIdToken().getJWTToken();
            AppHelper.setCurrSession(cognitoUserSession);
            AppHelper.newDevice(device);
            closeWaitDialog();
            launchUser();
        }

transferutility是com.amazonaws.mobileconnectors.s3.transferutility包的一部分。

感谢您的帮助。 felini

3 个答案:

答案 0 :(得分:1)

问题可能是配置或您创建令牌的方式(提供者名称部分看起来正确)。但很可能你只需要GetIdResult。

“登录不匹配。请至少包含一个此身份或身份池的有效登录信息。”来自“AWSCognitoIdentityService.GetCredentialsForIdentity”api请求(在java中我认为它是GetCredentialsForIdentityResult)

当您拥有一个身份的identityId,然后为另一个身份提供登录时,就会发生这种情况。如果您更改身份,则需要执行“AWSCognitoIdentityService.GetId”(在java中我认为这是GetIdResult)

错误告诉您无法找到与身份池关联的身份提供程序,或者池没有配置该身份提供程序(我认为这会生成不同的错误但不确定),或者它不能将identityId与登录条目令牌相关联(如果ID令牌中的用户名声明与其具有的身份不匹配)。

我认为您需要修复登录字典,或者执行GetIdResult调用以确保您为正在提供的登录哈希提供正确的identityId。

或者......如果是配置,请确保在身份验证提供程序列表中正确配置了用户池和客户端ID作为Cognito用户池身份验证提供程序。请注意,如果您还在IAM中将其配置为身份提供者,则必须使受众群体与该客户端ID相同。 (也有效)。

注意:如果您配置了“未经身份验证”访问,然后尝试使用登录哈希获取凭据,但使用未经身份验证的身份,则可能会出现此问题。我想你需要做一个getIdResult来切换。

答案 1 :(得分:0)

这是一个配置问题。我添加到现有身份池,Cognito用户池作为身份验证提供程序。我提供了用户池ID和客户端ID。

然后我点击保存更改。仪表板上以绿色显示我的更改已保存。但实际上并非如此!这就是错误的原因。

作为解决方案,我从头开始创建了一个新的身份池,并在创建过程中添加了Cognito用户池作为身份验证提供程序。只有这样才能在池创建后正确保存。

答案 2 :(得分:0)

如果其他人有相同的警告,则可以使用未验证的电子邮件登录Cognito Identity Pool,但该用户将无法针对Cognito Identity Provider进行授权,而是会抛出此错误:

  

错误:登录不匹配。请至少包含一个有效登录信息   这个身份或身份池。

用户可以设置为“确认”&#39;通过Cognito控制台。这并不等同于经过验证的电子邮件&#39;。用户可以登录到池中。

完全未经证实的用户根本无法登录。