亚马逊亚马逊产品广告api临时凭证

Question

我想签署一份请求，其中包含针对Amazon的AWSECommerceService请求的临时凭据。这样做的原因是我不想直接将密钥添加到移动客户端。

我正在运行一个将Cognito openId会话令牌返回给客户端的服务器。然后，此令牌将用于临时凭证。有了这些凭据，我试图签署http请求。

为了实现这一点，我将X-Amz-Security-Token参数添加到请求中，如此处所述Amazon Docu。

问题是结果始终是＆＃34;错误请求400 InvalidAccount Invalid AccessKey Id ASIAxxx＆＃34;。我还尝试在添加令牌之前生成签名，但结果是相同的。任何想法都表示赞赏。

请求：

  

http://webservices.amazon.de/onca/xml?AWSAccessKeyId=ASIAxxx&AssociateTag=mytag&BrowseNode=1981808031&Operation=ItemSearch&ResponseGroup=Images%2CItemAttributes%2COffers&SearchIndex=All&Service=AWSECommerceService&Sort=price&Timestamp=2017-07-12T15%3A16%3A48Z&X-Amz-Security-Token=mySessionToken&Signature=mySignature

客户:( Junit测试签名）

    BasicSessionCredentials credentials = CognitoWebClient.authenticateWithToken(jsonResult);
    Map<String, String> params = new HashMap<>();

        params.put("Service", "AWSECommerceService");
                params.put("Operation", "ItemSearch");
                params.put("AWSAccessKeyId", credentials.getAWSAccessKeyId()));
                    params.put("AssociateTag", myTag);
                    params.put("SearchIndex", "All");
                    params.put("ResponseGroup", 
                    params.put("Images,ItemAttributes,Offers");
                    params.put("Sort", "price");
                    params.put("BrowseNode", myNode);
                    params.put("X-Amz-Security-Token", mySessionToken);

       String requestUrl = SignedRequestsHelper.getInstance(amazonLocale.getEndpoint(), credentials.getAWSAccessKeyId(), credentials.getAWSSecretKey()).sign(params);

            RestTemplate template = new RestTemplate();

        try{
            ResponseEntity<String> responseEntity = template.getForEntity(requestUrl, String.class);
            Assert.assertEquals(HttpStatus.OK,responseEntity.getStatusCode());
        }catch (Exception e) {
            Assert.fail(requestUrl+"\n"+e.getMessage());

        }

SignedRequestsHelper

服务器:(将openId令牌返回给客户端）

public String getIdentityIdToken() {

        // initialize the Cognito identity client with a set
        // of anonymous AWS credentials
        AmazonCognitoIdentityClientBuilder identityClientBuilder = AmazonCognitoIdentityClient.builder()
                .withCredentials(new AWSCredentialsProvider() {

                    @Override
                    public void refresh() {
                        // TODO Auto-generated method stub

                    }

                    @Override
                    public AWSCredentials getCredentials() {
                        // TODO Auto-generated method stub
                        return new BasicAWSCredentials(myRealAccessKey,
                                myRealSecretAccessKey);
                    }
                });

        identityClientBuilder.setRegion(Regions.EU_CENTRAL_1.getName());

        AmazonCognitoIdentity identityClient = identityClientBuilder.build();

        // send a get id request. This only needs to be executed the first time
        // and the result should be cached.
        GetOpenIdTokenForDeveloperIdentityRequest tokenRequest = new GetOpenIdTokenForDeveloperIdentityRequest();
        tokenRequest.setIdentityPoolId(myIdentityPool);

        HashMap<String, String> map = new HashMap<String, String>();
        map.put("login.com....", "myUser");
        tokenRequest.setLogins(map);

        GetOpenIdTokenForDeveloperIdentityResult result = identityClient
                .getOpenIdTokenForDeveloperIdentity(tokenRequest);

        return result.getToken();
    }