我正在尝试使用Cognito联合身份验证来与Facebook进行身份验证,并在Cognito用户池中创建用户并映射用户属性。
AWS Congnito服务配置,我认为是正确的,因为我与网络应用程序完美配合。然而,当尝试使用iOS应用程序时,尽管所有工作都在代码中并使用Facebook进行身份验证并假设经过身份验证的角色,但池中不会创建任何用户。
我根据Cognito“基本(经典)Authflow”使用下面的代码流程详细信息这是正确的方法,是否在用户池中创建了用户?
getId,getOpenIdToken,assumeRoleWithWebIdentity。
AWSCognitoIdentityGetIdInput *input = [[AWSCognitoIdentityGetIdInput alloc] init];
[input setIdentityPoolId:poolId];
[input setAccountId:@"XXXXXXXXXXXX"];
NSDictionary *logons = @{@"graph.facebook.com":tknStr};
[input setLogins:logons];
AWSCognitoIdentity *id = [AWSCognitoIdentity defaultCognitoIdentity];
[id getId:input completionHandler:^(AWSCognitoIdentityGetIdResponse * _Nullable response, NSError * _Nullable error) {
if (error)
{
//handle the error
}
else
{
AWSCognitoIdentityGetCredentialsForIdentityInput *getCredsInput = [AWSCognitoIdentityGetCredentialsForIdentityInput new];
[getCredsInput setCustomRoleArn:@"arn:aws:iam::XXXXXXXXX:role/XXXXXXXXXXXXXXX”];
[getCredsInput setIdentityId:[response identityId]];
[getCredsInput setLogins:logons];
AWSCognitoIdentityGetOpenIdTokenInput *openID = [AWSCognitoIdentityGetOpenIdTokenInput new];
[openID setIdentityId:[response identityId]];
[openID setLogins:logons];
[id getOpenIdToken:openID completionHandler:^(AWSCognitoIdentityGetOpenIdTokenResponse * _Nullable response, NSError * _Nullable error) {
if (error)
NSLog(@"task.error - %@",error);
else
{
AWSSTS *sts = [AWSSTS defaultSTS];
AWSSTSAssumeRoleWithWebIdentityRequest *request = [[AWSSTSAssumeRoleWithWebIdentityRequest alloc] init];
[request setRoleArn:@"arn:aws:iam::XXXXXXXXX:role/XXXXXXXXXXXXXXX”];
[request setRoleSessionName:@"ginger55"];
[request setWebIdentityToken:[response token]];
[sts assumeRoleWithWebIdentity:request completionHandler:^(AWSSTSAssumeRoleWithWebIdentityResponse * _Nullable response, NSError * _Nullable error) {
if (error)
{
NSLog(@"task.error - %@",error);
}
else
{
NSLog(@“response = %@",response);
}
}];
}
}];
}
}];
任何帮助表示感谢。