我很难将Firebase用作Open ID Connect提供商。 能否请您进一步描述您在完成这项工作之前和之后所经历的步骤?
有关信息,这是我到目前为止所做的: 在AWS控制台中:
1 - 创建IAM身份提供商(OpenID Connect)并使用securetoken.google.com/<FIREBASE_PROJECT_ID>作为网址,<FIREBASE_PROJECT_ID>用于受众
2 - 手动检查指纹(它与AWS生成的指纹匹配)
3 - 创建具有访问所需服务的权限的角色
4 - 在Cognito中创建了一个标识池,并在“已验证的角色”中选择了我新创建的角色。下拉
5 - 在身份验证提供商下选择我的身份提供商&gt; OpenID类别(格式因此):securetoken.google.com/<FIREBASE_PROJECT_ID>
在我的代码中(我使用的是Vue.js),这是我经历的逻辑步骤:
导入/设置AWS开发工具包
调用Firebase身份验证服务
问题是我一直在&#34;在配置中缺少凭据&#34;错误。
代码:
import axios from 'axios';
const AWS = require('aws-sdk');
AWS.config.region = 'eu-west-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'MY_COGNITO_POOL_ID',
});
export default {
name: 'My Vue.js component name',
data() {
return {
email: '',
password: '',
msg: '',
};
},
methods: {
submit() {
axios
.post(
'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=MY_KEY',
{
email: this.email,
password: password,
returnSecureToken: true,
},
)
.then((res) => {
// stores tokens locally
localStorage.setItem('jwt', JSON.stringify(res.data));
const cognitoidentity = new AWS.CognitoIdentity();
const params = {
IdentityPoolId: 'MY_COGNITO_POOL_ID',
Logins: {
'securetoken.google.com/<PROJECT_ID>': res.data.idToken,
},
IdentityId: null,
TokenDuration: 3600,
};
cognitoidentity.getOpenIdTokenForDeveloperIdentity(params, (err, data) => {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
});
},
},
};
以下是我在尝试完成这项工作时使用的资源:
Using Firebase OpenID Connect provider as AWS IAM Identity Provider
https://github.com/aws/amazon-cognito-identity-js/blob/master/examples/babel-webpack/src/main.jsx
http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html
https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-authentication/
答案 0 :(得分:1)
尝试设置登录地图,即CognitoIdentityCredentials对象中的firebase令牌。请参阅this doc。
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'MY_COGNITO_POOL_ID',
Logins: {
'securetoken.google.com/':
}
}); 如果上述步骤不起作用&amp;他们应该在初始化Cognito客户端时将凭据作为选项传递。有关使用CognitoIdentity构造函数的可用选项,请参阅this doc。
const cognitoidentity = new AWS.CognitoIdentity({credentials: AWS.config.credentials}); 如果仍然收到错误,请在调用get()方法后尝试在控制台中记录凭据对象。理想情况下,它应该有临时凭证(accessKey,secretKey&amp; sessionToken)
答案 1 :(得分:0)
最终代码,如果这对任何人都有帮助:
import axios from 'axios';
const AWS = require('aws-sdk');
const aws4 = require('aws4');
export default {
name: 'VUE_CPNT_NAME',
data() {
return {
email: '',
password: '',
msg: '',
idToken: '',
};
},
methods: {
submit() {
// Firebase SignIn API
// Doc: https://firebase.google.com/docs/reference/rest/auth/
axios
.post(
'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[MY_KEY]',
{
email: this.email,
password: this.password,
returnSecureToken: true,
},
)
.then((res) => {
this.idToken = res.data.idToken;
localStorage.setItem('jwt', JSON.stringify(res.data));
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'IDENTITY_POOL_ID',
Logins: {
'securetoken.google.com/<FIREBASE_PROJECT_ID>': res.data.idToken,
},
}, {
region: 'eu-west-1',
});
// AWS.config.crendentials.get() methods works as well
// or a call to cognitoidentity.getId() followed by a call to getCredentialsForIdentity()
// will achieve the same thing. Cool. But why!?
AWS.config.getCredentials((err) => {
if (err) {
console.log(err);
}
const request = {
host: 'API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com',
method: 'GET',
url: 'https://API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com/PATH',
path: '/API_ENDPOINT_PATH',
};
// Signing the requests to API Gateway when the Authorization is set AWS_IAM.
// Not required when Cognito User Pools are used
const signedRequest = aws4.sign(request,
{
secretAccessKey: AWS.config.credentials.secretAccessKey,
accessKeyId: AWS.config.credentials.accessKeyId,
sessionToken: AWS.config.credentials.sessionToken,
});
// removing the Host header to avoid errors in Chrome
delete signedRequest.headers.Host;
axios(signedRequest);
});
});
},
},
};