我试图通过自定义openID连接提供程序对自己进行身份验证。 要检索我的JWT令牌,请使用以下库:
https://github.com/openid/AppAuth-iOS
我有一个自定义的OpenIDAuthHandler类。 为了检索我的JWT令牌,我有这个与AppAuth库一起使用的函数:
func getToken(tokenCompletion: AWSTaskCompletionSource<NSString>) {
let issuer = URL(string: config.issuerURL)
let clientID = config.clientID
let redirectURL = URL(string: config.redirectURL)
log.debug("Fetching configuration for issuer: \(issuer!)")
// discovers endpoints
OIDAuthorizationService.discoverConfiguration(forIssuer: issuer!) { configuration, error in
if configuration == nil {
log.debug("Error retrieving discovery document: \(String(describing: error?.localizedDescription))")
return
}
log.debug("Got configuration: \(configuration!)")
// builds authentication request
let request = OIDAuthorizationRequest(configuration: configuration!,
clientId: clientID,
scopes: ["openid", "offline_access", "profile", "IPTVUserID"],
redirectURL: redirectURL!,
responseType: OIDResponseTypeCode,
additionalParameters: nil)
// performs authentication request
guard let rootVC = self.application.keyWindow?.rootViewController else { return }
guard let delegate = self.application.appDelegate as? AppDelegate else { return }
log.debug("Initiating authorization request with scope: \(request.scope!)")
delegate.currentAuthorizationFlow = OIDAuthState.authState(byPresenting: request, presenting: rootVC) { authState, error in
if authState != nil {
log.debug("Got authorization tokens. Access token: \(authState!.lastTokenResponse!.accessToken!)")
guard let token = authState?.lastTokenResponse?.accessToken else {
tokenCompletion.set(error: NSError(domain: "OIDC Login",
code: -1,
userInfo: ["Unable to get OIDC token": "Details about your error"]))
return
}
self.defaults.set(token, forKey: .accessToken)
tokenCompletion.set(result: token as NSString)
} else {
log.debug("Authorization error: \(error!.localizedDescription)")
tokenCompletion.set(error: NSError(domain: "OIDC Login",
code: -1,
userInfo: ["Unable to get OIDC token": "Details about your error"]))
}
}
}
}
注意:从这一个我得到一个有效的JWT令牌,所以这部分工作我假设。
我还有一个实现OpenIDAuthHandler class协议的AWSCognitoCredentialsProviderHelper。
override func token() -> AWSTask<NSString> {
let completion = AWSTaskCompletionSource<NSString>()
getToken(tokenCompletion: completion)
let task1 = completion.task.continueOnSuccessWith { (task) -> AWSTask<NSString> in
return AWSTask(result: task.result!)
}
if let task2 = task1 as? AWSTask<NSString> {
return task2
} else {
log.error("Something went wrong with \(task1)")
return AWSTask()
}
}
override func logins () -> AWSTask<NSDictionary> {
let token = self.defaults.string(forKey: .accessToken)
if token == nil {
let accessTokenTask = self.token()
guard let accessToken = accessTokenTask.result else {
return AWSTask(error: NSError(domain: self.config.issuerURL, code: -1, userInfo: [self.config.issuerURL: "No current access token"]))
}
return AWSTask(result: ["cbo.eu.auth0.com": accessToken])
} else {
if let token = token {
return AWSTask(result: ["cbo.eu.auth0.com": token])
}
return AWSTask(error: NSError(domain: self.config.issuerURL, code: -1, userInfo: [self.config.issuerURL: "No current access token"]))
}
}
现在问题来了。我尝试使用以下代码将AWS accessito返回到我的访问密钥,密钥和会话密钥:
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .EUWest1, identityProvider: self.openIDAuthHandler)
let configuration = AWSServiceConfiguration(region: .EUWest1, credentialsProvider: credentialsProvider)
AWSServiceManager.default().defaultServiceConfiguration = configuration
credentialsProvider.credentials().continueWith(block: { (task) -> AnyObject? in
if task.error != nil {
log.error("Error 1: " + task.error!.localizedDescription)
} else {
// the task result will contain the identity id
let credentials = task.result!
log.debug("access key: \(credentials.accessKey)")
log.debug("secret key: \(credentials.secretKey)")
log.debug("session key: \(credentials.sessionKey ?? "No session key available")")
}
return task
})
但由于某种原因,我不断收到以下错误:
com.amazonaws.AWSCognitoIdentityErrorDomain error 8.