403使用Amazon Cognito iOS时进行初始API调用

Question

我在项目中使用Amazon Cognito进行身份验证，使用AWS iOS SDK v.2.6.11。我的应用程序在主视图上有以下流程：获取会话，然后使用AWSAPIGateway类的子类进行API调用。

此处的问题是，在使用Amazon Cognito成功进行身份验证后，API调用响应代码为403.

停止应用程序然后再次运行（现在用户已经过身份验证）后，API的响应状态代码为200.

这是responseData中的消息，我从API调用获得了403响应：

"Message":"User: arn:aws:sts::############:assumed-role/####_unauth_MOBILEHUB_##########/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:############:********####:##########/Development/POST/my-api-endpoint

（标识符替换为＃字符）

似乎API调用未经授权。有没有办法在成功验证后授权这些API调用？

这是我的初始UIViewController ：

中的身份验证代码

let user = pool.currentUser() ?? pool.getUser()

user.getSession("myUsername", password: "myPassword", validationData: nil).continueOnSuccessWith { sessiontask -> Any? in

// i've left error handling out of this example code

let request = AWSAPIGatewayRequest(httpMethod: "POST",
                                   urlString: "/my-api-endpoint",
                                   queryParameters: nil,
                                   headerParameters: nil,
                                   httpBody: nil)

        let serviceClient = AWSAPI_MY_AUTOGENERATED_Client.default()

        return serviceClient.invoke(request).continueOnSuccessWith(block: { (task) -> Any? in

            if let result = task.result, result.statusCode == 200 {
                //  A: all good - Continue
            } else {
                // B: Handle error (403 etc.)
            }
            return nil
        })

这就是我的 AppDelegate 的样子：

func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]?) -> Bool {
    let pool = AWSCognitoIdentityUserPool.default()
    let credentialsProvider = AWSMobileClient.sharedInstance().getCredentialsProvider()

    let configuration = AWSServiceConfiguration(
        region: .EUCentral1,
        credentialsProvider: credentialsProvider)
    AWSServiceManager.default().defaultServiceConfiguration = configuration

    // keeping reference to the pool and the credentials provider
    self.pool = pool 
    self.credentialsProvider = credentialsProvider

    window = UIWindow(frame: UIScreen.main.bounds)
    let rootViewController = MyInitialViewController()
    window!.rootViewController = rootViewController
    window!.makeKeyAndVisible()

    return AWSMobileClient.sharedInstance().interceptApplication(application, didFinishLaunchingWithOptions: launchOptions)
}