如何使用Android从身份池(联合身份)获取AWS凭证

时间:2018-06-28 03:40:59

标签: android amazon-web-services aws-cognito

我是AWS Cognito的新手。

我想从我的程序中获取AWS临时凭证,以从API网关访问API服务(例如api)。我拥有的是“ IdentityPoolId ”,“ IdentityId ”和“ OpenIdToken ”。

当我尝试通过 getCredentialsForIdentity 使用AWS凭据访问时,每次在onError方法上都得到“ 身份'ap-northeast-1:xxxx'找不到。”。请帮我我错了吗?

    Single<GetCredentialsForIdentityResult> primeSingle = Single.fromCallable(MyClass::getResult);

    primeSingle
            .subscribeOn(Schedulers.io())
            .observeOn(AndroidSchedulers.mainThread())
            .subscribe(new SingleObserver<GetCredentialsForIdentityResult>() {
                @Override
                public void onSubscribe(@NonNull Disposable d) {
                }

                @Override
                public void onSuccess(@NonNull GetCredentialsForIdentityResult result) {
                    Credentials credentials = result.getCredentials();
                }

                @Override
                public void onError(@NonNull Throwable e) {
                    Log.d("Test", "onError: " + e.getMessage());
                }
            });

这里正在获取凭据结果代码。

private static GetCredentialsForIdentityResult getResult() {
    AmazonCognitoIdentity identityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials());

    Map<String, String> logins = new HashMap<String, String>();
    logins.put("cognito-identity.amazonaws.com", MyClass.OPEN_ID_TOKEN);

    GetCredentialsForIdentityRequest getCredentialsForIdentityRequest =
            new GetCredentialsForIdentityRequest()
            .withIdentityId(MyClass.IDENTITY_ID)  // Not Identity Pool Id
            .withLogins(logins);
    getCredentialsForIdentityRequest.setIdentityId(identityId);
    GetCredentialsForIdentityResult result = identityClient.getCredentialsForIdentity(getCredentialsForIdentityRequest);

    return result;
}

1 个答案:

答案 0 :(得分:1)

最后,我通过引用此凭据获得了凭据。

https://docs.aws.amazon.com/cognito/latest/developerguide/developer-authenticated-identities.html

谢谢。

代码如下:

public class DeveloperAuthenticationProvider extends AWSAbstractCognitoDeveloperIdentityProvider {

private static final String developerProvider = null;

public DeveloperAuthenticationProvider(String identityPoolId, Regions region) {
    super(null, identityPoolId, region);
    // Initialize any other objects needed here.
}

// Return the developer provider name which you choose while setting up the
// identity pool in the &COG; Console

@Override
public String getProviderName() {
    return developerProvider;
}

// Use the refresh method to communicate with your backend to get an
// identityId and token.

@Override
public String refresh() {

    // Override the existing token
    setToken(null);

    // Get the identityId and token by making a call to your backend
    // (Call to your backend)


    // Call the update method with updated identityId and token to make sure
    // these are ready to be used from Credentials Provider.

    update(identityId, token);
    return token;

}

// If the app has a valid identityId return it, otherwise get a valid
// identityId from your backend.

@Override
public String getIdentityId() {
    // Load the identityId from the cache
    identityId = "ap-northeast-1:xxxx";
    return identityId;
}}

从一种方法的上方调用:

private static AWSSessionCredentials getResult(Context context) {
    DeveloperAuthenticationProvider developerProvider =
            new DeveloperAuthenticationProvider("ap-northeast-1:your_pool_id", Regions.AP_NORTHEAST_1);
    CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider( context, developerProvider, Regions.AP_NORTHEAST_1);
    return credentialsProvider.getCredentials();
}

并使用rxjava获取响应:

Single<AWSSessionCredentials> primeSingle = Single.fromCallable(() -> getResult(this));

    primeSingle
            .subscribeOn(Schedulers.io())
            .observeOn(AndroidSchedulers.mainThread())
            .subscribe(new SingleObserver<AWSSessionCredentials>() {
                @Override
                public void onSubscribe(@NonNull Disposable d) {

                }

                @Override
                public void onSuccess(@NonNull AWSSessionCredentials result) {
                    String secretKey = result.getAWSSecretKey();
                }

                @Override
                public void onError(@NonNull Throwable e) {
                    Log.d("Test", "onError: " + e.getMessage());
                }
            });

成功后,您可以从onSuccess方法获取凭据。

相关问题
最新问题