我想将facebook访问令牌发送到AWS Cognito,然后接收一个授权令牌,该令牌可以进一步作为HTTP Put请求中的Authorization标头发送。 但是,我总是从AWS端点得到“未经授权”的响应。
当我尝试打印时:
credentialsProvider.credentials().continueOnSuccessWith(executor: AWSExecutor.default()) { (task) -> Any? in
print(task.error)
return true
}
我得到以下输出:
Optional(Error Domain=com.amazonaws.AWSJSONBuilderErrorDomain Code=4 "serialized object is neither a valid json Object nor NSData object: {
IdentityPoolId = "******";
Logins = {
"graph.facebook.com" = "<FBSDKAccessToken: *******>";
};
}" UserInfo={NSLocalizedDescription=serialized object is neither a valid json Object nor NSData object: {
IdentityPoolId = "*****+*";
Logins = {
"graph.facebook.com" = "<FBSDKAccessToken: ******>";
};
}})
这是我的代码:
import AWSCognito
class FacebookProvider: NSObject, AWSIdentityProviderManager {
func logins() -> AWSTask<NSDictionary> {
if let token = FBSDKAccessToken.current() {
return AWSTask(result: [AWSIdentityProviderFacebook:token])
}
return AWSTask(error:NSError(domain: "Facebook Login", code: -1 , userInfo: ["Facebook" : "No current Facebook access token"]))
}
}
class API {
..............
public func putOrder(when fbLogin: Bool, _ order: Order, onSuccess: @escaping(JSON) -> Void,
on Failure: @escaping(Error)-> Void) {
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .EUCentral1 ,
identityPoolId:"*****", identityProviderManager:FacebookProvider())
let configuration = AWSServiceConfiguration(region: AWSRegionType.EUCentral1, credentialsProvider: credentialsProvider)
AWSServiceManager.default().defaultServiceConfiguration = configuration
let url = "\(serverURL)\(API.loginOrderPath)"
let urlRequest: NSMutableURLRequest = NSMutableURLRequest(url: NSURL(string: url)! as URL)
urlRequest.httpMethod = API.apiMethodPut
urlRequest.setValue("application/json; charset=utf-8", forHTTPHeaderField: "Content-Type")
urlRequest.setValue("\(credentialsProvider.credentials())", forHTTPHeaderField: "Authorization")
do {
var json: JSON
json = ["companyId": order.companyId, "drinks": order.drinksId, "payment": order.payment, "tip": order.tip]
urlRequest.httpBody = try json.rawData()
let task = URLSession.shared.dataTask(with: urlRequest as URLRequest, completionHandler: {data, response, error -> Void in
if error != nil {
Failure(error!)
} else {
if let response = try? JSON(data: data!) {
onSuccess(response)
} else {
}
}
})
task.resume()
} catch _ {
}
}
}
预期结果:AWS服务器的JSON响应
实际结果:未经授权
答案 0 :(得分:1)
您从API网关收到unauthorized响应的原因是双重的:
credentialsProvider.credentials()未序列化为JSON,对于授权标头也不能“原样”。
看起来像您正在尝试通过自我管理URL请求的低级详细信息来手动调用API Gateway。我看不到向请求添加签名的代码。必须对所有经过身份验证的API网关请求进行签名(请参见https://docs.aws.amazon.com/apigateway/api-reference/making-http-requests/),并且Authorization标头必须包含用于计算签名的凭据。
管理AWS Signature的低级细节并非易事。您不应编写代码来执行此操作,而应使用AWS iOS SDK。特别是,如果您尝试使用Cognito用户池授权来调用API网关,请查看以下示例:https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-generate-sdk-ios-swift.html。
API网关控制台将生成运行此示例所需的客户端代码(请参见https://docs.aws.amazon.com/apigateway/latest/developerguide/genearte-ios-sdk-of-an-api.html)
这应该从代码中删除很多样板,使其更易于阅读和维护。
在上面的评论中发布的流程,iOS SDK将自动为您完成2/3 /和4 /步骤。