Question

我想将facebook访问令牌发送到AWS Cognito，然后接收一个授权令牌，该令牌可以进一步作为HTTP Put请求中的Authorization标头发送。但是，我总是从AWS端点得到“未经授权”的响应。

当我尝试打印时：

    credentialsProvider.credentials().continueOnSuccessWith(executor: AWSExecutor.default()) { (task) -> Any? in
            print(task.error)
            return true
        }

我得到以下输出：

Optional(Error Domain=com.amazonaws.AWSJSONBuilderErrorDomain Code=4 "serialized object is neither a valid json Object nor NSData object: {
    IdentityPoolId = "******";
    Logins =     {
        "graph.facebook.com" = "<FBSDKAccessToken: *******>";
    };
}" UserInfo={NSLocalizedDescription=serialized object is neither a valid json Object nor NSData object: {
    IdentityPoolId = "*****+*";
    Logins =     {
        "graph.facebook.com" = "<FBSDKAccessToken: ******>";
    };
}})

这是我的代码：

import AWSCognito
class FacebookProvider: NSObject, AWSIdentityProviderManager {
    func logins() -> AWSTask<NSDictionary> {
        if let token = FBSDKAccessToken.current() {
            return AWSTask(result: [AWSIdentityProviderFacebook:token])
        }
        return AWSTask(error:NSError(domain: "Facebook Login", code: -1 , userInfo: ["Facebook" : "No current Facebook access token"]))
    }
}

class API {
..............

public func putOrder(when fbLogin: Bool, _ order: Order, onSuccess: @escaping(JSON) -> Void,
                         on Failure: @escaping(Error)-> Void) {
        let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .EUCentral1 ,
                                                                identityPoolId:"*****", identityProviderManager:FacebookProvider())
    let configuration = AWSServiceConfiguration(region: AWSRegionType.EUCentral1, credentialsProvider: credentialsProvider)
    AWSServiceManager.default().defaultServiceConfiguration = configuration
    let url = "\(serverURL)\(API.loginOrderPath)"
    let urlRequest: NSMutableURLRequest = NSMutableURLRequest(url: NSURL(string: url)! as URL)
    urlRequest.httpMethod = API.apiMethodPut
    urlRequest.setValue("application/json; charset=utf-8", forHTTPHeaderField: "Content-Type")
    urlRequest.setValue("\(credentialsProvider.credentials())", forHTTPHeaderField: "Authorization")
    do {
        var json: JSON
        json = ["companyId": order.companyId, "drinks": order.drinksId, "payment": order.payment, "tip": order.tip]
        urlRequest.httpBody = try json.rawData()
        let task = URLSession.shared.dataTask(with: urlRequest as URLRequest, completionHandler: {data, response, error -> Void in
            if error != nil {
                Failure(error!)
            } else {
                if let response = try? JSON(data: data!) {
                    onSuccess(response)
                } else {
                }
            }
        })
        task.resume()
    } catch _ {
    }
}

}

预期结果：AWS服务器的JSON响应
实际结果：未经授权

Answer 1

您从API网关收到unauthorized响应的原因是双重的：

credentialsProvider.credentials()未序列化为JSON，对于授权标头也不能“原样”。
看起来像您正在尝试通过自我管理URL请求的低级详细信息来手动调用API Gateway。我看不到向请求添加签名的代码。必须对所有经过身份验证的API网关请求进行签名（请参见https://docs.aws.amazon.com/apigateway/api-reference/making-http-requests/），并且Authorization标头必须包含用于计算签名的凭据。

管理AWS Signature的低级细节并非易事。您不应编写代码来执行此操作，而应使用AWS iOS SDK。特别是，如果您尝试使用Cognito用户池授权来调用API网关，请查看以下示例：https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-generate-sdk-ios-swift.html。

API网关控制台将生成运行此示例所需的客户端代码（请参见https://docs.aws.amazon.com/apigateway/latest/developerguide/genearte-ios-sdk-of-an-api.html）

这应该从代码中删除很多样板，使其更易于阅读和维护。

在上面的评论中发布的流程，iOS SDK将自动为您完成2/3 /和4 /步骤。

swift：将Facebook当前令牌发送到AWS Cognito之后，接收AWS id_token吗？

1 个答案: