AWS Cognito快速将令牌交换到凭证

时间:2019-02-27 08:01:55

标签: swift amazon-web-services amazon-cognito credentials aws-sts

我尝试通过此AWS文档登录后使用身份池访问AWS服务 https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

但是在将用户池与身份池部分集成在一起时, 我无法在快速代码中添加令牌

let serviceConfiguration = AWSServiceConfiguration(region: .USEast1, credentialsProvider: nil)
let userPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration(clientId: "YOUR_CLIENT_ID", clientSecret: "YOUR_CLIENT_SECRET", poolId: "YOUR_USER_POOL_ID")
AWSCognitoIdentityUserPool.registerCognitoIdentityUserPoolWithConfiguration(serviceConfiguration, userPoolConfiguration: userPoolConfiguration, forKey: "UserPool")
let pool = AWSCognitoIdentityUserPool(forKey: "UserPool")
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "YOUR_IDENTITY_POOL_ID", identityProviderManager:pool)

在javascript和android中都具有certificateProvider.logins。

我收到这样的消息:

Message: The security token included in the request is invalid.

还是我需要通过此文档调用aws sts api? https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_credentials_temp_request.html

感谢帮助。

1 个答案:

答案 0 :(得分:0)

首先我试试这个

let identity = AWSCognitoIdentity.default()
        let input = AWSCognitoIdentityGetCredentialsForIdentityInput()
        input?.identityId = identityid
        input?.logins = ["cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXXX":identityToken]
        identity.getCredentialsForIdentity(input!).continueWith(block: { (task:AWSTask<AWSCognitoIdentityGetCredentialsForIdentityResponse>) -> Any? in

            if (task.error != nil) {
                print("Error: " + task.error!.localizedDescription)
            }
            else {
                self.accessKey = (task.result?.credentials?.accessKeyId)!
                self.secrectKey = (task.result?.credentials?.secretKey)!
                self.sessionToken = (task.result?.credentials?.sessionToken)
            }
            return task;
        })

但是它不起作用,我不确定会发生什么。我使用https获取AWS Iot阴影,它将返回空值并获得403消息。 然后我更改这样的官方文档代码

let serviceConfiguration = AWSServiceConfiguration(region: .USEast1,credentialsProvider: nil)
let userPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration(clientId: "YOUR_CLIENT_ID", clientSecret: "YOUR_CLIENT_SECRET", poolId: "YOUR_USER_POOL_ID")
AWSCognitoIdentityUserPool.registerCognitoIdentityUserPoolWithConfiguration(serviceConfiguration, userPoolConfiguration: userPoolConfiguration, forKey: "UserPool")
let pool = AWSCognitoIdentityUserPool(forKey: "UserPool")
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "YOUR_IDENTITY_POOL_ID", identityProviderManager:pool)

然后使用此代码

    credentialsProvider.credentials().continueWith(block: { (task) -> AnyObject? in
        if (task.error != nil) {
            print("Error: " + task.error!.localizedDescription)
        }
        else {
            let credentials = task.result!
            self.accessKey = credentials.accessKey
            self.secrectKey = credentials.secretKey
            self.session  = credentials.sessionKey!           }
        return task;
    })

但是此代码不使用我从cognito登录获得的idtoken,也许这只是让我访问服务,然后我可以解析idtoken以获取idtoken详细消息。

希望这对某人有帮助。

除此之外,导入的事情是使用iot将您的临时凭证附加到PrincipalPrincipalPolicy,当您登录cognito时,您将获得凭证identityID, 然后使用此identityID附加。

否则您将被禁止使用403,并且返回值为空。

财政年度 https://github.com/awslabs/aws-sdk-ios-samples/blob/master/IoT-Sample/Swift/IoTSampleSwift/ConnectionViewController.swift

相关问题
最新问题