来自CognitoIdentityProviderClient :: adminCreateUser()的MissingAuthenticationTokenException(“缺少身份验证令牌”)

时间:2019-04-29 04:27:59

标签: php amazon-web-services aws-sdk amazon-cognito

我有一个有效的AWS PHP SDK实现。 $client->getUser()之类的操作有效,但$client->adminCreateUser()及其他操作无效。

当我致电$client->adminCreateUser([...])时,结果为:

Error executing "AdminCreateUser" on "https://cognito-idp.ap-southeast-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.ap-southeast-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
 MissingAuthenticationTokenException (client): Missing Authentication Token - {"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}

/var/www/project/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php 中的第 191

使用完全相同的凭据从CLI(例如cognito-idp admin-create-user)调用的类似服务正在工作。

是什么原因造成的?


示例详细信息

我的环境:

  • Ubuntu 18.04
  • Apache 2.4.29
  • PHP 7.3
  • aws / aws-sdk-php 3.92.3

.aws /凭证

[default]
aws_access_key_id=XXXX
aws_secret_access_key=XXXX

我正在使用我的开发人员凭据

示例代码:

$client = new CognitoIdentityProviderClient([
    'version' => 'latest',
    'region' => 'ap-southeast-2',
    'credentials' => false, // Set to false to allow roles provisioned to our EC2 instances
]);

$result = $client->adminCreateUser([
    'DesiredDeliveryMediums' => ['Email'],
    'MessageAction' => 'RESEND',
    'TemporaryPassword' => 'TemporaryPassword1234',
    'UserAttributes' => [
        ['Name' => 'email', 'Value' => 'mailbox@domain.tld'],
    ],
    'UserPoolId' => 'ap-southeast-2_XXXX',
    'Username' => 'mailbox@domain.tld',
]);

1 个答案:

答案 0 :(得分:3)

您需要从'credentials' => false配置中删除CognitoIdentityProviderClient

adminCreateUser()操作需要经过签名的请求(与signUp()之类的操作不同,这就是signUp()可以与未签名的请求一起使用,但是adminCreateUser()和其他需要开发人员的操作凭据不会)

从AWS文档中

https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#admincreateuser

  

AdminCreateUser需要开发人员凭据。

https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#credentials

  

传递false以使用空凭据而不签署请求。

需要签名请求以提供开发人员凭据。