使用AWS Cognito的chrome.identity.launchWebAuthFlow未经授权客户端

时间:2019-05-29 13:13:44

标签: amazon-web-services authentication oauth-2.0 amazon-cognito google-oauth2

我正在尝试使用aws cognito作为Non-Google account authentication来授权端点。

我正在尝试如下操作:

chrome.identity.launchWebAuthFlow(         
      {'url': 'https://mydomain.auth.eu-west-1.amazoncognito.com/oauth2/authorize?response_type=token&client_id=myapplicationclientid&redirect_uri=https://myid.chromiumapp.org/&state=STATE&scope=aws.cognito.signin.user.admin', 'interactive': true},
      function(redirect_url) {
        if (chrome.runtime.lastError) {
          sampleSupport.log(chrome.runtime.lastError);
          changeState(STATE_START);
        } else {
          //sampleSupport.log(chrome.identity.getRedirectURL());
          sampleSupport.log('Token acquired:'+redirect_url+
            '. See chrome://identity-internals for details.');
          changeState(STATE_AUTHTOKEN_ACQUIRED);
        }

      });

在aws Amazon Cognito应用程序配置菜单中,我按如下所示设置了回调URL:https://myid.chromiumapp.org/provider_cb。另外,我将Authorization code grant设置为aws.cognito.signin.user.admin允许的OAuth范围。

我不知道自己在做什么错,但收到以下错误:

Token acquired:https://myid.chromiumapp.org/#error_description=unauthorized_client&state=STATE&error=invalid_request. See chrome://identity-internals for details.

1 个答案:

答案 0 :(得分:0)

  1. 在URL中,您请求response_type=token的同时启用了配置Authorization code grant。将response_type更改为code或启用Implicit grant
  2. 对于正确的重定向URL,您可以使用chrome.identity.getRedirectURL() docs代替人工构建