使用以下代码,我可以获得idToken。
const idToken: string = await new Promise((resolve, reject) => {
const authParams = {
AuthFlow: 'ADMIN_NO_SRP_AUTH',
ClientId: this.options.cognito.userPoolClientId,
UserPoolId: this.options.cognito.userPoolId,
AuthParameters: {
USERNAME: this.options.cognito.username,
PASSWORD: this.options.cognito.password,
},
};
const cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({
region: this.options.region,
});
cognitoidentityserviceprovider.adminInitiateAuth(authParams, (err, sessionData) => {
if (err) {
return reject(err);
} else {
if (
sessionData &&
sessionData.AuthenticationResult &&
sessionData.AuthenticationResult.IdToken
) {
return resolve(sessionData.AuthenticationResult.IdToken);
}
return reject(Error('IdToken missing from sessionData'));
}
});
});
将此令牌传递到Authorization标头下,使我可以对API网关进行经过身份验证的调用。
但是,当我尝试调用具有以下访问控制权的Elastic Search API时,我收到一个错误响应,告诉我Authorization标头需要具有Credential,Signature,SignedHeaders和Date。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::***:role/Cognito_ElasticSearchAuth_Role"
},
"Action": "es:*",
"Resource": "arn:aws:***:domain/userdata-bi-dev/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"***"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:***:role/lambda-role"
},
"Action": "es:*",
"Resource": "arn:***:domain/userdata-bi-dev/*"
}
]
}
我可以使用javascript aws-sdk生成这种Authorization标头吗?