我的目标是将Amazon Cognito与外部OpenID提供程序(在本例中为IdentityServer4)一起使用。问题是我使用了参考令牌,AWS并未对其进行验证以获取字段(我在日志中看不到对IdP的任何请求)。
这是我的客户:
function OpenIDLogin() {
let login_params = JSON.stringify(
{
"access_token": "{reference token}",
"expires_in": 3600,
"token_type": "Bearer"
}
)
console.log(login_params);
AWS.config.region = 'us-east-1'; // Regione
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '{identity pool id}',
Logins: {
"{idp url}": login_params
}
});
// Make the call to obtain credentials
AWS.config.credentials.get(function () {
// Credentials will be available when this function is called.
accessKeyId = AWS.config.credentials.accessKeyId;
secretAccessKey = AWS.config.credentials.secretAccessKey;
sessionToken = AWS.config.credentials.sessionToken;
});
}
OpenIDLogin();
错误代码如下:message: "Invalid login token. Not a valid OpenId Connect identity token."
__type: "NotAuthorizedException"