Question

您如何通过向aws授权者添加正确的受众来解决token does not have a valid audience？

一旦我将yaml标头和有效的JWT一起使用，来自token does not have a valid audience配置的以下代码段将返回Authorization。

Auth:
  DefaultAuthorizer: JwtAuthentication
  Authorizers:
    JwtAuthentication:
      IdentitySource: $request.header.Authorization
      JwtConfiguration:
        audience:
          - my-audience
        issuer: !Sub https://cognito-idp.${AWS::Region}.amazonaws.com/${OperationsUserPool}

Answer 1

一旦我解码了我的lambda生成的JWT

const login = await cognitoidentityserviceprovider
        .adminInitiateAuth(params)
        .promise();

我注意到audience是App Client Id，但不确定如何获取audience，因此事实证明，您的{{1}是Ref }

您可以在此处找到更多信息 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthflowsuserpoolclient

AWS::Cognito::UserPoolClient

希望这对某人有帮助！

将用户池“ App Client Id”设置为HTTP API AWS YAML的受众群体-令牌没有有效的受众群体

1 个答案: