Question

我正在使用AWS Cognito身份验证进行签名机制。为了获取凭据（访问，秘密和会话令牌），我们需要获取身份令牌。
我正在获取用户名，密码，clientId，userPoolId，identityPoolId信息。但是，当我尝试使用USER_PASSWORD_AUTH作为身份验证流类型生成ID令牌时，出现以下错误原因：com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException：缺少身份验证令牌（服务：AWSCognitoIdentityProvider；状态代码：400；错误代码：MissingAuthenticationTokenException；请求ID ：；代理：null）

下面是代码：

AnonymousAWSCredentials awsCreds = new AnonymousAWSCredentials();

    AWSCognitoIdentityProvider provider = AWSCognitoIdentityProviderClientBuilder.standard()
            .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
            .withRegion(//region)
            .build();
           

    AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
            .withAuthFlow(AuthFlowType.USER_PASSWORD_AUTH)
            .withClientId("")
            .withUserPoolId("")
            .withAuthParameters(map);
    Map<String,String> map = new HashMap<>();
    map.put("USERNAME","");
    map.put("PASSWORD","");

这里的地图将具有用户名和密码。

有人可以提供有关如何在Java中配置身份验证以生成ID令牌和访问令牌的帮助吗？预先感谢！

Answer 1

您的代码可能如下所示。请注意：

使用ADMIN_USER_PASSWORD_AUTH流进行身份验证。请参阅 AdminInitiateAuth

在Cognito的客户端设置中，应在“身份验证流程配置”部分下启用下一个选项“对用于身份验证的管理API启用用户名密码auth（ALLOW_ADMIN_USER_PASSWORD_AUTH）” 。。。 >

 public static void auth(String username, String password) {

 AwsBasicCredentials awsCreds = AwsBasicCredentials.create(AWS_KEY,
         AWS_SECRET);

 CognitoIdentityProviderClient identityProviderClient =
         CognitoIdentityProviderClient.builder()
                 .credentialsProvider(StaticCredentialsProvider.create(awsCreds))
                 .region(Region.of(REGION))
                 .build();

 final Map<String, String> authParams = new HashMap<>();
 authParams.put("USERNAME", username);
 authParams.put("PASSWORD", password);
 authParams.put("SECRET_HASH", calculateSecretHash(CLIENT_ID,
         CLIENT_SECRET, username));

 final AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
         .authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
         .clientId(CLIENT_ID)
         .userPoolId(POOL_ID)
         .authParameters(authParams)
         .build();

 AdminInitiateAuthResponse result = identityProviderClient.adminInitiateAuth(authRequest);

 System.out.println(result.authenticationResult().accessToken());
 System.out.println(result.authenticationResult().idToken());

}

方法calculateSecretHash来自AWS文档Signing Up and Confirming User Accounts：

 private static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
 final String HMAC_SHA256_ALGORITHM = "HmacSHA256";

 SecretKeySpec signingKey = new SecretKeySpec(
         userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
         HMAC_SHA256_ALGORITHM);
 try {
     Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
     mac.init(signingKey);
     mac.update(userName.getBytes(StandardCharsets.UTF_8));
     byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
     return Base64.getEncoder().encodeToString(rawHmac);
 } catch (Exception e) {
     throw new RuntimeException("Error while calculating ");
 }}

如何在Java sdk后端中配置AWS用户认知身份验证流程以生成身份令牌和访问令牌？

1 个答案: