我目前正在构建一个C++客户端,该客户端已成功向AWS Cognito用户池进行身份验证。我希望通过交换从Cognito收到的ID令牌来获得临时AWS证书。
将Advanced Flow与AWS CLI一起使用,这似乎是我正在处理的两个单独的调用。
aws cognito标识获取idaws cognito身份获取身份的凭据
最终目标是为后续的AWS服务调用接收AccessKeyId、SecretKey、SessionToken、IdentityId。
我已经计算出了get-id方面,所以其他方面现在很容易就会失败。
Aws::SDKOptions options;
Aws::Utils::Logging::LogLevel logLevel{ Aws::Utils::Logging::LogLevel::Error };
options.loggingOptions.logger_create_fn = [logLevel] {return make_shared<Aws::Utils::Logging::ConsoleLogSystem>(logLevel); };
Aws::InitAPI(options);
Aws::Client::ClientConfiguration clientConfiguration;
clientConfiguration.region = REGION; // region must be set for Cognito operations
s_AmazonCognitoIdentityClient = Aws::MakeShared<Aws::CognitoIdentity::CognitoIdentityClient>("CognitoIdentityClient",clientConfiguration);
Aws::CognitoIdentity::Model::GetIdRequest getIdRequest;
getIdRequest.SetAccountId(AWS_ACCOUNT_ID);
getIdRequest.SetIdentityPoolId(IDENTITY_POOL_ID);
map<string, string> logins{
{"cognito-idp.[REGION].amazonaws.com/[Your Pool ID]", s_IDToken}
};
getIdRequest.SetLogins(logins);
Aws::CognitoIdentity::Model::GetIdOutcome getIdOutcome{s_AmazonCognitoIdentityClient->GetId(getIdRequest)};
if (getIdOutcome.IsSuccess())
{
Aws::CognitoIdentity::Model::GetIdResult getIdResult{getIdOutcome.GetResult()};
cout << "tIdentity Token: " << getIdResult.GetIdentityId() << endl;
s_IdentityId = getIdResult.GetIdentityId(); //Set for subsequent call to get credentials
}
else {
Aws::Client::AWSError<Aws::CognitoIdentity::CognitoIdentityErrors> error = getIdOutcome.GetError();
cout << "Error logging in: " << error.GetMessage() << endl << endl;
}
Aws::ShutdownAPI(options);