AWS cognito:cognito标识池的登录令牌错误无效

我正在尝试了解aws cognito userpools和cognito identitypools的身份验证流。我在尝试调用aws cognito identity get-id命令时遇到了一个错误，如下所示：

我能够成功地通过cognito idp 进行身份验证

> aws cognito-idp initiate-auth --client-id 8ik2s2uk8d9ekh7k3s1hstlgt --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=testuser@xxx.com,PASSWORD=Pxxx1 --profile dev1
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "eyJraWQi..OiJSUzI1NiJ9.eyJvcmln...MOssACEgAsP-..A",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJj...IuxVj4Vv3EykM1ItEZkpSA",
"IdToken": "e..QCw"
}
}

在尝试生成Cognito ID之后，会看到一个错误。

aws cognito-identity get-id --identity-pool-id us-west-2:7exxx27-fxx4-4xxb-bc7c-1107c054e6de --login IdToken=eyJ.....Q3g4TDQ9IiwiYWxnIjoiUlMy
An error occurred (NotAuthorizedException) when calling the GetId operation: Invalid login token. Issuer doesn't match providerName

我的最终目标是获取调用aws-cognito-identity的临时凭据获取identity的凭据。然而，这又犯了一个错误。

> aws cognito-identity get-credentials-for-identity --identity-id "us-west-2:7ee6b627-f894-4b3b-bc7c-1107c054e6de" --profile dev1 --region us-west-2.
An error occurred (ResourceNotFoundException) when calling the GetCredentialsForIdentity operation: Identity 'us-west-2:7ee6b627-f894-4b3b-bc7c-1107c054e6de' not found.

不知道如何在这里取得进展，任何帮助都将不胜感激。

好吧，我意识到我做错了什么。我能够使完整的身份验证流正常工作。

启动身份验证(cognito idp(

~> aws cognito-idp initiate-auth                                                    
--client-id 8ik2sxxxxh7k3s1hstlgt                                               
--auth-flow USER_PASSWORD_AUTH                                                      
--auth-parameters USERNAME=bxxxur@wxxxxxx.com,PASSWORD=Pxxx1 --profile dev1
{                                                                                    
"ChallengeParameters": {},                                                       
"AuthenticationResult": {                                                        
"AccessToken": "whYhsUITzQQ3eBXAwI6VX7Gi7Dmv2eP3T1w",                        
"ExpiresIn": 3600,                                                           
"TokenType": "Bearer",                                                       
"RefreshToken": "RwrB-FIu6ZaQkv3AP_htR9QhD.hHZoXervix8HcvMnyi8oVw",          
"IdToken": "Ngf2ZbCZZ-FJwY-7ptPGpKMdA7NjjYVX8hM7DA"                          
}                                                                                
}

获取认知池ID

%~> aws cognito-identity get-id                                                    
--identity-pool-id us-west-2:7ee6b627-f894-4b3b-bc7c-1107c054e6de                   
--login  cognito-idp.us-west-2.amazonaws.com/us-west- 
2_BLcbQ9DHK=eyJraWQiOiJlMF.....Z20mCsfhv4RHy0GSdJxLvZkZ-
w10Gloz8cApb71QrvxY2vPvqq0klDvWzeA
{                                                                                    
"IdentityId": "us-west-2:bbc7f768-1a17-4c02-8f48-56d2e84c3947"                   
}

获取身份的凭据

~> aws cognito-identity get-credentials-for-identity                                
--identity-id us-west-2:bbc7f768-1a17-4c02-8f48-56d2e84c3947                        
--login  cognito-idp.us-west-2.amazonaws.com/us-west- 
2_BLcbQ9DHK=eyJraWQ......sj5bOd3hu824g --profile dev1
{                                                                                    
"IdentityId": "us-west-2:bbc7f768-1a17-4c02-8f48-56d2e84c3947",                  
"Credentials": {                                                                 
"AccessKeyId": "AS....O57QPE",                                               
"SecretKey": "f....CJsfDV5Y2jW",                                             
"SessionToken":"IQWvwc.......BDXm+5khWB5m/NWYUbf7leZ/Sk2f2y4Le",            
"Expiration": 1641857034.0                                                   
}                                                                                
}

相关内容

最新更新

热门标签：