我正在尝试了解aws cognito userpools和cognito identitypools的身份验证流。我在尝试调用aws cognito identity get-id命令时遇到了一个错误,如下所示:
我能够成功地通过cognito idp 进行身份验证
> aws cognito-idp initiate-auth --client-id 8ik2s2uk8d9ekh7k3s1hstlgt --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=testuser@xxx.com,PASSWORD=Pxxx1 --profile dev1
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "eyJraWQi..OiJSUzI1NiJ9.eyJvcmln...MOssACEgAsP-..A",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJj...IuxVj4Vv3EykM1ItEZkpSA",
"IdToken": "e..QCw"
}
}
在尝试生成Cognito ID之后,会看到一个错误。
aws cognito-identity get-id --identity-pool-id us-west-2:7exxx27-fxx4-4xxb-bc7c-1107c054e6de --login IdToken=eyJ.....Q3g4TDQ9IiwiYWxnIjoiUlMy
An error occurred (NotAuthorizedException) when calling the GetId operation: Invalid login token. Issuer doesn't match providerName
我的最终目标是获取调用aws-cognito-identity的临时凭据获取identity的凭据。然而,这又犯了一个错误。
> aws cognito-identity get-credentials-for-identity --identity-id "us-west-2:7ee6b627-f894-4b3b-bc7c-1107c054e6de" --profile dev1 --region us-west-2.
An error occurred (ResourceNotFoundException) when calling the GetCredentialsForIdentity operation: Identity 'us-west-2:7ee6b627-f894-4b3b-bc7c-1107c054e6de' not found.
不知道如何在这里取得进展,任何帮助都将不胜感激。
好吧,我意识到我做错了什么。我能够使完整的身份验证流正常工作。
-
启动身份验证(cognito idp(
~> aws cognito-idp initiate-auth --client-id 8ik2sxxxxh7k3s1hstlgt --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=bxxxur@wxxxxxx.com,PASSWORD=Pxxx1 --profile dev1 { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "whYhsUITzQQ3eBXAwI6VX7Gi7Dmv2eP3T1w", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "RwrB-FIu6ZaQkv3AP_htR9QhD.hHZoXervix8HcvMnyi8oVw", "IdToken": "Ngf2ZbCZZ-FJwY-7ptPGpKMdA7NjjYVX8hM7DA" } }
-
获取认知池ID
%~> aws cognito-identity get-id --identity-pool-id us-west-2:7ee6b627-f894-4b3b-bc7c-1107c054e6de --login cognito-idp.us-west-2.amazonaws.com/us-west- 2_BLcbQ9DHK=eyJraWQiOiJlMF.....Z20mCsfhv4RHy0GSdJxLvZkZ- w10Gloz8cApb71QrvxY2vPvqq0klDvWzeA { "IdentityId": "us-west-2:bbc7f768-1a17-4c02-8f48-56d2e84c3947" }
-
获取身份的凭据
~> aws cognito-identity get-credentials-for-identity --identity-id us-west-2:bbc7f768-1a17-4c02-8f48-56d2e84c3947 --login cognito-idp.us-west-2.amazonaws.com/us-west- 2_BLcbQ9DHK=eyJraWQ......sj5bOd3hu824g --profile dev1 { "IdentityId": "us-west-2:bbc7f768-1a17-4c02-8f48-56d2e84c3947", "Credentials": { "AccessKeyId": "AS....O57QPE", "SecretKey": "f....CJsfDV5Y2jW", "SessionToken":"IQWvwc.......BDXm+5khWB5m/NWYUbf7leZ/Sk2f2y4Le", "Expiration": 1641857034.0 } }