在我的AWS项目中,我使用API Gateway和Lambda创建了web服务。
我使用AWSMobileClient用于iOS,允许用户使用Cognito登录/注销,API网关为iOS (Swift)生成SDK,以便能够从该iOS应用程序调用API。
下面是我在iOS应用程序中管理Cognito的方法:
- 首先,初始化:
AWSMobileClient.default().initialize { (userState: UserState?, error: Error?) in
if (userState != nil)
{
print("AWSMobileClient initialize OK : (userState.debugDescription)")
}
if (error != nil)
{
print("AWSMobileClient initialize error : (String(describing: error))")
}
}
我:
"AWSMobileClient initialize OK : Optional(AWSMobileClient.UserState.signedOut)"
- 然后,登录:
AWSMobileClient.default().signIn(
username: "test@mail.com ",
password: "abcd1234") { (signInResult: SignInResult?, error: Error?) in
if (signInResult != nil)
{
if (signInResult!.signInState == SignInState.signedIn)
{
print("AWSMobileClient sign in OK")
}
else
{
print("AWSMobileClient sign in error")
}
}
if (error != nil)
{
print("AWSMobileClient sign in error (String(describing: error))")
}
}
我:
"AWSMobileClient sign in OK"
- 现在我想调用一个API,这需要用户登录:
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: AWSRegionType.EUCentral1,
identityPoolId: "eu-central-1:1234abcd-12ab-1234-1234-123456abcdef")
let configuration = AWSServiceConfiguration(
region: AWSRegionType.EUCentral1,
credentialsProvider: credentialsProvider)
AWSServiceManager.default()?.defaultServiceConfiguration = configuration
let myTestModel: MyTestModel = MyTestModel()
myTestModel.email = "test@mail.com "
myTestModel.newEmail = "test2@mail.com "
let client = MyMobileClient.default()
client
.signedInModifyInformationsAccountPost(contentType: "application/json", body: myTestModel)
.continueWith { (awsTask: AWSTask<Empty>) -> Any? in
if let awsError = awsTask.error as NSError?
{
print("Error: (awsError.userInfo)")
}
if let awsResult = awsTask.result
{
print("Success: (awsResult)"
}
return nil
}
但是在这里,我得到了以下错误:
Message = "User: arn:aws:sts::123456789012:assumed-role/wzj-dev-eu-central-1-identity-pool-non-authenticated/CognitoIdentityCredentials
is not authorized to perform: execute-api:Invoke on resource:
arn:aws:execute-api:eu-central-1:********1234:12345abcde/dev/POST/authenticated/modify-informations-account"
我真的不理解这个消息,因为用户已经登录了,并且我在调用API之前通过检查:AWSMobileClient.default().currentUserStatus(即:signedIn)得到了用户正确登录的确认。但是,您可以在错误中看到的IAM角色是.....未经身份验证的角色!
更令人惊讶的是,如果我退出我的应用程序,没有注销用户,然后再做一遍,现在它工作了,我可以调用相同的API没有任何错误。
编辑:
只有当我在之前调用另一个API时才会出现这个问题呼叫modify-informations-account。其他API既可以由经过身份验证的用户调用,也可以由未经身份验证的用户调用。如果我不调用其他API,一切都可以正常工作。
我做错了什么?
谢谢。
很简单:
不同于文档中所说的,而不是:
let credentialsProvider = AWSCognitoCredentialsProvider(
regionType: AWSRegionType.EUCentral1,
identityPoolId: "eu-central-1:1234abcd-12ab-1234-1234-123456abcdef")
let configuration = AWSServiceConfiguration(
region: AWSRegionType.EUCentral1,
credentialsProvider: credentialsProvider)
AWSServiceManager.default()?.defaultServiceConfiguration = configuration
替换为:
let configuration = AWSServiceConfiguration(
region: AWSRegionType.EUCentral1,
credentialsProvider: AWSMobileClient.default())
AWSServiceManager.default()?.defaultServiceConfiguration = configuration