我正在尝试向AWS API网关发送经过身份验证的请求。客户端将根据Cognito Your User Pool进行身份验证,然后从与用户池中登录的用户相对应的关联Cognito Identity Pool获取令牌。我正在尝试用Postman模拟这样的请求。
这篇文章建议命令aws cognito-identity get-credentials-for-identity可以用来获得邮差签名请求所需的AccessKeyId和SecretKey。但是,当我尝试使用Cognito user Pool控制台的用户的sub属性运行它时:
$ aws cognito-identity get-credentials-for-identity --identity-id aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
An error occurred (ValidationException) when calling the GetCredentialsForIdentity operation: 1 validation error detected: Value 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee' at 'identityId' failed to satisfy constraint: Member must satisfy regular expression pattern: [w-]+:[0-9a-f-]+
$ aws cognito-identity get-credentials-for-identity --identity-id us-east-1:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
An error occurred (ResourceNotFoundException) when calling the GetCredentialsForIdentity operation: Identity 'us-east-1:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee' not found.
如果我尝试使用AWS控制台中显示的关联身份池中的身份ID(我选择了一个有两个"链接登录"的身份ID),也会发生同样的事情。
您需要传递登录映射:
--logins (map)
A set of optional name-value pairs that map provider names to
provider tokens.
Shorthand Syntax:
KeyName1=string,KeyName2=string
JSON Syntax:
{"string": "string"
...}
这个语法对我来说很有效:
aws cognito-identity get-credentials-for-identity
--identity-id us-east-1:aaaa-bbb-ccc-bc54-rrrrrrr
--logins graph.facebook.com=kdajbdjkabkjbkjbkdbsckslcjxb
注意:--identity-id不是身份池id,它是来自身份浏览器的身份。
API gateway现在与'Cognito Your User Pool'本地集成,因此您可以直接传递身份令牌- API gateway文档。您所链接的文章已过期