我在API网关上玩了几个小时,在处理不同的资源身份验证需求时遇到了问题。似乎没有办法通过AWSAPIGatewayClient生成的类访问公共api端点。
这是一个场景:
/moments
GET - Auth: None
POST - Auth: AWS_IAM.
API网关生成以下内容:
@interface CLIFamilyMomentsClient: AWSAPIGatewayClient
+ (instancetype)defaultClient;
+ (void)registerClientWithConfiguration:(AWSServiceConfiguration *)configuration forKey:(NSString *)key;
+ (instancetype)clientForKey:(NSString *)key;
+ (void)removeClientForKey:(NSString *)key;
- (AWSTask *)momentsGet;
- (AWSTask *)momentsPost:(CLICreateMomentRequest *)body;
@end
事实证明,momentsGet正在寻找某种AWS Cognito凭据,尽管这是一个公共可访问的端点。
我正在执行的代码:
let serviceClient = CLIFamilyMomentsClient.defaultClient()
let awsTask = serviceClient.momentsGet()
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
if let response = task.result as! CLIListMomentsResponse?{
print(response.items.count)
}
}
return nil
}
输出
2015-11-22 19:40:17.603 FamilyMoments[610:169366] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:428 | __73-[AWSCognitoCredentialsProvider getCredentialsWithCognito:authenticated:]_block_invoke | GetCredentialsForIdentity failed. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}]
2015-11-22 19:40:17.605 FamilyMoments[610:169366] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:527 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke352 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}]
Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}
是我遗漏了什么,还是API网关生成的SDK不打算同时使用身份验证和匿名访问?
我终于做到了。事实证明,您可以注册不同的AWSServiceConfiguration配置并分别使用它们。
在AppDelegate.swift 上
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
// AWS Cognito Access for authenticated requests
let credentialProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "us-east-1:xxxxxxxxxxxxxxxxxx")
let configurationAuth = AWSServiceConfiguration(region: .USEast1, credentialsProvider: credentialProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configurationAuth
// Anonymous Access
let configurationAnonymous = AWSServiceConfiguration(region: .USEast1, credentialsProvider: AWSAnonymousCredentialsProvider())
CLIFamilyMomentsClient.registerClientWithConfiguration(configurationAnonymous, forKey: "anonymousAccess")
return true
}
对于公共可访问端点
let serviceClient = CLIFamilyMomentsClient(forKey: "anonymousAccess")
let awsTask = serviceClient.momentsGet()
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
print(task.result)
}
return nil
}
对于经过身份验证的端点
let serviceClient = CLIFamilyMomentsClient.defaultClient()
let awsTask = service.momentsPost(createMoment)
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
print(task.result)
}
return nil
}
希望这能帮助未来的开发人员。
正如API网关论坛上所指出的,这是当前生成的SDK的限制。我们有一个积压项目来解决这个问题。