我是一名开发人员,试图用PHP连接到服务器。这是我用于服务器开发人员身份验证的代码:
<?php
require 'aws.phar';
use AwsCognitoIdentityCognitoIdentityClient;
use AwsStsStsClient;
use AwsCredentialsCredentials;
use AwsS3S3Client;
$identityClient = CognitoIdentityClient::factory(array(
'version' => 'latest',
'region' => 'ap-northeast-1'
));
$idResp = $identityClient->getId(array(
'AccountId' => 'XXXXXXXXXXX',
'IdentityPoolId' => 'XXXXXXXXXXXXXX',
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$identityId = $idResp["IdentityId"];
$tokenResp = $identityClient->getOpenIdToken(array(
'IdentityId' => $identityId,
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$token = $tokenResp["Token"];
$stsClient = StsClient::factory(array(
'region' => 'us-east-1',
'version' => '2011-06-15'
));
$stsResp = $stsClient->assumeRoleWithWebIdentity(array(
'RoleArn' =>'arn:aws:iam::XXXXXXXXXX:role/Cognito_appAuth_Role',
'RoleSessionName' => 'App', // you need to give the session a name
'WebIdentityToken' => $token
));
$credentials = new Credentials(
$stsResp['Credentials']['AccessKeyId'],
$stsResp['Credentials']['SecretAccessKey'],
$stsResp['Credentials']['SessionToken']
);
$s3Client = new S3Client([
'version' => '2006-03-01',
'region' => 'us-east-1',
'credentials' => $credentials
]);
代码非常详细,我收到的以下错误消息也是如此。我很难理解这一点:
PHP Fatal error: Uncaught exception
'AwsCognitoIdentityExceptionCognitoIdentityException' with message
'Error executing "GetId" on "https://cognito-identity.ap-northeast-
1.amazonaws.com"; AWS HTTP error:
Client error:
`POST https://cognito- identity.ap- northeast-1.amazonaws.com` resulted
in a `400 Bad Request` response:
{"__type":"ValidationException","message":
"1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login (truncated...)
ValidationException (client):
1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login.blupinch.app}' at 'logins'
failed to satisfy constraint:
Map keys must satisfy constraint:
[Member must have length less than or equal to 128, Member must have
length greater than or equal to 1, Member must satisfy regular expression
pattern: [w._/-]+] - {"__type":
"ValidationException","message":
"1 validation error detected:
Value '{cognito- identity.amazonaws.com:amr=login.blupinch.app}' at
'logins' failed to satisfy constraint:
Map keys must satisfy constraint:
[Mem in phar:///home/ubuntu/aws.phar/Aws/WrappedHttpHandler.php on
我相信错误与键cognito-identity.amazonaws.com:amr的值有关。所以我想知道,我应该为该键设置什么值?
所以后端服务器不需要调用 GetId 或 GetOpenIdToken API。您需要从您的服务器调用 Amazon Cognito 的 GetOpenIdTokenForDeveloperIdentity API。对于登录映射,密钥应该是您在 Amazon Cognito 控制台中为此身份池指定的开发人员提供商名称,该值应该是已从本机应用程序向您的服务器进行身份验证的用户的唯一用户标识符。Cognito 会将与该用户名关联的 identityId 和 OpenId Connect 令牌返回到您的后端,并且应将其传递回应用程序。
我强烈建议您关注我们的博客文章和开发人员指南,它深入解释了此流程。与往常一样,如果您有任何问题,请随时提出。
谢谢。