我正在使用AWS sdk for javascript,并尝试使用新的Cognito用户池服务。我从底层http请求中得到一个错误,访问Cognito API函数AWSCognitoIdentityService.GetId:
POST / HTTP/1.1
Host: cognito-identity.us-east-1.amazonaws.com
Connection: keep-alive
Content-Length: 985
Cache-Control: max-age=0
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Content-Type: application/x-amz-json-1.1
X-Amz-Content-Sha256: 9fba852db0a50678957c5be2a317ebce5edbb4580ad7cb1d7b524e2ff5bf95f7
X-Amz-Target: AWSCognitoIdentityService.GetId
X-Amz-User-Agent: aws-sdk-js/2.3.17
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
请求有效载荷:
{"IdentityPoolId":"us-east-1:f9a5b209-8ed6-405d-987c-eb2954d30d1c","Logins":{"cognito-idp.us-east-1.amazonaws.com/us-east-1_9ymEVPkkL":"eyJraWQiOiJQUFhBemRsVDg1K29kNzNvTFU4cnFzVUZORVJvVkh2aVJERGV4bzdISmJzPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0OTNlYjk5MS1iMTgyLTQxYzAtYmZhNC00N2M5YzViMzM1OTMiLCJhdWQiOiI3N3U3MnRidjN2M2M2MG1pZXFlNGhhbW8yOSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTQ2ODk4OTY4MywiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfOXltRVZQa2tMIiwibmFtZSI6Ik5uZW5uYSBVZGVnYnVuYW0iLCJleHAiOjE0Njg5OTMyODMsImlhdCI6MTQ2ODk4OTY4MywiZW1haWwiOiJubmVubmFAZGFzaHBlZWsuY29tIn0.gItOyeKF3pu24aWtaUwPMQtcOAJu9TWqmYeT3N74zijI9QgfxL93fagZvVgsQj-rqtRSddVV05ZHJBXXZiUZdb3PnUDp48R_1Kiv1RhIvMqOO43RNyS9B7G4uD0cdM8S7OCaoJMXbDPwVH5jy_j9_anm7HgbRGi3JYLS10bIvvuqznxp75V6bxsTGhVGT8EHTui-l0yqLhLbPDM05JV0sOXANFS-BO4sYjgJ-VU8GrP6D49wbses524bMIDAIRN78me5WAFC6OzOqZQ9e_JNVbgs8pHaaDqpqTZq6RUGGUS0QykhDPoJImbS_tt5rGNrVFrDpKXcwJAD1hI5x6lrNA"}}
响应:
HTTP/1.1 400 Bad Request
x-amzn-RequestId: 8e6f7124-4e35-11e6-a6a6-d56ee4384e6b
Access-Control-Allow-Origin: *
x-amzn-ErrorType: NotAuthorizedException:
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
**x-amzn-ErrorMessage: Token is not from a supported provider of this identity pool.**
Content-Type: application/x-amz-json-1.1
Content-Length: 109
Date: Wed, 20 Jul 2016 04:51:01 GMT
Connection: close
此"令牌不是来自此身份池的受支持提供商"毫无意义。此令牌来自身份验证期间缓存的用户会话。所提供的loginID是基于Cognito用户池的格式。
以下是一些示例javascript代码:
this.loginId = 'cognito-idp.' + this.region + '.amazonaws.com/' + this.userPoolId;
this.poolData = {
UserPoolId : this.userPoolId,
ClientId : this.clientId
};
this.userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(this.poolData);
cognitoUser.getSession(function(err, session) {
if (err) {
console.log(err);
console.log("user session expired. needs to log in");
this.navigateToLogin();
return;
}
var token = session.getIdToken().getJwtToken();
AWS.config.credentials.params.Logins[this.loginId] = token;
AWS.config.credentials.refresh(function(err){
if (err) {
alert(err);
}else{
onLoggedIn();
}
});
console.log('session validity: ' + session.isValid());
}.bind(this));
让我困惑的是,它过去是有效的!有时,经过几天的登录和注销,我能够让它再次工作。但现在一切都停止了。我想知道这是不是一个bug,因为这项服务仍在测试阶段,或者是我做错了什么。
该异常是从Cognito Federated Identity抛出的,而不是从用户池抛出的,所以这不会是因为服务不稳定。这意味着您提供的登录密钥与链接到池的密钥不匹配,并且是从控制台配置的。
我会仔细检查一下你是否在控制台上正确配置了它,如果是的话,添加一些日志记录,看看当它不起作用时和当它起作用时,在登录设置中作为密钥发送的是什么。