我正在尝试使用AWS Cognito进行身份验证(使用谷歌),并授权用户,以分配给已授权的用户IAM角色。
到目前为止,我已经按照以下步骤进行了操作:
Use the authorization end point to fire up Google OAuth process http://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
I am using "Grant flow" I receive a such as
code=b3e8bca6-5a01-45db-b4c6-cd6900d0xxxx
Make a post request to oath/token http://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
I receive the following information:
"id_token": "eyJraWQiOiJJR2NVdHJcL3pOa3pQK1lre...........", "access_token": "eyJraWQiOiJCbWx0cjJvMnJlVGhHW..........", "refresh_token": "eyJjdHkiOiJKV1QiLCJlbmMiOi............", "expires_in": 3600, "token_type": "Bearer"
Try to fetch the AWS credntions using the CognitoIdentityCredentials
AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: environment.identityPoolId, // Federated ID eu-west-2:af47703f-350c-4018-ae6a-xxxxxx RoleArn: environment.roleArn,// IAM role Logins: { 'accounts.google.com': data.id_token }, }); AWS.config.getCredentials((error) => { if(error) console.log("Error: ", error); this.creds = AWS.config.credentials; });
{"__type":"NotAuthorizedException","message":"Invalid login token. Issuer doesn't match providerName"}
几个问题
- 执行步骤的顺序是否正确?
- 如何获取CognitoUserId?
id_token
是一个非常长的字符串,但不确定可以从中提取什么信息? - 最后,如何获取accessKey以进行AWS调用?
任何帮助或指导将不胜感激。
谢谢
data.id_token
中使用哪个令牌? - Teddy Kossoko