AWS cognito 快速将令牌交换为凭证

Posted

技术标签:

【中文标题】AWS cognito 快速将令牌交换为凭证【英文标题】:AWS cognito exchange token to credential in swift 【发布时间】:2019-07-20 21:22:59 【问题描述】:

我尝试在此 aws Doc 登录后使用身份池访问 aws 服务 https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html

但是在将用户池与身份池部分集成时, 我无法在 swift 代码中添加令牌

let serviceConfiguration = AWSServiceConfiguration(region: .USEast1, credentialsProvider: nil)
let userPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration(clientId: "YOUR_CLIENT_ID", clientSecret: "YOUR_CLIENT_SECRET", poolId: "YOUR_USER_POOL_ID")
AWSCognitoIdentityUserPool.registerCognitoIdentityUserPoolWithConfiguration(serviceConfiguration, userPoolConfiguration: userPoolConfiguration, forKey: "UserPool")
let pool = AWSCognitoIdentityUserPool(forKey: "UserPool")
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "YOUR_IDENTITY_POOL_ID", identityProviderManager:pool)

javascriptandroid 中都有 credentialsProvider.logins 。

我收到这样的消息:

Message: The security token included in the request is invalid.

或者我需要通过这个文档调用 aws sts api? https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_credentials_temp_request.html

感谢您的帮助。

【问题讨论】:

【参考方案1】:

我先试试这个

let identity = AWSCognitoIdentity.default()
        let input = AWSCognitoIdentityGetCredentialsForIdentityInput()
        input?.identityId = identityid
        input?.logins = ["cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXXX":identityToken]
        identity.getCredentialsForIdentity(input!).continueWith(block:  (task:AWSTask<AWSCognitoIdentityGetCredentialsForIdentityResponse>) -> Any? in

            if (task.error != nil) 
                print("Error: " + task.error!.localizedDescription)
            
            else 
                self.accessKey = (task.result?.credentials?.accessKeyId)!
                self.secrectKey = (task.result?.credentials?.secretKey)!
                self.sessionToken = (task.result?.credentials?.sessionToken)
            
            return task;
        )

但这不起作用,我不确定会发生什么。我使用 https 来获取 aws iot shadow,它将返回 null 值并获取 403 消息。 然后我像这样更改官方文档代码

let serviceConfiguration = AWSServiceConfiguration(region: .USEast1,credentialsProvider: nil)
let userPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration(clientId: "YOUR_CLIENT_ID", clientSecret: "YOUR_CLIENT_SECRET", poolId: "YOUR_USER_POOL_ID")
AWSCognitoIdentityUserPool.registerCognitoIdentityUserPoolWithConfiguration(serviceConfiguration, userPoolConfiguration: userPoolConfiguration, forKey: "UserPool")
let pool = AWSCognitoIdentityUserPool(forKey: "UserPool")
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "YOUR_IDENTITY_POOL_ID", identityProviderManager:pool)

然后使用此代码

    credentialsProvider.credentials().continueWith(block:  (task) -> AnyObject? in
        if (task.error != nil) 
            print("Error: " + task.error!.localizedDescription)
        
        else 
            let credentials = task.result!
            self.accessKey = credentials.accessKey
            self.secrectKey = credentials.secretKey
            self.session  = credentials.sessionKey!           
        return task;
    )

但是这段代码没有使用我从 cognito 登录获得的 idtoken,也许这只是让我访问服务,然后我可以解析 idtoken 以获取 idtoken 详细消息。

希望这对某人有所帮助。

除此之外,导入的东西是将PrincipalPolicy你的临时凭证附加到iot,当你登录cognito时,你会得到凭证identityID, 然后使用此身份ID 附加。

否则你会得到 403 禁止,并且返回一个空值。

FYR https://github.com/awslabs/aws-sdk-ios-samples/blob/master/IoT-Sample/Swift/IoTSampleSwift/ConnectionViewController.swift

【讨论】:

以上是关于AWS cognito 快速将令牌交换为凭证的主要内容,如果未能解决你的问题,请参考以下文章

在 Android 上获取 Cognito 凭证

AWS Cognito:将自定义声明/属性添加到 JWT 访问令牌

如何缓存来自 cognito 的 ID 令牌,以便后续访问 API 网关?

为 aws cognito id 令牌生成基于角色的声明

Python - 导出 AWS Cognito 用户池 - NoCredentialsError:无法找到凭证

我无法获取用户的 AWS Cognito 凭证 (swiftUI)