如何在 Android 上使用 IAM 或 Cognito Pool 作为身份验证方法而不是 API 密钥

Posted 2023-03-08

【中文标题】如何在 Android 上使用 IAM 或 Cognito Pool 作为身份验证方法而不是 API 密钥

【英文标题】：How can I use IAM or Cognito Pool as an authentication method instead of API keys on Android

【发布时间】：2019-10-03 06:45:51

【问题描述】：

我正在使用带有 AWS Amplify 的 AppSync API 设置，我收到以下错误。 IAM 和 Cognito 池授权方法均失败并产生此错误。当我使用 API 密钥时没有问题。

    2019-05-15 23:15:44.215 15058-15058/com.example.aaa.amplify E/androidRuntime: FATAL EXCEPTION: main
Process: com.example.aaa.amplify, PID: 15058
java.lang.RuntimeException: Unable to start activity ComponentInfocom.example.aaa.amplify/com.example.aaa.amplify.MainActivity: java.lang.RuntimeException: Failed to read awsconfiguration.json please check that it is correctly formed.
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2665)
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2726)
    at android.app.ActivityThread.-wrap12(ActivityThread.java)
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1477)
    at android.os.Handler.dispatchMessage(Handler.java:102)
    at android.os.Looper.loop(Looper.java:154)
    at android.app.ActivityThread.main(ActivityThread.java:6119)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776)
 Caused by: java.lang.RuntimeException: Failed to read awsconfiguration.json please check that it is correctly formed.
    at com.amazonaws.mobile.config.AWSConfiguration.readInputJson(AWSConfiguration.java:99)
    at com.amazonaws.mobile.config.AWSConfiguration.<init>(AWSConfiguration.java:83)
    at com.amazonaws.mobile.config.AWSConfiguration.<init>(AWSConfiguration.java:68)
    at com.amazonaws.mobile.config.AWSConfiguration.<init>(AWSConfiguration.java:45)
    at com.example.aaa.amplify.MainActivity.onCreate(MainActivity.java:33)
    at android.app.Activity.performCreate(Activity.java:6679)
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1118)
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2618)
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2726) 
    at android.app.ActivityThread.-wrap12(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1477) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:154) 
    at android.app.ActivityThread.main(ActivityThread.java:6119) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776) 
 Caused by: org.json.JSONException: End of input at character 1241 of     "UserAgent": "aws-amplify-cli/0.1.0",    "Version": "1.0",    "IdentityManager":         "Default":     ,    "AppSync":         "Default":             "ApiUrl": "https://xxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",            "Region": "us-west-2",            "AuthMode": "API_KEY",            "ApiKey": "da2-xxxxxxxxxxxxxxxx",            "ClientDatabasePrefix": "xxxxxxxxxxxxxxx-master_API_KEY"        ,//        "Default": //            "ApiUrl": "https://xxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",//            "Region": "us-west-2",//            "AuthMode": "AWS_IAM",//            "ClientDatabasePrefix": "xxxxxxxx-master_AWS_IAM"//        ,    ,    "CognitoUserPool":         "Default":             "PoolId": "us-west-xxxxxxx",            "AppClientId": "xxxxxxxxxxxxx",            "AppClientSecret": "xxxxxxxxxxxxxxxxxx",            "Region": "us-west-2"            ,    "Auth":         "Default":             "OAuth":                 "AppClientId": "xxxxxxxxxxxxxxxxxxxxxxx",                "AppClientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"                        
    at org.json.JSONTokener.syntaxError(JSONTokener.java:449)
    at org.json.JSONTokener.nextValue(JSONTokener.java:97)
    at org.json.JSONTokener.readObject(JSONTokener.java:361)
    at org.json.JSONTokener.nextValue(JSONTokener.java:100)
    at org.json.JSONTokener.readObject(JSONTokener.java:384)
    at org.json.JSONTokener.nextValue(JSONTokener.java:100)
    at org.json.JSONObject.<init>(JSONObject.java:156)
    at org.json.JSONObject.<init>(JSONObject.java:173)
    at com.amazonaws.mobile.config.AWSConfiguration.readInputJson(AWSConfiguration.java:97)
    at com.amazonaws.mobile.config.AWSConfiguration.<init>(AWSConfiguration.java:83) 
    at com.amazonaws.mobile.config.AWSConfiguration.<init>(AWSConfiguration.java:68) 
    at com.amazonaws.mobile.config.AWSConfiguration.<init>(AWSConfiguration.java:45) 
    at com.example.aaa.amplify.MainActivity.onCreate(MainActivity.java:33) 
    at android.app.Activity.performCreate(Activity.java:6679) 
    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1118) 
    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2618) 
    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2726) 
    at android.app.ActivityThread.-wrap12(ActivityThread.java) 
    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1477) 
    at android.os.Handler.dispatchMessage(Handler.java:102) 
    at android.os.Looper.loop(Looper.java:154) 
    at android.app.ActivityThread.main(ActivityThread.java:6119) 
    at java.lang.reflect.Method.invoke(Native Method) 
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886) 
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776)

 

我已尝试将 API 直接连接到项目并使用 amplify add codegen xxxxxxxxxxxx 进行自动设置。我运气不好

我的 awsconfiguration.json 文件：

//WORKS 
"AppSync": 
    "Default": 
        "ApiUrl": "https://xxxxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",
        "Region": "us-west-2",
        "AuthMode": "API_KEY",
        "ApiKey": "da2-xxxxxxxx",
        "ClientDatabasePrefix": "xxxxxx-master_API_KEY"
    ,

//DOES NOT WORK
   // "Default": 
   //     "ApiUrl": "https://xxxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",
   //     "Region": "us-west-2",
   //     "AuthMode": "AWS_IAM",
   //     "ClientDatabasePrefix": "xxxxx-master_AWS_IAM"
   // ,
//DOES NOT WORK
    // "Default": 
    //     "ApiUrl": "https://xxxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",
    //     "Region": "us-west-2",
    //     "AuthMode": "AMAZON_COGNITO_USER_POOLS",
    //     "ClientDatabasePrefix": "xxxxxxxxxxx-master_AMAZON_COGNITO_USER_POOLS"
    // ,

当我使用 API 密钥时，我可以连接到后端，但是当我尝试使用 user_pool 或 IAM 角色进行身份验证时，我收到错误消息。对于开发，API 很好，但现在正确的设置是使用其他方法之一，Cognito 池或 IAM

【参考方案1】：

您需要修复awsconfiguration.json 文件中的格式错误。例如，如果 API_KEY 是您在 AWS AppSync GraphQL API 上配置的默认授权模式，则文件中将包含以下内容。

  "AppSync": 
    "Default": 
      "ApiUrl": "https://xxxxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",
      "Region": "us-west-2",
      "AuthMode": "API_KEY",
      "ApiKey": "da2-xxxxxxxx",
      "ClientDatabasePrefix": "xxxxxx-master_API_KEY"
    
  

如果您配置了多种授权模式，您将拥有以下文件：

  "AppSync": 
    "Default": 
      "ApiUrl": "https://xxxxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",
      "Region": "us-west-2",
      "AuthMode": "API_KEY",
      "ApiKey": "da2-xxxxxxxx",
      "ClientDatabasePrefix": "xxxxxx-master_API_KEY"
    ,
    "AWS_IAM": 
      "ApiUrl": "https://xxxxxxxxxxxxxxx.appsync-api.us-west-2.amazonaws.com/graphql",
      "Region": "us-west-2",
      "AuthMode": "AWS_IAM",
      "ClientDatabasePrefix": "xxxxxx-master_AWS_IAM"
    
  

现在您可以创建多个 AWS AppSync 客户端来使用不同的授权模式。当您需要使用文件中的AWS_IAM 部分时，您可以执行以下操作：

AWSConfiguration awsConfiguration = new AWSConfiguration(getApplicationContext());
awsConfiguration.setConfiguration("AWS_IAM");

【讨论】：

这不能回答问题。 trackstarz408 询问如何为 AWS_IAM 身份验证模式配置 AWS 后端和客户端（在本例中为 Android）。具有讽刺意味的是，这里唯一可用的信息是有关 API_KEY 模式的信息，OP 已经说过该模式有效，但由于不能用于生产，因此不可取。在此模式下，OP 没有要更正的错误。