總體問題: 我的前端(iOS)使用開發人員身份驗證身份時遇到問題。我知道我的後端生成正確的標記和身份標識,但我的刷新方法從未被調用。我也看了一下這個例子,但是我對所做的一切都有些困惑。 流程說明: 目前我有一個登錄屏幕,有一個登錄按鈕。用戶按下登錄按鈕,然後我的api類獲取憑證,加密密碼並將其存儲在鑰匙串中(現在註釋掉,因爲它在模擬器上不起作用)。我的DeveloperAuthenticatedIdentityProvider被稱爲我的應用程序BusytimeAuthenticated。我已經完成了所有的方法(我使用AWS lambda和DynamoDB對用戶進行身份驗證),我以未經身份驗證的訪問開始,這允許我只訪問兩種方法,即登錄和註冊。然後,我想假設我的身份驗證用戶允許我調用其他方法。從unauth切換到開發人員認證的認證用戶 - AWS iOS SDK
我API代碼:
[AWSLogger defaultLogger].logLevel = AWSLogLevelVerbose;
id<AWSCognitoIdentityProvider> identityProvider = [[BusytimeAuthenticated alloc] initWithRegionType:AWSRegionUSEast1
identityId:nil
identityPoolId:@"SOMEIDENTITYPOOLID"
logins:@{@"SOMEPROVIDERNAME": @"SOMEUSERNAME"}
providerName:@"SOMEPROVIDERNAME"
];
credentialsProvider = [[AWSCognitoCredentialsProvider alloc] initWithRegionType:AWSRegionUSEast1
identityProvider:identityProvider
unauthRoleArn:nil
authRoleArn:nil];
configuration = [[AWSServiceConfiguration alloc] initWithRegion:AWSRegionUSEast1
credentialsProvider:self.credentialsProvider];
AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = configuration;
[[credentialsProvider refresh] continueWithBlock:^id(BFTask *task){
[self testAuth];
return nil;
}];
我DeveloperAuthenticatedIdentityProvider代碼(BusytimeAuthenticated):
#import "BusytimeAuthenticated.h"
@interface BusytimeAuthenticated()
@property (strong, atomic) NSString *providerName;
@property (strong, atomic) NSString *token;
@end
@implementation BusytimeAuthenticated
@synthesize providerName=_providerName;
@synthesize token=_token;
- (instancetype)initWithRegionType:(AWSRegionType)regionType
identityId:(NSString *)identityId
identityPoolId:(NSString *)identityPoolId
logins:(NSDictionary *)logins
providerName:(NSString *)providerName{
if (self = [super initWithRegionType:regionType identityId:identityId accountId:nil identityPoolId:identityPoolId logins:logins]) {
self.providerName = providerName;
}
return self;
}
// Return the developer provider name which you choose while setting up the
// identity pool in the Amazon Cognito Console
- (BOOL)authenticatedWithProvider {
return [self.logins objectForKey:self.providerName] != nil;
}
// If the app has a valid identityId return it, otherwise get a valid
// identityId from your backend.
- (BFTask *)getIdentityId {
// already cached the identity id, return it
if (self.identityId) {
return [BFTask taskWithResult:nil];
}
// not authenticated with our developer provider
else if (![self authenticatedWithProvider]) {
return [super getIdentityId];
}
// authenticated with our developer provider, use refresh logic to get id/token pair
else {
return [[BFTask taskWithResult:nil] continueWithBlock:^id(BFTask *task) {
if (!self.identityId) {
return [self refresh];
}
return [BFTask taskWithResult:self.identityId];
}];
}
}
// Use the refresh method to communicate with your backend to get an
// identityId and token.
- (BFTask *)refresh {
if (![self authenticatedWithProvider]) {
return [super getIdentityId];
}else{
// KeychainWrapper *keychain = [[KeychainWrapper alloc]init];
AWSLambdaInvoker *lambdaInvoker = [AWSLambdaInvoker defaultLambdaInvoker];
NSDictionary *parameters = @{@"username" : @"SOMEUSERNAME",
@"password":@"SOMEENCRYPTEDPASS",
@"isError" : @NO};
NSLog(@"Here");
[[lambdaInvoker invokeFunction:@"login" JSONObject:parameters] continueWithBlock:^id(BFTask* task) {
if (task.error) {
NSLog(@"Error: %@", task.error);
}
if (task.exception) {
NSLog(@"Exception: %@", task.exception);
}
if (task.result) {
self.identityId = [task.result objectForKey:@"IdentityId" ];
self.token = [task.result objectForKey:@"Token" ];
// [keychain mySetObject:[task.result objectForKey:@"Token" ] forKey:@"Token"];
// [keychain mySetObject:[task.result objectForKey:@"IdentityId" ] forKey:@"IdentityId"];
NSLog(@"Result: %@", task.result);
}
return [BFTask taskWithResult:self.identityId];
}];
}
return NULL;
}
@end
總結問題: 不幸的是,當我測試我的新priveleges,我從錯誤中看到:「 Unauth_Role/CognitoIdentityCredentials未被授權執行:lambda:InvokeFunction「。很明顯,我沒有正確地切換。我在我的刷新方法中放置了一個斷點,以查看它是否被調用。不是。我不太瞭解我如何正確切換。任何幫助獲得這項工作非常感謝。
注意:我做的一個大改變是我拿出了「DeveloperAuthenticationClient」類,因爲我認爲我可以在沒有它的情況下做到這一點。
我的問題已更新到此:http://stackoverflow.com/questions/33205271/unauthenticated-user-to-authenticated-user-on-aws-cognito/33219337#33219337 – user2977578