我發佈了here on the AWS forum請求中包含的安全令牌無效。 aws js sdk
我在下面的代碼中使用了aws-js-sdk v2.2.3。我收到的數據與Credentials填充。當我嘗試使用憑據時,我收到錯誤信息,證明它們無效。我正在使用開發人員身份驗證流程。我有兩個角色Auth & UnAuth。我的身份池看起來是正確的。信任關係看起來像是指向正確的身份池ID。 DynamoDB中存在針對S3 &的Auth角色的策略。我很茫然。任何幫助,將不勝感激。
JavaScript客戶端:
var cognitoidentity = new AWS.CognitoIdentity({region: 'us-east-1'});
var params = {
IdentityId: user.cognito_id,
Logins: {
'cognito-identity.amazonaws.com': user.cognito_token
}
};
cognitoidentity.getCredentialsForIdentity(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data.Credentials);
});
我CONSOLE.LOG的Id &中SecretKey它們填充在
var aws_creds = StateService.get('user').aws_creds;
console.log(aws_creds.AccessKeyId);
console.log(aws_creds.SecretKey);
AWS.config.update({ accessKeyId: aws_creds.AccessKeyId,
secretAccessKey: aws_creds.SecretKey,
endpoint: ENV.aws_dyndb_endpoint,
region: 'us-east-1'
});
var dynamodb = new AWS.DynamoDB();
console.log("user obj: ", StateService.get('user'));
var params = {
TableName: games_table_name,
KeyConditionExpression: "Id = :v1",
ExpressionAttributeValues: {
":v1": {"N": id}
}
};
return dynamodb.query(params);
我的解決方案
我想出什麼樣的主意是明確刷新憑證,而不是在我爲實例創建DynamoDb對象時懶惰地獲取憑證。這是我使用的函數,當刷新憑證時,返回承諾&。
refresh: function() {
var deferred = $q.defer();
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: COGNITO_IDENTITY_POOL_ID,
IdentityId: COGNITO_ID,
Logins: 'cognito-identity.amazonaws.com'
});
AWS.config.credentials.refresh(function(error) {
if ((error === undefined) || (error === null)) {
$log.debug("Credentials Refreshed Success: ", AWS.config.credentials);
var params = {
region: 'us-east-1',
apiVersion: '2012-08-10',
credentials: AWS.config.credentials
};
$rootScope.dynamodb = new AWS.DynamoDB({params: params});
deferred.resolve();
}
else {
$log.debug("Error refreshing AWS Creds:, ", error);
deferred.reject(error);
}
});
return deferred.promise;
}
保存getCredentialsForIdentity()響應的代碼在哪裏?在失敗的操作中實際使用這些憑據的代碼在哪裏? – jarmod