编程语言
首页 > 编程语言> > javascript – 请求中包含的安全令牌无效. aws js sdk

javascript – 请求中包含的安全令牌无效. aws js sdk

作者:互联网

我发布了here on the AWS forum

我正在使用带有以下代码的aws-js-sdk v2.2.3.我通过填充Credentials获取数据.当我尝试使用凭据时,我得到的错误是它们无效.我正在使用开发人员身份验证身份流程.我有两个角色Auth& UNAUTH.我的身份池看起来是正确的.信任关系看起来像是指向正确的标识池ID. S3&的Auth角色附有政策. DynamoDB.我不知所措.任何帮助,将不胜感激.

javascript客户端:

var cognitoidentity = new AWS.CognitoIdentity({region: 'us-east-1'});
    var params = {
      IdentityId: user.cognito_id,
      Logins: {
    'cognito-identity.amazonaws.com': user.cognito_token
      }
    };
    cognitoidentity.getCredentialsForIdentity(params, function(err, data) {
      if (err) console.log(err, err.stack); // an error occurred
      else console.log(data.Credentials);
    });

我在控制台上登录了Id& SecretKey和他们被填写.

var aws_creds = StateService.get('user').aws_creds;
console.log(aws_creds.AccessKeyId);
console.log(aws_creds.SecretKey);
AWS.config.update({ accessKeyId: aws_creds.AccessKeyId,
            secretAccessKey: aws_creds.SecretKey,
            endpoint: ENV.aws_dyndb_endpoint,
            region: 'us-east-1'
            });
var dynamodb = new AWS.DynamoDB();


console.log("user obj: ", StateService.get('user'));
var params = {
    TableName: games_table_name,
    KeyConditionExpression: "Id = :v1",
    ExpressionAttributeValues: {
      ":v1": {"N": id}
    }
};

return dynamodb.query(params);

我的解决方案
我想到的是显式刷新凭据,而不是在我创建DynamoDb对象时懒得.这是我使用的函数,它返回一个promise&刷新凭据时解析.

refresh: function() {
    var deferred = $q.defer();
    AWS.config.region = 'us-east-1'; 
    AWS.config.credentials = new AWS.CognitoIdentityCredentials({
      IdentityPoolId: COGNITO_IDENTITY_POOL_ID, 
      IdentityId: COGNITO_ID, 
      Logins: 'cognito-identity.amazonaws.com'
    });

    AWS.config.credentials.refresh(function(error) {
      if ((error === undefined) || (error === null)) {
        $log.debug("Credentials Refreshed Success: ", AWS.config.credentials);
        var params = {
          region: 'us-east-1',
          apiVersion: '2012-08-10',
          credentials: AWS.config.credentials
        };

        $rootScope.dynamodb = new AWS.DynamoDB({params: params});
        deferred.resolve();
      }
      else {
        $log.debug("Error refreshing AWS Creds:, ", error);
        deferred.reject(error);
      }
    });

    return deferred.promise;
}

解决方法:

如果要使用Cognito凭据调用其他AWS服务,我建议您使用Javascript SDK中的高级AWS.CognitoIdentityCredentials对象,而不是直接调用服务API.

您可以在Cognito开发人员指南中找到有关如何初始化和使用AWS.CognitoIdentityCredentials的更多信息:
Developer Authenticated Identities

阿尔伯特

标签:javascript,amazon-web-services,amazon-dynamodb,amazon-cognito
来源: https://codeday.me/bug/20190628/1314766.html