Rob*_*een 6 amazon-web-services amazon-iam postman amazon-cognito aws-api-gateway
我正在尝试向AWS API Gateway发送经过身份验证的请求.客户端将针对Cognito您的用户池进行身份验证,然后从与用户池中已登录用户对应的关联Cognito Identity Pool中获取令牌.我试图使用Postman模拟这样的请求.
这篇文章建议该命令aws cognito-identity get-credentials-for-identity可用于获取Postman签署请求所需的AccessKeyId和SecretKey.但是,当我尝试使用subCognito User Pool控制台中的用户属性运行它时:
$ aws cognito-identity get-credentials-for-identity --identity-id aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
An error occurred (ValidationException) when calling the GetCredentialsForIdentity operation: 1 validation error detected: Value 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee' at 'identityId' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w-]+:[0-9a-f-]+
$ aws cognito-identity get-credentials-for-identity --identity-id us-east-1:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
An error occurred (ResourceNotFoundException) when calling the GetCredentialsForIdentity operation: Identity 'us-east-1:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee' not found.
如果我尝试使用AWS控制台中显示的关联标识池中的标识ID(我选择了具有2个"链接登录"的标识),则会发生同样的情况.
小智 1
您需要传递登录地图:
--logins (map)
A set of optional name-value pairs that map provider names to
provider tokens.
Shorthand Syntax:
KeyName1=string,KeyName2=string
JSON Syntax:
{"string": "string"
...}
这种语法对我有用:
aws cognito-identity get-credentials-for-identity \
--identity-id us-east-1:aaaa-bbb-ccc-bc54-rrrrrrr \
--logins graph.facebook.com=kdajbdjkabkjbkjbkdbsckslcjxb
注意:--identity-id不是身份池 ID,而是来自身份浏览器的身份。
| 归档时间: |
|
| 查看次数: |
3780 次 |
| 最近记录: |