Ped*_*tes 5 amazon-web-services amazon-cognito aws-appsync
我尝试使用具有自定义身份验证角色的联合身份来使用 AWS AppSync API,但没有成功。
首先,我按照本教程创建了我的客户端。然后我打开 Federated Identities 控制台 -> 编辑身份池 -> 自定义并创建一个Developer provider name:login.mycompany.myapp并选中Enable access to unauthenticated identities。
之后,我按照此了解如何创建自定义身份验证。
从后端获取身份 ID 和会话令牌后,您将把它们传递到 AWS.CognitoIdentityCredentials 提供商。这是一个例子:
Run Code Online (Sandbox Code Playgroud)AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'IDENTITY_POOL_ID', IdentityId: 'IDENTITY_ID_RETURNED_FROM_YOUR_PROVIDER', Logins: { 'cognito-identity.amazonaws.com': 'TOKEN_RETURNED_FROM_YOUR_PROVIDER' } });
我怎样才能得到IDENTITY_ID_RETURNED_FROM_YOUR_PROVIDER,cognito-identity.amazonaws.com和IDENTITY_ID_RETURNED_FROM_YOUR_PROVIDER? 我看到了如何做到这一点:
您可以通过调用 GetOpenIdTokenForDeveloperIdentity 来获取令牌。必须使用 AWS 开发人员凭证从后端调用此 API。
我检查了GetOpenIdTokenForDeveloperIdentity 文档并创建了这段代码:
const AWS = require('aws-sdk');
AWS.config.region = 'us-east-1'; // Region
const cognitoidentity = new AWS.CognitoIdentity();
const params = {
IdentityPoolId: IDENTITY_POOL_ID',
Logins: {
'login.mycompany.myapp': 'sometoken',
},
};
cognitoidentity.getOpenIdTokenForDeveloperIdentity(params, function(
err,
{ IdentityId, Token }
) {
if (err) {
console.log(err);
}
console.log(IdentityId, Token);
}
我得到了IdentityId和Token。我使用这些变量并创建了一个 Cognito 客户端,如下所示:
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: IDENTITY_POOL_ID,
IdentityId: IdentityId,
Logins: {
'cognito-identity.amazonaws.com': Token,
},
});
const credentials = AWS.config.credentials;
const AWSAppSyncClient = require('aws-appsync').default;
const AUTH_TYPE = require('aws-appsync/lib/link/auth-link').AUTH_TYPE;
// Set up Apollo client
const client = new AWSAppSyncClient({
url: GRAPHQL_API_URL,
region: REGION,
auth: {
type: AUTH_TYPE.AMAZON_COGNITO_USER_POOLS,
credentials: credentials,
},
});
现在,当我提出查询时
client.hydrated().then(function(client) {
//Now run a query
client
.query({ query: query })
.then(function logData(data) {
console.log('results of query: ', data);
})
.catch(console.error);
});
我收到错误:Network error: Response not successful: Received status code 401。我是否缺少某些配置?
谢谢你!
编辑:在联合身份中,我设置Unauthenticated role如下Authenticated role:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"appsync:GraphQL",
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "appsync:GraphQL",
"Resource": "arn:aws:appsync:*:*:apis/*/types/*/fields/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "appsync:GraphQL",
"Resource": "arn:aws:appsync:*:*:apis/*"
}
]
}
| 归档时间: |
|
| 查看次数: |
918 次 |
| 最近记录: |