打电话给AWS Cognito安全端点时获得401
我有一个Cognito用户池。 该池具有用于JavaScript的应用程序集成,该应用程序没有秘密。 我可以使用以下代码登录
private static async signin(role: UserRole): Promise<string> {
const user = getUser();
const cognitoUser = new CognitoUser({
Username: user.username,
Pool: "myuserpool"
});
const authDetails = new AuthenticationDetails({
Username: user.username,
Password: user.password
});
return new Promise((resolve, reject): void => {
cognitoUser.authenticateUser(authDetails, {
onSuccess: result => {
this.credentials[role] = result.getIdToken().getJwtToken();
resolve(this.credentials[role]);
},
onFailure: err => {
console.log(`Failed login to cognito with ${role}: `, err);
reject(err);
}
});
});
}
当我使用AWS-API-GATEWAY-CLIENT拨打端点时,
,我可以看到附加的令牌,但它总是返回401个未经授权的返回。这是非常令人困惑的,因为我可以将这个令牌粘贴到Apigeway授权者中并获得200个好的。因此,似乎令牌似乎有效,只是无法正常工作。
编辑: 这是流程。...
- 我有一个Cognito用户池
- ,我可以使用用户名 /密码登录到该用户池并获得令牌,
- 然后回到AWS-API-GATEWAY上的“授权”:“ Bearer {token}” - 关键请求标题。
- 请求未经授权的401失败,它告诉我令牌是有效的。
- 如果我将同样的令牌粘贴并粘贴到Apigateway授权器的测试部分,
I have a Cognito user pool.
The pool has an application integration for JavaScript that does not have a secret.
I am able to login using the following code
private static async signin(role: UserRole): Promise<string> {
const user = getUser();
const cognitoUser = new CognitoUser({
Username: user.username,
Pool: "myuserpool"
});
const authDetails = new AuthenticationDetails({
Username: user.username,
Password: user.password
});
return new Promise((resolve, reject): void => {
cognitoUser.authenticateUser(authDetails, {
onSuccess: result => {
this.credentials[role] = result.getIdToken().getJwtToken();
resolve(this.credentials[role]);
},
onFailure: err => {
console.log(`Failed login to cognito with ${role}: `, err);
reject(err);
}
});
});
}
When I make a call to my endpoint with the aws-api-gateway-client, I can see the token attached, but it always returns a 401 unauthorized.
It's super confusing because I can take this token and paste it into the ApiGateway Authorizer and receive a 200 ok. So it seems the token is valid, just not working properly.
EDIT:
Here is the flow....
- I have a Cognito user pool
- I can login to that userpool with a username / password and get a token back
- I then set "Authorization": "bearer {token}" on the aws-api-gateway-client request headers.
- The request fails with a 401 Unauthorized
- If I take that same token and paste it in the test section of the ApiGateway Authorizer, It tells me the token is valid.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我认为您不需要“承载”部分才能获得标题值。 Cognito授权者只是在寻找密钥/令牌。尝试
“授权”的标题:“&lt; token_goes_here&gt;”。I don't think you need the "bearer" part for the header value. Cognito authorizers are just looking for the key/token. Try a header of
"Authorization" : "<token_goes_here>".