cognito - 获得身份被禁止 [英] cognito - Access to Identity is forbidden
问题描述
我想了解亚马逊cognito,并通过Facebook尝试登录后S3文件夹列表内容。 脸书登录工作正常。当我点击测试按钮(cmdTestS3Tapped)它抛出下面的错误。
我列入AmazonClientManager.h,AmazonClientManager.m和Constants.h从实例亚马逊提供的项目。 这些常量给出belllow。任何人可以帮助我解决这个问题。
的#define AWSAccountID @MyAccountID
#定义CognitoPoolID @美东1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
#定义CognitoRoleAuth @ARN:AWS:IAM :: MyAccountID:角色/ Cognito_iOSTestPoolAuth_DefaultRole
#定义CognitoRoleUnauth @ARN:AWS:IAM :: MyAccountID:角色/ Cognito_iOSTestPoolAuth_DefaultRole
这是角色 - Cognito_iOSTestPoolAuth_DefaultRole
{
版本:2012年10月17日,
声明: [{
行动: [
mobileanalytics:PutEvents
cognito同步:*
]
效果:允许,
资源:
*
]
效果:允许,
行动:S3:*,
资源:*
}]
}
下面是信任关系
{
版本:2012年10月17日,
声明: [
{
锡德:,
效果:允许,
主要: {
联合:cognito-identity.amazonaws.com
},
行动:STS:AssumeRoleWithWebIdentity
条件: {
StringEquals:{
cognito-identity.amazonaws.com:aud:美东1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
},
ForAnyValue:弦乐器:{
cognito-identity.amazonaws.com:amr:未认证
}
}
}
]
}
下面是code我使用
- (IBAction为)cmdLoginWithFB:(ID)发送{
[[UIApplication的sharedApplication] setNetworkActivityIndicatorVisible:YES];
[自disableUI]
[AmazonClientManager sharedInstance] loginFromView:self.view withCompletionHandler:^(NSError *错误){
dispatch_async(dispatch_get_main_queue(),^ {
[自refreshUI]
});
}];
}
- (无效)refreshUI {
[[UIApplication的sharedApplication] setNetworkActivityIndicatorVisible:NO];
//self.browseDataButton.enabled = YES;
self.cmdLoginWithFB.enabled = YES;
如果([[AmazonClientManager sharedInstance] isLoggedIn]){
self.cmdLoginWithFB.titleLabel.text = @一线通;
的NSLog(@----------- LOGED在-------------->中);
}
其他 {
self.cmdLoginWithFB.titleLabel.text = @登陆;
的NSLog(@-----------不LOGED在-------------->中);
}
self.cmdLogoutWipe.enabled = [[AmazonClientManager sharedInstance] isLoggedIn];
}
- (IBAction为)cmdTestS3Tapped:(ID)发送{
如果([[AmazonClientManager sharedInstance] isLoggedIn]){
的NSLog(@----------- LOGED在-------------->中);
[自testListBucket]
}
其他 {
的NSLog(@-----------不LOGED在-------------->中);
}
}
- (无效)testListBucket {
AWSS3GetObjectRequest * getObjectRequest = [[AWSS3GetObjectRequest页头]初始化];
getObjectRequest.key = @image1.jpg;
getObjectRequest.bucket = @MULTIX测试;
的NSLog(@============================================> );
//默认服务已配置previously
// AWSS3 * S3 = [[AWSS3新] initWithConfiguration:[AWSServiceManager defaultServiceManager] .defaultServiceConfiguration]。
AWSS3 * S3 = [AWSS3 defaultS3]
[S3的getObject:getObjectRequest] continueWithBlock:^ ID(BFTask *任务){
如果(task.error)
{
的NSLog(@错误:%@,task.error);
}
其他
{
的NSLog(@得到的文件);
的NSData *数据= [task.result机构];
的NSString * urlString = [[NSString的页头] initWithData:数据编码:NSUTF8StringEncoding]。
NSURL * URL = [[NSURL页头] initWithString:urlString]。
如果([[UIApplication的sharedApplication] canOpenURL:URL]){
[[UIApplication的sharedApplication]的OpenURL:URL]
}
}
回零;
}];
的NSLog(@============================================> );
}
错误
2014年11月26日20:58:24.048 FBLoginTest [2647:83767]初始化客户端...
2014年11月26日20:58:24.055 FBLoginTest [2647:83767] ----------- LOGED在-------------->
2014年11月26日20:58:33.542 FBLoginTest [2647:83767] ----------- LOGED在-------------->
2014年11月26日20:58:33.542 FBLoginTest [2647:83767] ================================== ==========>
2014年11月26日20:58:33.551 FBLoginTest [2647:83767] ================================== ==========>
2014年11月26日20:58:33.554 FBLoginTest [2647:88515] AWSiOSSDKv2 [冗长] AWSURLRequestSerialization.m线:110 | - [AWSJSONRequestSerializer serializeRequest:头:参数:] |请求正文:[{IdentityId:美东1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX}]
2014年11月26日20:58:34.870 FBLoginTest [2647:88605] AWSiOSSDKv2 [调试] AWSURLResponseSerialization.m行:85 | - [AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:数据:错误:] |响应头:[{
内容长度= 129;
内容类型=应用程序/ x-AMZ-JSON-1.1;
日子=星期三,2014年11月26日16:58:34 GMT;
nnCoection =关闭;
X-AMZN-的requestId=7558584c-758d-11e4-a92d-11020f90ea0e;
}]
2014年11月26日20:58:34.871 FBLoginTest [2647:88605] AWSiOSSDKv2 [冗长] AWSURLResponseSerialization.m行:90 | - [AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:数据:错误:] |响应正文:[{__type:NotAuthorizedException,消息:访问身份美国 - 东 - 1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX,是被禁止的}]
2014年11月26日20:58:34.873 FBLoginTest [2647:88605] AWSiOSSDKv2 [错误] AWSIdentityProvider.m线:212 | __42- [AWSBasicCognitoIdentityProvider刷新] _block_invoke_2 | GetOpenIdToken失败。错误是[错误域= com.amazonaws.AWSCognitoIdentityErrorDomain code = 8的操作无法完成。(com.amazonaws.AWSCognitoIdentityErrorDomain错误8)的UserInfo = 0x7fd042491650 {__type = NotAuthorizedException,消息=访问身份我们东-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX禁止}]。
2014年11月26日20:58:34.873 FBLoginTest [2647:88605] AWSiOSSDKv2 [错误] AWSCredentialsProvider.m线:433 | __40- [AWSCognitoCredentialsProvider刷新] _block_invoke293 |无法刷新。错误是[错误域= com.amazonaws.AWSCognitoIdentityErrorDomain code = 8的操作无法完成。(com.amazonaws.AWSCognitoIdentityErrorDomain错误8)的UserInfo = 0x7fd042491650 {__type = NotAuthorizedException,消息=访问身份我们东-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX禁止}]。
2014年11月26日20:58:34.873 FBLoginTest [2647:88605]错误:错误域= com.amazonaws.AWSCognitoIdentityErrorDomain code = 8的操作无法完成(com.amazonaws.AWSCognitoIdentityErrorDomain错误8。 )的UserInfo = 0x7fd042491650 {__type = NotAuthorizedException,消息=获得认同美国 - 东 - 1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX是被禁止的。}
感谢您鲍勃&功放;塞巴斯蒂安,
这个问题了。我忘了把下面的code在viewDidLoad中
[AmazonClientManager sharedInstance] resumeSessionWithCompletionHandler:^(NSError *错误){
dispatch_async(dispatch_get_main_queue(),^ {
[自refreshUI]
});
}];
I am trying to understand amazon cognito and trying list contents of S3 folder after login through facebook. Face book login works fine. When I tap test button (cmdTestS3Tapped) it throws the following error.
I included AmazonClientManager.h,AmazonClientManager.m and Constants.h to the project from examples amazon provided. The constants are given as belllow. Can anybody help me to resolve the issue.
#define AWSAccountID @"MyAccountID"
#define CognitoPoolID @"us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
#define CognitoRoleAuth @"arn:aws:iam::MyAccountID:role/Cognito_iOSTestPoolAuth_DefaultRole"
#define CognitoRoleUnauth @"arn:aws:iam::MyAccountID:role/Cognito_iOSTestPoolAuth_DefaultRole"
This is the Role - Cognito_iOSTestPoolAuth_DefaultRole
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}]
}
Here is the Trust Relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": "us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
}
}
}
]
}
Here is the code I am using
- (IBAction)cmdLoginWithFB:(id)sender {
[[UIApplication sharedApplication] setNetworkActivityIndicatorVisible:YES];
[self disableUI];
[[AmazonClientManager sharedInstance] loginFromView:self.view withCompletionHandler:^(NSError *error) {
dispatch_async(dispatch_get_main_queue(), ^{
[self refreshUI];
});
}];
}
-(void)refreshUI {
[[UIApplication sharedApplication] setNetworkActivityIndicatorVisible:NO];
//self.browseDataButton.enabled = YES;
self.cmdLoginWithFB.enabled = YES;
if ([[AmazonClientManager sharedInstance] isLoggedIn]) {
self.cmdLoginWithFB.titleLabel.text = @"Link";
NSLog(@"-----------LOGED IN -------------->");
}
else {
self.cmdLoginWithFB.titleLabel.text = @"Login";
NSLog(@"-----------NOT LOGED IN -------------->");
}
self.cmdLogoutWipe.enabled = [[AmazonClientManager sharedInstance] isLoggedIn];
}
- (IBAction)cmdTestS3Tapped:(id)sender {
if ([[AmazonClientManager sharedInstance] isLoggedIn]) {
NSLog(@"-----------LOGED IN -------------->");
[self testListBucket];
}
else {
NSLog(@"-----------NOT LOGED IN -------------->");
}
}
- (void)testListBucket {
AWSS3GetObjectRequest *getObjectRequest = [[AWSS3GetObjectRequest alloc] init];
getObjectRequest.key = @"image1.jpg";
getObjectRequest.bucket = @"multix-test";
NSLog(@"============================================>");
//default service has been configured previously
//AWSS3 *s3 = [[AWSS3 new] initWithConfiguration:[AWSServiceManager defaultServiceManager].defaultServiceConfiguration];
AWSS3 *s3 = [AWSS3 defaultS3];
[[s3 getObject:getObjectRequest] continueWithBlock:^id(BFTask *task) {
if(task.error)
{
NSLog(@"Error: %@",task.error);
}
else
{
NSLog(@"Got File");
NSData *data = [task.result body];
NSString *urlString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
NSURL *url = [[NSURL alloc] initWithString:urlString];
if ([[UIApplication sharedApplication] canOpenURL:url]) {
[[UIApplication sharedApplication] openURL:url];
}
}
return nil;
}];
NSLog(@"============================================>");
}
Error
2014-11-26 20:58:24.048 FBLoginTest[2647:83767] initializing clients...
2014-11-26 20:58:24.055 FBLoginTest[2647:83767] -----------LOGED IN -------------->
2014-11-26 20:58:33.542 FBLoginTest[2647:83767] -----------LOGED IN -------------->
2014-11-26 20:58:33.542 FBLoginTest[2647:83767] ============================================>
2014-11-26 20:58:33.551 FBLoginTest[2647:83767] ============================================>
2014-11-26 20:58:33.554 FBLoginTest[2647:88515] AWSiOSSDKv2 [Verbose] AWSURLRequestSerialization.m line:110 | -[AWSJSONRequestSerializer serializeRequest:headers:parameters:] | Request body: [{"IdentityId":"us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"}]
2014-11-26 20:58:34.870 FBLoginTest[2647:88605] AWSiOSSDKv2 [Debug] AWSURLResponseSerialization.m line:85 | -[AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response header: [{
"Content-Length" = 129;
"Content-Type" = "application/x-amz-json-1.1";
Date = "Wed, 26 Nov 2014 16:58:34 GMT";
nnCoection = close;
"x-amzn-RequestId" = "7558584c-758d-11e4-a92d-11020f90ea0e";
}]
2014-11-26 20:58:34.871 FBLoginTest[2647:88605] AWSiOSSDKv2 [Verbose] AWSURLResponseSerialization.m line:90 | -[AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response body: [{"__type":"NotAuthorizedException","message":"Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden."}]
2014-11-26 20:58:34.873 FBLoginTest[2647:88605] AWSiOSSDKv2 [Error] AWSIdentityProvider.m line:212 | __42-[AWSBasicCognitoIdentityProvider refresh]_block_invoke_2 | GetOpenIdToken failed. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 "The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 8.)" UserInfo=0x7fd042491650 {__type=NotAuthorizedException, message=Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden.}]
2014-11-26 20:58:34.873 FBLoginTest[2647:88605] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:433 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke293 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 "The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 8.)" UserInfo=0x7fd042491650 {__type=NotAuthorizedException, message=Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden.}]
2014-11-26 20:58:34.873 FBLoginTest[2647:88605] Error: Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 "The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 8.)" UserInfo=0x7fd042491650 {__type=NotAuthorizedException, message=Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden.}
Thank you Bob & Sebastien,
The problem was. I forget to put following code in viewdidload
[[AmazonClientManager sharedInstance] resumeSessionWithCompletionHandler:^(NSError *error) {
dispatch_async(dispatch_get_main_queue(), ^{
[self refreshUI];
});
}];
这篇关于cognito - 获得身份被禁止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!