使用生成的Javascript SDK的AWS API Gateway UnrecognizedClientException [英] AWS API Gateway UnrecognizedClientException with Generated Javascript SDK

问题描述

我在 x-amzn-errortype 标题中遇到403状态代码，其中包含 UnrecognizedClientException 使用生成的Javascript SDK响应我的API网关GET请求。被调用的资源利用IAM Auth，它根据用户组区分用户角色。

I'm encountering a 403 status code with an UnrecognizedClientException in the x-amzn-errortype header of the response to my API Gateway GET Request using the generated Javascript SDK. The Resource being called utilizes IAM Auth which differentiates the users role based on their user group.

这是我的API客户端初始化函数

Here is my API Client Initialize Function

function initializeAPIClient(accessKey, secretKey, sessionToken){
    var config = {
        region : region,
        accessKey : accessKey,
        secretKey : secretKey,
        sessionToken : sessionToken
    }
    apigClient = apigClientFactory.newClient(config);
}

这是我的GET请求函数

Here is my GET request Function

function testCall(){
    var params = '';
    var body = '';
    var additionalParams = '';

    apigClient.testCallGet(params, body, additionalParams)
    .then(function(result){
        alert("Permissions are available to this user.");
    })
    .catch(function(result){
        alert("Permissions are NOT available to this user.");
    });
}

以下是我的请求标题：

:authority:[API_ENDPOINT]
:method:GET
:path:/[STAGE]/[RESOURCE]
:scheme:https
accept:application/json
accept-encoding:gzip, deflate, sdch, br
accept-language:en-US,en;q=0.8
authorization:AWS4-HMAC-SHA256 Credential=[ACCESS_KEY_ID]/20170406/[REGION]/execute-api/aws4_request, SignedHeaders=accept;host;x-amz-date, Signature=[SIGNATURE]
origin:http://localhost:8000
referer:http://localhost:8000/php/[PAGE].php/?username=[USERNAME]&sessionToken=[SESSION_TOKEN]
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
x-amz-date:20170406T180808Z
x-amz-security-token:[SESSION_TOKEN]

我不确定是什么原因引起的。当我搜索UnrecognizedClientException时建议的解决方案似乎建议做我正在做的事情。

I'm not sure what could be causing this. The solutions recommended when I search UnrecognizedClientException seem to suggest doing what I'm already doing.

推荐答案

我已经解决了我自己的问题，所以这里是遇到类似逻辑错误的人的答案。不要使用Id令牌作为会话令牌，这就是我正在做的事情。 id令牌用于生成会话令牌，以及访问密钥和密钥。不要混淆两者。

I've solved my own issue, so here's the answer for anybody who runs into a similar logic error. Do NOT use the Id token as your session token, which is what I was doing. The id token is used to generate the session token, along with the access key and secret key. Do not confuse the two.

这篇关于使用生成的Javascript SDK的AWS API Gateway UnrecognizedClientException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！