"访问令牌不包含openid范围& quot;在AWS Cognito中 [英] "Access token does not contain openid scope" in AWS Cognito
问题描述
我正在前端应用程序上运行可运行的AWS Cognito服务,该服务可以成功完成基本工作-登录,注销,注册等.
I am running a working AWS Cognito service on a frontend application which can successfully do the basic stuff - login, logout, signup, etc..
现在,我正在尝试通过后端API获取用户属性,例如:
Right now I am trying to get user attributes through the backend API, such that:
1)用户在应用程序中登录并获得JWT.
1) The user login in the application and gets a JWT.
2)JWT正在发送到后端服务器.
2) The JWT is being sent to the backend server.
3)服务器必须使用访问令牌提取用户的电子邮件
3) The server has to extract the email of the user by using the access token
我找到的最接近我需要的东西是这个 Cognito服务.
The closest thing that I found to what I need is this Cognito service.
因此,我正在向" https://发出GET请求mydomain.auth.eu-central-1.amazoncognito.com/oauth2/userInfo "根据他们的要求使用授权标头",但我一直收到以下答复:
So I am making a GET request to "https://mydomain.auth.eu-central-1.amazoncognito.com/oauth2/userInfo" With Authorization Header as they are asking for, but I keep getting this response:
{错误":"invalid_token","error_description":访问令牌不包含openid范围"}
{ "error": "invalid_token", "error_description": "Access token does not contain openid scope" }
我尝试搜索此错误,但找不到有关该错误的任何解释.
I have tried searching for this error but couldn't find any explanation about the error.
多谢
推荐答案
我遇到了这个确切的问题,这是我的错.我正在发送令牌的 id_token 而不是 access_token 属性.
我使用PHP编程,因此我以标头"Authorization:Bearer".$ token-> id_token 的形式发送,而不是"Authorization:Bearer".$ token-> access_token .现在可以了.
I had this exact problem and it was my fault. I was sending the id_token instead of access_token property of the token.
I program in PHP, so I was sending as header "Authorization: Bearer ".$token->id_token instead of "Authorization: Bearer ".$token->access_token. Now it works.
希望它对您或某人有帮助.
Hope it helps you or someone.
这篇关于"访问令牌不包含openid范围& quot;在AWS Cognito中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
