未经身份验证的用户在AWS Cognito身份验证的用户 [英] Unauthenticated user to authenticated user on AWS Cognito
问题描述
我的code是在这里:<一href="http://stackoverflow.com/questions/33197019/switch-from-unauth-to-developer-authenticated-cognito-user-aws-ios-sdk">$c$c 转贴因为我想问一个更直接的问题。我如何未认证用户和认证之间切换?我的未经验证的似乎缓存,我用这些方法:
My code is here: code Reposted because I wanted to ask a more direct question. How do I switch between unauthenticated user and authenticated? My unauthenticated seems cached and I've used these methods:
[credentialsProvider clearCredentials];
[credentialsProvider clearKeychain];
我的API code中的其余部分之前,它仍然无法正常工作。任何帮助AP preciated
before the rest of my api code and it still doesn't work. Any help is appreciated
注:我知道它不工作,因为我拨打电话的使用lambda之后我转了我的配置/证书提供商,只有经过授权的用户应该能够调用此方法。
Note: I know it's not working because I make a call using lambda right after I switch up my configuration/credentials provider and only authorized users should be able to call this method.
编辑@behrooziAWS回答:
EDIT @behrooziAWS answer:
API code:
id<AWSCognitoIdentityProvider> identityProvider = [[DeveloperIdentityProviderClass alloc] initWithRegionType:AWSRegionUSEast1
identityId:nil
identityPoolId:@"SOMEIDENTITYPOOLID"
logins:@{@"MYIDENTITYPROVIDERNAME": @"MYUSERNAME"}
providerName:@"MYIDENTITYPROVIDERNAME"
];
[credentialsProvider setIdentityProvider:identityProvider];
[credentialsProvider setLogins:@{@"MYIDENTITYPROVIDERNAME": @"MYUSERNAME"}];
[[credentialsProvider refresh] continueWithBlock:^id(BFTask *task){
[self testAuth];
return [BFTask taskWithResult:nil];
}];
完全错误: 占用时间[27043:7097936] AWSiOSSDKv2 [冗长] AWSURLResponseSerialization.m行:87 | - [AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:数据:错误:] |响应正文:[{消息:在请求中包含的安全令牌无效}] 二零一五年十月二十日08:51:17.280占用时间[27043:7097936]错误:错误域= com.amazonaws.AWSLambdaErrorDomain code = 0的操作无法完成UnrecognizedClientException的UserInfo = 0x7ff27ab41150 {NSLocalizedFailureReason = UnrecognizedClientException ,responseStatus code = 403,消息=包含在请求中的安全令牌是无效的,responseHeaders响应= {类型=不变字典,数= 6,
Full Error: BusyTime[27043:7097936] AWSiOSSDKv2 [Verbose] AWSURLResponseSerialization.m line:87 | -[AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response body: [{"message":"The security token included in the request is invalid."}] 2015-10-20 08:51:17.280 BusyTime[27043:7097936] Error: Error Domain=com.amazonaws.AWSLambdaErrorDomain Code=0 "The operation couldn’t be completed. UnrecognizedClientException" UserInfo=0x7ff27ab41150 {NSLocalizedFailureReason=UnrecognizedClientException, responseStatusCode=403, message=The security token included in the request is invalid., responseHeaders={type = immutable dict, count = 6,
重要编辑:我很难codeD我刷新使用工作令牌和identityId。因此:
IMPORTANT I've hardcoded my refresh to use a working token and identityId. so:
self.identityId = @"someID";
self.token = @"someToken";
return [super getIdentityId];
然后我所有的code的工作。但显然这是不可持续的,我需要能够拨打电话到AWS拉姆达刷新我的凭据。但是,当我把我的身份提供者,并设置我登录,我认为这是改变我对我的身份验证的版本,但我需要在未经身份验证的调用AWS拉姆达。 请参考上面我的code链接,来看看我的刷新方法来了解我想要糟糕来形容。也请让我知道这应该在一个新的线程,因为这是一个稍微不同的问题。不那么熟悉的问题计算器的政策。
and then ALL my code is working. But obviously this isn't sustainable, I need to be able to make a call to aws lambda to refresh my credentials. But when I set my identity provider, and set my login, I think it's changing me to my authenticated version, but I need to be in unauthenticated to call aws lambda. Please refer to my code link above and take a look at my refresh method to understand what I'm poorly trying to describe. Also please let me know if this should go in a new thread as this is a slightly different question. Not so familiar with stackoverflow's policies on questions.
另一个错误:[{消息:用户:ARN:AWS:STS :: 445291524102:假设角色/ Cognito_BusyTimeAuth_Role / CognitoIdentityCredentials无权执行:拉姆达:InvokeFunction资源:ARN:AWS:拉姆达:美国-east-1:445291524102:功能:登录}],所以现在我假设我的身份验证提供者对我的刷新是不正确的登录流程。我在想,我转这件事,使我登录我的API类。当我回到我的身份标识和记号,我将它们保存到钥匙串。最后,我用上面的API code切换我的登录名和我的刷新方法,我只是返回我发现在我的钥匙串。唯一的问题是我不知道这是否是流动正确的,因为它没有真正刷新因为我没有打电话给我的后端。我在想,如果我可以通过改变从我未授权的角色给我的身份验证角色的来回缠绕刷新但这似乎凌乱。
Another error: [{"Message":"User: arn:aws:sts::445291524102:assumed-role/Cognito_BusyTimeAuth_Role/CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:445291524102:function:login"}], SO now I'm assuming my auth provider for my refresh which is incorrect login flow. I'm thinking that I switch this up so that I login in my API class. When I return my identity ID and token, I save them to keychain. Finally, I use the above API code to switch my logins and in my refresh method, I simply return what I found in my keychain. The only problem is I'm not sure if this flow is correct because it doesnt actually "refresh" as I'm not calling my backend. I was wondering if I could wrap the refresh by changing back and forth from my unauth role to my auth role but this seems messy.
推荐答案
[credentialsProvder clearKeychain] 将清除identityId,凭证和任何登录,所以clearCredentials是多余的:<一个href="http://docs.aws.amazon.com/AWSiOSSDK/latest/Classes/AWSCognitoCredentialsProvider.html#//api/name/clearKeychain"相对=nofollow称号=clearKeychain文档> clearKeychain文档
[credentialsProvder clearKeychain] will clear the identityId, credentials and any logins, so clearCredentials is unnecessary: clearKeychain Documentation
通常你并不想清楚你的身份ID,当你转换到一个身份验证的用户。如果您只需将您的ISP和有效的登录令牌登录名映射,并调用 [credentialsProvider刷新] ,你将成为经过认证,具有相同的身份ID。从这以后,你将只能如果你提供一个有效的登录令牌访问的身份。如果你想通过注销切换身份,然后登录作为认证的用户,当您使用 clearKeychain 。
Normally you don't want to clear your identity id when you transition to an authenticated user. If you simply add your provider and valid login token to the logins map and call [credentialsProvider refresh], you will become authenticated with the same identity id. From that point forward, you will only be able to access that identity if you provide a valid login token. If you want to switch identities by logging out and then login as a authenticated user, that is when you use clearKeychain.
这篇关于未经身份验证的用户在AWS Cognito身份验证的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
