使用Firebase OpenID Connect提供程序作为AWS IAM身份提供程序 [英] Using Firebase OpenID Connect provider as AWS IAM Identity Provider

问题描述

使用OpenID Connect将Firebase设置为AWS IAM身份提供商时，出现以下错误。
$ b

我们在处理您的请求时遇到以下错误：
请检查提供程序的.well-known / openid配置：
https://securetoken.google.com/ <项目ID >是有效的。

AWS IAM身份提供程序设置需要两个输入参数，以下内容：

提供商网址： https://securetoken.google.com/ < Firebase项目ID >

受众群体：< Firebase Client ID >

为了排除错误，我打开了http：// < Provider URL > /。well-known / openid-configuration在浏览器中，注意到JSON响应有 Issuer 和 jwks_uri 字段。我相信这些JSON字段表示Firebase OpenID Connect提供商网址有效。

任何想法，我可以避免上述错误，并成功地设置AWS IAM身份提供商？解决方案

我联系了AWS支持，他们帮助解决了这个问题。感谢Shaun H @ AWS！

问题的解决方案是使用AWS CLI而不是AWS控制台来设置OIDC提供程序。

我粘贴了Shaun的回应的相关部分：
1.）使用这里描述的过程手动获取并验证指纹[1]。 >
ThumbprintList=6040DB92306CC8BCEB31CACAC88D107430B16AFF使用AWS Cli [2]创建OIDC标识提供程序。
例如：$ aws iam create-open-id-connect-provider --cli -input -json file：//oidc.json注意 - 格式是：

aud Audience Must成为您的Firebase项目ID，即您的Firebase项目的唯一标识符，可以在该项目的控制台的网址中找到。
iss发行者必须是 https://securetoken.google.com/<projectId> ，其中是上面用于aud的相同项目ID。

文件内容：//oidc.json :(替换为您的项目ID）

  {
Url：https://securetoken.google.com/<Firebase Client ID>，
ClientIDList：[< Firebase Client ID>  ]，
ThumbprintList：[6040DB92306CC8BCEB31CACAC88D107430B16AFF] 
} 
  

[ 1] http://docs.aws.amazon.com/ IAM / latest / UserGuide / id_roles_providers_create_oidc_verify-thumbprint.html

<2> http://docs.aws.amazon.com/cli/latest/reference/iam/create-open -id-connect-provider.html

I get the following error while setting up Firebase as an AWS IAM Identity Provider using OpenID Connect.

We encountered the following errors while processing your request: Please check .well-known/openid-configuration of provider: https://securetoken.google.com/<Project ID> is valid.

The AWS IAM Identity Provider setup requires two input parameters, to which I plugged in the following:
Provider URL: https://securetoken.google.com/<Firebase Project ID>
Audience: <Firebase Client ID>

To troubleshoot the error, I opened http://<Provider URL>/.well-known/openid-configuration in a browser and noted the JSON response has the Issuer and jwks_uri fields. I believe these JSON fields indicate the Firebase OpenID Connect Provider URL is valid.

Any idea how I could avoid the above error and successfully set up the AWS IAM Identity Provider?

解决方案

I contacted AWS support and they helped resolve the problem. Thanks to Shaun H @ AWS!

The solution to the problem is to use AWS CLI instead of AWS console to set up an OIDC provider.

I'm pasting relevant parts of Shaun's response below: 1.) Manually obtain and verify the thumbprint using the procedure described here[1].
"ThumbprintList" = "6040DB92306CC8BCEB31CACAC88D107430B16AFF"

2.) Create the OIDC identity provider using the AWS Cli [2]. For example: $ aws iam create-open-id-connect-provider --cli-input-json file://oidc.json Note - the format would be:
aud Audience Must be your Firebase project ID, the unique identifier for your Firebase project, which can be found in the URL of that project's console. iss Issuer Must be https://securetoken.google.com/<projectId>, where is the same project ID used for aud above.

Content for file://oidc.json: (replace with your Project ID)

{
    "Url": "https://securetoken.google.com/<Firebase Client ID>", 
    "ClientIDList": [ "<Firebase Client ID>" ], 
    "ThumbprintList": [ "6040DB92306CC8BCEB31CACAC88D107430B16AFF" ]
}

[1] http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html

[2] http://docs.aws.amazon.com/cli/latest/reference/iam/create-open-id-connect-provider.html

这篇关于使用Firebase OpenID Connect提供程序作为AWS IAM身份提供程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！