问题描述
这是我的Google IDP配置的样子:
“MyGoogleIdP": {
"Type": "AWS::Cognito::UserPoolIdentityProvider","Properties": {
"ProviderDetails": {
"client_id": “XXXXXXXX.apps.googleusercontent.com","client_secret": “XXX_xxx”,"authorize_scopes": "profile email openid"
},"ProviderName": "Google","ProviderType": "Google","UserPoolId": {
"Ref": “MyCognitoPool"
},"AttributeMapping": {
"email": "email"
}
}
}
身份池配置:
“MyIdentityPool": {
"Type": "AWS::Cognito::IdentityPool","Properties": {
"AllowUnauthenticatedIdentities": false,"CognitoIdentityProviders": [
{
"ClientId": {
"Ref": "MyCognitoClient"
},"ProviderName": {
"Fn::GetAtt": ["MyCognitoPool","ProviderName"]
}
}
],"IdentityPoolName": {
"Fn::Sub": "my-${CustomDomain}"
}
}
}
身份池角色附件配置:
"MyIdentityPoolRoleAttachment": {
"Type": "AWS::Cognito::IdentityPoolRoleAttachment","Properties": {
"IdentityPoolId": {
"Ref": "MyIdentityPool"
},"Roles": {
"authenticated":{
"Fn::GetAtt":[
"UnAuthorizedUserRole","Arn"
]
}
},"RoleMappings": {
"MyGoogleIdP": {
"IdentityProvider": {
"Ref": "MyGoogleIdP"
},"AmbiguousRoleResolution": "Deny","Type": "Rules"
},“MyCognitoPool": {
"IdentityProvider": {
"Ref": “MyCognitoPool"
},"Type": "Rules"
}
}
}
}
在AWS docs中,这是他们将Facebook身份提供程序添加到RoleMappings
中的方式:
"IdentityProvider":"graph.facebook.com"
这是他们将其认知池添加到RoleMappings
的方式:
"IdentityProvider":{
"Ref":"CognitoUserPool"
}
我的问题是,如何将Google身份提供商添加到RoleMappings
?如上面的示例代码所示,我尝试使用"Ref": "MyGoogleIdP"
,但收到此错误:
(Google) is not a valid RoleMapping ProviderName or is not a configured provider.
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)