问题描述
- 我正在使用AWS Cognito身份验证进行签名机制。为了获取凭据(访问,秘密和会话令牌),我们需要获取身份令牌。
- 我正在获取用户名,密码,clientId,userPoolId,identityPoolId信息。但是,当我尝试使用USER_PASSWORD_AUTH作为身份验证流类型生成ID令牌时,出现以下错误 原因:com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException:缺少身份验证令牌(服务:AWSCognitoIdentityProvider;状态代码:400;错误代码:MissingAuthenticationTokenException;请求ID :;代理:null)
下面是代码:
AnonymousAWSCredentials awsCreds = new AnonymousAWSCredentials();
AWSCognitoIdentityProvider provider = AWSCognitoIdentityProviderClientBuilder.standard()
.withCredentials(new AWsstaticCredentialsProvider(awsCreds))
.withRegion(//region)
.build();
AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
.withAuthFlow(AuthFlowType.USER_PASSWORD_AUTH)
.withClientId("")
.withUserPoolId("")
.withAuthParameters(map);
Map<String,String> map = new HashMap<>();
map.put("USERNAME","");
map.put("PASSWORD","");
这里的地图将具有用户名和密码。
有人可以提供有关如何在Java中配置身份验证以生成ID令牌和访问令牌的帮助吗?预先感谢!
解决方法
您的代码可能如下所示。请注意:
-
使用ADMIN_USER_PASSWORD_AUTH流进行身份验证。请参阅 AdminInitiateAuth
-
在Cognito的客户端设置中,应在“身份验证流程配置”部分下启用下一个选项“对用于身份验证的管理API启用用户名密码auth(ALLOW_ADMIN_USER_PASSWORD_AUTH)” 。。。 >
public static void auth(String username,String password) { AwsBasicCredentials awsCreds = AwsBasicCredentials.create(AWS_KEY,AWS_SECRET); CognitoIdentityProviderClient identityProviderClient = CognitoIdentityProviderClient.builder() .credentialsProvider(StaticCredentialsProvider.create(awsCreds)) .region(Region.of(REGION)) .build(); final Map<String,String> authParams = new HashMap<>(); authParams.put("USERNAME",username); authParams.put("PASSWORD",password); authParams.put("SECRET_HASH",calculateSecretHash(CLIENT_ID,CLIENT_SECRET,username)); final AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder() .authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH) .clientId(CLIENT_ID) .userPoolId(POOL_ID) .authParameters(authParams) .build(); AdminInitiateAuthResponse result = identityProviderClient.adminInitiateAuth(authRequest); System.out.println(result.authenticationResult().accessToken()); System.out.println(result.authenticationResult().idToken());
}
-
方法calculateSecretHash来自AWS文档Signing Up and Confirming User Accounts:
private static String calculateSecretHash(String userPoolClientId,String userPoolClientSecret,String userName) { final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; SecretKeySpec signingKey = new SecretKeySpec( userPoolClientSecret.getBytes(StandardCharsets.UTF_8),HMAC_SHA256_ALGORITHM); try { Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); mac.init(signingKey); mac.update(userName.getBytes(StandardCharsets.UTF_8)); byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8)); return Base64.getEncoder().encodeToString(rawHmac); } catch (Exception e) { throw new RuntimeException("Error while calculating "); }}