使用 AWS API 网关生成的 SDK 进行身份验证和匿名访问
Using AWS API Gateway generated SDK for both authenticated and anonymous access
我在 API 网关上玩了几个小时,在处理不同的资源身份验证要求时遇到了困难。似乎没有办法通过 AWSAPIGatewayClient 生成 类.
访问 public api 端点
场景如下:
/moments
GET - Auth: None
POST - Auth: AWS_IAM.
API 网关生成以下内容:
@interface CLIFamilyMomentsClient: AWSAPIGatewayClient
+ (instancetype)defaultClient;
+ (void)registerClientWithConfiguration:(AWSServiceConfiguration *)configuration forKey:(NSString *)key;
+ (instancetype)clientForKey:(NSString *)key;
+ (void)removeClientForKey:(NSString *)key;
- (AWSTask *)momentsGet;
- (AWSTask *)momentsPost:(CLICreateMomentRequest *)body;
@end
事实证明,momentsGet 正在寻找某种 AWS Cognito 凭证,即使这是一个 public 可访问端点。
我正在执行的代码:
let serviceClient = CLIFamilyMomentsClient.defaultClient()
let awsTask = serviceClient.momentsGet()
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
if let response = task.result as! CLIListMomentsResponse?{
print(response.items.count)
}
}
return nil
}
输出
2015-11-22 19:40:17.603 FamilyMoments[610:169366] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:428 | __73-[AWSCognitoCredentialsProvider getCredentialsWithCognito:authenticated:]_block_invoke | GetCredentialsForIdentity failed. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}]
2015-11-22 19:40:17.605 FamilyMoments[610:169366] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:527 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke352 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}]
Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}
我是否遗漏了什么或API网关生成的 SDK 不适用于经过身份验证的访问和匿名访问?
如 API Gateway forums 中所述,这是当前生成的 SDK 的一个限制。我们有一个积压项目来解决这个问题。
我终于搞定了。原来可以注册不同的AWSServiceConfiguration配置,分别使用
在 AppDelegate.swift
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
// AWS Cognito Access for authenticated requests
let credentialProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "us-east-1:xxxxxxxxxxxxxxxxxx")
let configurationAuth = AWSServiceConfiguration(region: .USEast1, credentialsProvider: credentialProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configurationAuth
// Anonymous Access
let configurationAnonymous = AWSServiceConfiguration(region: .USEast1, credentialsProvider: AWSAnonymousCredentialsProvider())
CLIFamilyMomentsClient.registerClientWithConfiguration(configurationAnonymous, forKey: "anonymousAccess")
return true
}
public 个可访问端点
let serviceClient = CLIFamilyMomentsClient(forKey: "anonymousAccess")
let awsTask = serviceClient.momentsGet()
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
print(task.result)
}
return nil
}
对于经过身份验证的端点
let serviceClient = CLIFamilyMomentsClient.defaultClient()
let awsTask = service.momentsPost(createMoment)
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
print(task.result)
}
return nil
}
希望这可以帮助未来的开发人员解决这个问题。
我在 API 网关上玩了几个小时,在处理不同的资源身份验证要求时遇到了困难。似乎没有办法通过 AWSAPIGatewayClient 生成 类.
访问 public api 端点场景如下:
/moments
GET - Auth: None
POST - Auth: AWS_IAM.
API 网关生成以下内容:
@interface CLIFamilyMomentsClient: AWSAPIGatewayClient
+ (instancetype)defaultClient;
+ (void)registerClientWithConfiguration:(AWSServiceConfiguration *)configuration forKey:(NSString *)key;
+ (instancetype)clientForKey:(NSString *)key;
+ (void)removeClientForKey:(NSString *)key;
- (AWSTask *)momentsGet;
- (AWSTask *)momentsPost:(CLICreateMomentRequest *)body;
@end
事实证明,momentsGet 正在寻找某种 AWS Cognito 凭证,即使这是一个 public 可访问端点。
我正在执行的代码:
let serviceClient = CLIFamilyMomentsClient.defaultClient()
let awsTask = serviceClient.momentsGet()
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
if let response = task.result as! CLIListMomentsResponse?{
print(response.items.count)
}
}
return nil
}
输出
2015-11-22 19:40:17.603 FamilyMoments[610:169366] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:428 | __73-[AWSCognitoCredentialsProvider getCredentialsWithCognito:authenticated:]_block_invoke | GetCredentialsForIdentity failed. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}]
2015-11-22 19:40:17.605 FamilyMoments[610:169366] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:527 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke352 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}]
Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=10 "(null)" UserInfo={__type=NotAuthorizedException, message=Access to Identity 'us-east-1:XXXXXXXXX' is forbidden.}
我是否遗漏了什么或API网关生成的 SDK 不适用于经过身份验证的访问和匿名访问?
如 API Gateway forums 中所述,这是当前生成的 SDK 的一个限制。我们有一个积压项目来解决这个问题。
我终于搞定了。原来可以注册不同的AWSServiceConfiguration配置,分别使用
在 AppDelegate.swift
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
// AWS Cognito Access for authenticated requests
let credentialProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "us-east-1:xxxxxxxxxxxxxxxxxx")
let configurationAuth = AWSServiceConfiguration(region: .USEast1, credentialsProvider: credentialProvider)
AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configurationAuth
// Anonymous Access
let configurationAnonymous = AWSServiceConfiguration(region: .USEast1, credentialsProvider: AWSAnonymousCredentialsProvider())
CLIFamilyMomentsClient.registerClientWithConfiguration(configurationAnonymous, forKey: "anonymousAccess")
return true
}
public 个可访问端点
let serviceClient = CLIFamilyMomentsClient(forKey: "anonymousAccess")
let awsTask = serviceClient.momentsGet()
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
print(task.result)
}
return nil
}
对于经过身份验证的端点
let serviceClient = CLIFamilyMomentsClient.defaultClient()
let awsTask = service.momentsPost(createMoment)
awsTask.continueWithBlock { (task:AWSTask!) -> AnyObject! in
if task.error != nil {
print(task.error)
} else {
print(task.result)
}
return nil
}
希望这可以帮助未来的开发人员解决这个问题。