php 错误中的开发人员身份验证
Developer authentication in php error
我是一名开发人员,正在尝试连接到 PHP 中的服务器。这是我的服务器开发人员身份验证代码:
<?php
require 'aws.phar';
use Aws\CognitoIdentity\CognitoIdentityClient;
use Aws\Sts\StsClient;
use Aws\Credentials\Credentials;
use Aws\S3\S3Client;
$identityClient = CognitoIdentityClient::factory(array(
'version' => 'latest',
'region' => 'ap-northeast-1'
));
$idResp = $identityClient->getId(array(
'AccountId' => 'XXXXXXXXXXX',
'IdentityPoolId' => 'XXXXXXXXXXXXXX',
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$identityId = $idResp["IdentityId"];
$tokenResp = $identityClient->getOpenIdToken(array(
'IdentityId' => $identityId,
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$token = $tokenResp["Token"];
$stsClient = StsClient::factory(array(
'region' => 'us-east-1',
'version' => '2011-06-15'
));
$stsResp = $stsClient->assumeRoleWithWebIdentity(array(
'RoleArn' =>'arn:aws:iam::XXXXXXXXXX:role/Cognito_appAuth_Role',
'RoleSessionName' => 'App', // you need to give the session a name
'WebIdentityToken' => $token
));
$credentials = new Credentials(
$stsResp['Credentials']['AccessKeyId'],
$stsResp['Credentials']['SecretAccessKey'],
$stsResp['Credentials']['SessionToken']
);
$s3Client = new S3Client([
'version' => '2006-03-01',
'region' => 'us-east-1',
'credentials' => $credentials
]);
代码非常详尽,我收到的以下错误消息也是如此。我无法理解这一点:
PHP Fatal error: Uncaught exception
'Aws\CognitoIdentity\Exception\CognitoIdentityException' with message
'Error executing "GetId" on "https://cognito-identity.ap-northeast-
1.amazonaws.com"; AWS HTTP error:
Client error:
`POST https://cognito- identity.ap- northeast-1.amazonaws.com` resulted
in a `400 Bad Request` response:
{"__type":"ValidationException","message":
"1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login (truncated...)
ValidationException (client):
1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login.blupinch.app}' at 'logins'
failed to satisfy constraint:
Map keys must satisfy constraint:
[Member must have length less than or equal to 128, Member must have
length greater than or equal to 1, Member must satisfy regular expression
pattern: [\w._/-]+] - {"__type":
"ValidationException","message":
"1 validation error detected:
Value '{cognito- identity.amazonaws.com:amr=login.blupinch.app}' at
'logins' failed to satisfy constraint:
Map keys must satisfy constraint:
[Mem in phar:///home/ubuntu/aws.phar/Aws/WrappedHttpHandler.php on
我认为错误与键 cognito-identity.amazonaws.com:amr
的值有关。所以我想知道,我应该为该键设置什么值?
所以后端服务器不需要调用GetId或GetOpenIdTokenAPI。您需要从您的服务器调用 Amazon Cognito 的 GetOpenIdTokenForDeveloperIdentity API。对于登录映射,键应该是您在 Amazon Cognito 控制台中为此身份池指定的开发人员提供商名称,值应该是已从本机应用程序向您的服务器进行身份验证的用户的唯一用户标识符。 Cognito 将 return 与该用户名关联的 identityId 和 OpenId 连接令牌到您的后端,它应该传回应用程序。
我强烈建议您关注我们的 blog post and the developer guide,它深入解释了这个流程。一如既往,如果您有任何问题,请随时提出。
谢谢。
我是一名开发人员,正在尝试连接到 PHP 中的服务器。这是我的服务器开发人员身份验证代码:
<?php
require 'aws.phar';
use Aws\CognitoIdentity\CognitoIdentityClient;
use Aws\Sts\StsClient;
use Aws\Credentials\Credentials;
use Aws\S3\S3Client;
$identityClient = CognitoIdentityClient::factory(array(
'version' => 'latest',
'region' => 'ap-northeast-1'
));
$idResp = $identityClient->getId(array(
'AccountId' => 'XXXXXXXXXXX',
'IdentityPoolId' => 'XXXXXXXXXXXXXX',
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$identityId = $idResp["IdentityId"];
$tokenResp = $identityClient->getOpenIdToken(array(
'IdentityId' => $identityId,
'Logins' => array(
'cognito-identity.amazonaws.com:amr' => 'login.blupinch.app'
)
));
$token = $tokenResp["Token"];
$stsClient = StsClient::factory(array(
'region' => 'us-east-1',
'version' => '2011-06-15'
));
$stsResp = $stsClient->assumeRoleWithWebIdentity(array(
'RoleArn' =>'arn:aws:iam::XXXXXXXXXX:role/Cognito_appAuth_Role',
'RoleSessionName' => 'App', // you need to give the session a name
'WebIdentityToken' => $token
));
$credentials = new Credentials(
$stsResp['Credentials']['AccessKeyId'],
$stsResp['Credentials']['SecretAccessKey'],
$stsResp['Credentials']['SessionToken']
);
$s3Client = new S3Client([
'version' => '2006-03-01',
'region' => 'us-east-1',
'credentials' => $credentials
]);
代码非常详尽,我收到的以下错误消息也是如此。我无法理解这一点:
PHP Fatal error: Uncaught exception
'Aws\CognitoIdentity\Exception\CognitoIdentityException' with message
'Error executing "GetId" on "https://cognito-identity.ap-northeast-
1.amazonaws.com"; AWS HTTP error:
Client error:
`POST https://cognito- identity.ap- northeast-1.amazonaws.com` resulted
in a `400 Bad Request` response:
{"__type":"ValidationException","message":
"1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login (truncated...)
ValidationException (client):
1 validation error detected:
Value '{cognito-identity.amazonaws.com:amr=login.blupinch.app}' at 'logins'
failed to satisfy constraint:
Map keys must satisfy constraint:
[Member must have length less than or equal to 128, Member must have
length greater than or equal to 1, Member must satisfy regular expression
pattern: [\w._/-]+] - {"__type":
"ValidationException","message":
"1 validation error detected:
Value '{cognito- identity.amazonaws.com:amr=login.blupinch.app}' at
'logins' failed to satisfy constraint:
Map keys must satisfy constraint:
[Mem in phar:///home/ubuntu/aws.phar/Aws/WrappedHttpHandler.php on
我认为错误与键 cognito-identity.amazonaws.com:amr
的值有关。所以我想知道,我应该为该键设置什么值?
所以后端服务器不需要调用GetId或GetOpenIdTokenAPI。您需要从您的服务器调用 Amazon Cognito 的 GetOpenIdTokenForDeveloperIdentity API。对于登录映射,键应该是您在 Amazon Cognito 控制台中为此身份池指定的开发人员提供商名称,值应该是已从本机应用程序向您的服务器进行身份验证的用户的唯一用户标识符。 Cognito 将 return 与该用户名关联的 identityId 和 OpenId 连接令牌到您的后端,它应该传回应用程序。
我强烈建议您关注我们的 blog post and the developer guide,它深入解释了这个流程。一如既往,如果您有任何问题,请随时提出。
谢谢。