Amazon Cognito 和 Android SDK NotAuthorizedException 的问题:无效的登录令牌
Issues with Amazon Cognito and Android SDK NotAuthorizedException: Invalid login token
我无法通过 google+ 使用 Amazon SDK 进行授权。我可以获得一个 Cognito ID 和一个 Google+ 令牌,并且在我的身份池中我可以看到一个未经身份验证的用户。在我的 Cognito 设置中,我已将服务器设置为正确的服务 clientID。
这是我的代码:
public class cognitoID extends AsyncTask<String, Void, Void>{
@Override
protected Void doInBackground(String ... id){
credentialsProvider = new CognitoCachingCredentialsProvider(
MainActivity.this, /* Current Activity Context */
"us-east-1:XXXXXXXX", /* Identity Pool ID */
Regions.US_EAST_1 /* Region */
);
credentialsProvider.getCredentials();
cognitoID = credentialsProvider.getIdentityId();
Log.i("Cognito", credentialsProvider.getIdentityId());
if(accessToken =="") {
mGoogleApiClient.connect();
Log.i("Getting me a token", "allright");
}
GooglePlayServicesUtil.isGooglePlayServicesAvailable(getApplicationContext());
AccountManager am = AccountManager.get(getApplicationContext());
android.accounts.Account[] accounts = am.getAccountsByType(GoogleAuthUtil.GOOGLE_ACCOUNT_TYPE);
try{
accountName = Plus.AccountApi.getAccountName(mGoogleApiClient);
scope = "oauth2:" + Scopes.PLUS_LOGIN;
accessToken = GoogleAuthUtil.getToken(
getApplicationContext(), accountName, scope);
} catch (UserRecoverableAuthException recoverableException) {
Log.e("URAE", recoverableException.toString());
startActivityForResult(recoverableException.getIntent(), REQUEST_AUTHORIZATION);
} catch (GoogleAuthException authEx) {
Log.e("GAE", authEx.toString());
} catch (IOException ioEx) {
Log.e("IOE", ioEx.toString());
}
Map<String, String> logins = new HashMap<String, String>();
logins.put("accounts.google.com", accessToken);
credentialsProvider.setLogins(logins);
Log.i("everything set", accessToken.toString() + " cognito " + cognitoID.toString());
credentialsProvider.withLogins(logins);
credentialsProvider.refresh();
Log.i("logins", credentialsProvider.getLogins().toString());
return null;
}
}
我不确定这是我在 AWS 开发人员控制台上的设置,还是代码。
这是身份池的角色策略:
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}]
}
错误如下:
Android:
03-03 22:41:33.106 1970-2366/com.brillada.comicsareus E/AndroidRuntime﹕ FATAL EXCEPTION: AsyncTask #2
Process: com.brillada.comicsareus, PID: 1970
java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask.done(AsyncTask.java:300)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:355)
at java.util.concurrent.FutureTask.setException(FutureTask.java:222)
at java.util.concurrent.FutureTask.run(FutureTask.java:242)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
Caused by: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Invalid login token. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 5a30d834-c220-11e4-8aed-791c85399196)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:818)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:437)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:243)
at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:1079)
at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getCredentialsForIdentity(AmazonCognitoIdentityClient.java:499)
at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:622)
at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:549)
at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:499)
at com.amazonaws.auth.CognitoCachingCredentialsProvider.getIdentityId(CognitoCachingCredentialsProvider.java:418)
at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:615)
at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:549)
at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:499)
at com.brillada.comicsareus.MainActivity$cognitoID.doInBackground(MainActivity.java:408)
at com.brillada.comicsareus.MainActivity$cognitoID.doInBackground(MainActivity.java:352)
at android.os.AsyncTask.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
我确定我遗漏了什么,但我什至找不到从哪里开始解决错误。
您从 Cognito 收到 "Invalid login token" 异常,这意味着您传递的令牌无效。这可能主要是由于两个原因:
- 您正在传递过期或空令牌。
- 您传递的是有效令牌,但您在应用中使用的 Google 应用 ID 与您在身份池中配置的不匹配。
基于Javascriptpassport-google-auth模块,它returnsaccess_token、refresh_token和params.
要获得 cognito_identity,您需要使用从 Google
收到的 params.id_token
passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));
app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));
var authGoogle = passport.authenticate("google", {
failureRedirect: "/auth/google"
});
app.get("auth/google/callback", authGoogle, controller.successRedirect);
getUserDetails = function(accessToken, refreshToken, params, profile, done) {
if(profile.provider == "google") {
profile.token = params.id_token // params.id_token to be used to get cognito credentials
} else {
profile.token = accessToken;
}
done(null, profile);
}
googleDeveloperDetails = {
clientID: "google cleint ID",
clientSecret: "google client secret",
callbackURL: "https://localhost:3000/auth/google/callback",
profileFields: ["emails", "profile"]
}
我无法通过 google+ 使用 Amazon SDK 进行授权。我可以获得一个 Cognito ID 和一个 Google+ 令牌,并且在我的身份池中我可以看到一个未经身份验证的用户。在我的 Cognito 设置中,我已将服务器设置为正确的服务 clientID。
这是我的代码:
public class cognitoID extends AsyncTask<String, Void, Void>{
@Override
protected Void doInBackground(String ... id){
credentialsProvider = new CognitoCachingCredentialsProvider(
MainActivity.this, /* Current Activity Context */
"us-east-1:XXXXXXXX", /* Identity Pool ID */
Regions.US_EAST_1 /* Region */
);
credentialsProvider.getCredentials();
cognitoID = credentialsProvider.getIdentityId();
Log.i("Cognito", credentialsProvider.getIdentityId());
if(accessToken =="") {
mGoogleApiClient.connect();
Log.i("Getting me a token", "allright");
}
GooglePlayServicesUtil.isGooglePlayServicesAvailable(getApplicationContext());
AccountManager am = AccountManager.get(getApplicationContext());
android.accounts.Account[] accounts = am.getAccountsByType(GoogleAuthUtil.GOOGLE_ACCOUNT_TYPE);
try{
accountName = Plus.AccountApi.getAccountName(mGoogleApiClient);
scope = "oauth2:" + Scopes.PLUS_LOGIN;
accessToken = GoogleAuthUtil.getToken(
getApplicationContext(), accountName, scope);
} catch (UserRecoverableAuthException recoverableException) {
Log.e("URAE", recoverableException.toString());
startActivityForResult(recoverableException.getIntent(), REQUEST_AUTHORIZATION);
} catch (GoogleAuthException authEx) {
Log.e("GAE", authEx.toString());
} catch (IOException ioEx) {
Log.e("IOE", ioEx.toString());
}
Map<String, String> logins = new HashMap<String, String>();
logins.put("accounts.google.com", accessToken);
credentialsProvider.setLogins(logins);
Log.i("everything set", accessToken.toString() + " cognito " + cognitoID.toString());
credentialsProvider.withLogins(logins);
credentialsProvider.refresh();
Log.i("logins", credentialsProvider.getLogins().toString());
return null;
}
}
我不确定这是我在 AWS 开发人员控制台上的设置,还是代码。
这是身份池的角色策略:
{
"Version": "2012-10-17",
"Statement": [{
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}]
}
错误如下:
Android:
03-03 22:41:33.106 1970-2366/com.brillada.comicsareus E/AndroidRuntime﹕ FATAL EXCEPTION: AsyncTask #2
Process: com.brillada.comicsareus, PID: 1970
java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask.done(AsyncTask.java:300)
at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:355)
at java.util.concurrent.FutureTask.setException(FutureTask.java:222)
at java.util.concurrent.FutureTask.run(FutureTask.java:242)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
Caused by: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Invalid login token. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 5a30d834-c220-11e4-8aed-791c85399196)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:818)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:437)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:243)
at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:1079)
at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getCredentialsForIdentity(AmazonCognitoIdentityClient.java:499)
at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:622)
at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:549)
at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:499)
at com.amazonaws.auth.CognitoCachingCredentialsProvider.getIdentityId(CognitoCachingCredentialsProvider.java:418)
at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:615)
at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:549)
at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:499)
at com.brillada.comicsareus.MainActivity$cognitoID.doInBackground(MainActivity.java:408)
at com.brillada.comicsareus.MainActivity$cognitoID.doInBackground(MainActivity.java:352)
at android.os.AsyncTask.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
我确定我遗漏了什么,但我什至找不到从哪里开始解决错误。
您从 Cognito 收到 "Invalid login token" 异常,这意味着您传递的令牌无效。这可能主要是由于两个原因:
- 您正在传递过期或空令牌。
- 您传递的是有效令牌,但您在应用中使用的 Google 应用 ID 与您在身份池中配置的不匹配。
基于Javascriptpassport-google-auth模块,它returnsaccess_token、refresh_token和params.
要获得 cognito_identity,您需要使用从 Google
收到的 params.id_token passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));
app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));
var authGoogle = passport.authenticate("google", {
failureRedirect: "/auth/google"
});
app.get("auth/google/callback", authGoogle, controller.successRedirect);
getUserDetails = function(accessToken, refreshToken, params, profile, done) {
if(profile.provider == "google") {
profile.token = params.id_token // params.id_token to be used to get cognito credentials
} else {
profile.token = accessToken;
}
done(null, profile);
}
googleDeveloperDetails = {
clientID: "google cleint ID",
clientSecret: "google client secret",
callbackURL: "https://localhost:3000/auth/google/callback",
profileFields: ["emails", "profile"]
}