"The AWS Access Key Id you provided does not exist in our records" 在与 Salesforce 联合期间
"The AWS Access Key Id you provided does not exist in our records" during a federation with Salesforce
我正在尝试通过这种方式在 Amazon 和 Salesforce 之间建立联盟:如果用户通过 Salesforce 正确进行身份验证,它将看到给定帐户中的所有 S3 存储桶。
很简单,我跟着this blog post and changed something (i.e. I don't use a DyanamoDb table and the callback is for simplicity inside an S3 bucket). The flow that I'm trying to implement is called Enhanced (simplified) flow (details here):
我对比文章稍微修改了回调代码:
function onPageLoad() {
var url = window.location.href;
var match = url.match('id_token=([^&]*)');
var id_token = "";
if (match) {
id_token = match[1];
} else {
console.error("Impossibile recuperare il token");
}
AWS.config.region = "eu-west-1"
const cognitoParams = {
AccountId: "ACC_ID",
IdentityPoolId: "eu-west-1:XXX",
Logins: {
"login.salesforce.com": id_token
}
}
const identity = new AWS.CognitoIdentity()
identity.getId(cognitoParams, function (err, identityData) {
if (err) {
printMessage(err);
return;
}
const identityParams = {
IdentityId: identityData.IdentityId,
Logins: cognitoParams.Logins
}
identity.getCredentialsForIdentity(identityParams, function (err, data) {
if (err) {
printMessage(err);
} else {
var c = {
region: 'eu-west-1',
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretKey
};
var s3 = new AWS.S3(c);
// HERE IS THE ERRORE - data is empty and response contains the error
s3.listBuckets((response, data) => {
data.Buckets.forEach(function (value) { appendMessage(value.Name) })
});
}
});
});
// IRRELEVANT CODE
}
我可以从 Salesforce 获取令牌,我可以获取访问密钥和密钥,但是当我尝试列出存储桶时,我得到一个简洁的信息:
The AWS Access Key Id you provided does not exist in our records.
我发现这个错误是合理的,因为我根本没有用户,而且密钥是即时创建的。我在哪里可以打我的头? SDK为2.103.0.
可能是由于 IAM 的最终一致性,您能否尝试在调用 listbucket api 或向 us-east-1 端点发出请求之前加入延迟?
http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-service2。
- GetCredentialsForIdentity returns 临时凭证。因此,您应该包括 AccessKeyId、SecretKey 和 SessionToken 来发出请求。
http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html
希望这会有所帮助。
我正在尝试通过这种方式在 Amazon 和 Salesforce 之间建立联盟:如果用户通过 Salesforce 正确进行身份验证,它将看到给定帐户中的所有 S3 存储桶。
很简单,我跟着this blog post and changed something (i.e. I don't use a DyanamoDb table and the callback is for simplicity inside an S3 bucket). The flow that I'm trying to implement is called Enhanced (simplified) flow (details here):
我对比文章稍微修改了回调代码:
function onPageLoad() {
var url = window.location.href;
var match = url.match('id_token=([^&]*)');
var id_token = "";
if (match) {
id_token = match[1];
} else {
console.error("Impossibile recuperare il token");
}
AWS.config.region = "eu-west-1"
const cognitoParams = {
AccountId: "ACC_ID",
IdentityPoolId: "eu-west-1:XXX",
Logins: {
"login.salesforce.com": id_token
}
}
const identity = new AWS.CognitoIdentity()
identity.getId(cognitoParams, function (err, identityData) {
if (err) {
printMessage(err);
return;
}
const identityParams = {
IdentityId: identityData.IdentityId,
Logins: cognitoParams.Logins
}
identity.getCredentialsForIdentity(identityParams, function (err, data) {
if (err) {
printMessage(err);
} else {
var c = {
region: 'eu-west-1',
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretKey
};
var s3 = new AWS.S3(c);
// HERE IS THE ERRORE - data is empty and response contains the error
s3.listBuckets((response, data) => {
data.Buckets.forEach(function (value) { appendMessage(value.Name) })
});
}
});
});
// IRRELEVANT CODE
}
我可以从 Salesforce 获取令牌,我可以获取访问密钥和密钥,但是当我尝试列出存储桶时,我得到一个简洁的信息:
The AWS Access Key Id you provided does not exist in our records.
我发现这个错误是合理的,因为我根本没有用户,而且密钥是即时创建的。我在哪里可以打我的头? SDK为2.103.0.
可能是由于 IAM 的最终一致性,您能否尝试在调用 listbucket api 或向 us-east-1 端点发出请求之前加入延迟?
http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-service2。- GetCredentialsForIdentity returns 临时凭证。因此,您应该包括 AccessKeyId、SecretKey 和 SessionToken 来发出请求。 http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_GetCredentialsForIdentity.html 希望这会有所帮助。