与 Open Id Connectivity 一起使用的 AWS Iot 身份验证错误
AWS Iot authentication error using with Open Id Connectivity
来自联合登录(以 Cognito 身份)的 AWS IOT 连接不成功
- 在 Cognito 用户池中,我将 Microsoft 帐户设置为身份提供者作为 OIDC,并使用 Microsoft Office 凭据登录。
- 通过交换从 Microsoft 生成的代码,我能够从认知令牌端点获取访问令牌、刷新令牌和 ID 令牌。
- 通过与 aws.config.credentials 交换 ID 令牌,我成功地检索了访问密钥 ID、密钥和会话令牌。
- 我正在尝试通过提供访问密钥 ID、密钥和会话令牌来连接 AWS 物联网端点。
- 连接到 websocket 失败并抛出以下错误。
2019-04-29 14:48:12.006 TRACEID:420de021-715b-d81d-4a5e-daedde37dfd4 PRINCIPALID:AROAIN6B4B4KMSI2U3UEY:CognitoIdentityCredentials [ERROR] EVENT:MQTT Client Connect MESSAGE:Connect Status: AUTHORIZATION_ERROR Failure reason:AUTHORIZATION_FAILURE
NOTE: With cognito user the connection was successful
'''
function connectWSHandler(dispatch){
var AWS = require('aws-sdk');
var AWSIoTData = require('aws-iot-device-sdk');
var AWSConfiguration = {
poolId: 'us-east-1:*****************************',
host:"a************-ats.iot.us-east-1.amazonaws.com",
region: 'us-east-1'
};
var wsOptions = {
handshakeTimeout:15000,
rejectUnauthorized:false
}
var clientId = localStorage.getItem("IdentityId");
var accessKeyId = localStorage.getItem("AccessKeyId");
console.log('accessKeyId',accessKeyId);
var secretKey = localStorage.getItem("SecretKey");
var sessionToken = localStorage.getItem("SessionToken");
if(accessKeyId==null || secretKey==null || sessionToken==null)return;
mqttClient = AWSIoTData.device({
host:AWSConfiguration.host,
clientId: clientId,
protocol: 'wss',
websocketOptions:wsOptions,
maximumReconnectTimeMs: 8000,
debug: true,
accessKeyId: accessKeyId,
secretKey: secretKey,
sessionToken: sessionToken
});
与 AWS IOT 的连接应该成功
我通过将物联网策略附加到我们用于连接的客户端 ID 解决了上述问题。
注意:客户端id只是用户的身份id[=16=]
//Need aws-sdk.js to work
function attachPrincipalPolicy(policyName, clientid) {
new AWS.Iot().attachPrincipalPolicy({ policyName: policyName, principal: clientid}, function (err, data) {
if (err) {
console.error(err); // an error occurred
}
});
}
要在 AWS IOT CORE 中创建物联网策略以连接和发布
来自联合登录(以 Cognito 身份)的 AWS IOT 连接不成功
- 在 Cognito 用户池中,我将 Microsoft 帐户设置为身份提供者作为 OIDC,并使用 Microsoft Office 凭据登录。
- 通过交换从 Microsoft 生成的代码,我能够从认知令牌端点获取访问令牌、刷新令牌和 ID 令牌。
- 通过与 aws.config.credentials 交换 ID 令牌,我成功地检索了访问密钥 ID、密钥和会话令牌。
- 我正在尝试通过提供访问密钥 ID、密钥和会话令牌来连接 AWS 物联网端点。
- 连接到 websocket 失败并抛出以下错误。
2019-04-29 14:48:12.006 TRACEID:420de021-715b-d81d-4a5e-daedde37dfd4 PRINCIPALID:AROAIN6B4B4KMSI2U3UEY:CognitoIdentityCredentials [ERROR] EVENT:MQTT Client Connect MESSAGE:Connect Status: AUTHORIZATION_ERROR Failure reason:AUTHORIZATION_FAILURE
NOTE: With cognito user the connection was successful
'''
function connectWSHandler(dispatch){
var AWS = require('aws-sdk');
var AWSIoTData = require('aws-iot-device-sdk');
var AWSConfiguration = {
poolId: 'us-east-1:*****************************',
host:"a************-ats.iot.us-east-1.amazonaws.com",
region: 'us-east-1'
};
var wsOptions = {
handshakeTimeout:15000,
rejectUnauthorized:false
}
var clientId = localStorage.getItem("IdentityId");
var accessKeyId = localStorage.getItem("AccessKeyId");
console.log('accessKeyId',accessKeyId);
var secretKey = localStorage.getItem("SecretKey");
var sessionToken = localStorage.getItem("SessionToken");
if(accessKeyId==null || secretKey==null || sessionToken==null)return;
mqttClient = AWSIoTData.device({
host:AWSConfiguration.host,
clientId: clientId,
protocol: 'wss',
websocketOptions:wsOptions,
maximumReconnectTimeMs: 8000,
debug: true,
accessKeyId: accessKeyId,
secretKey: secretKey,
sessionToken: sessionToken
});
与 AWS IOT 的连接应该成功
我通过将物联网策略附加到我们用于连接的客户端 ID 解决了上述问题。 注意:客户端id只是用户的身份id[=16=]
//Need aws-sdk.js to work
function attachPrincipalPolicy(policyName, clientid) {
new AWS.Iot().attachPrincipalPolicy({ policyName: policyName, principal: clientid}, function (err, data) {
if (err) {
console.error(err); // an error occurred
}
});
}
要在 AWS IOT CORE 中创建物联网策略以连接和发布