AWS Cognito 仅适用于 USEast1
AWS Cognito Only Working in USEast1
我有一个使用 AWS Cognito API 以 Swift 编写的 iOS 应用程序。连接到 USEast1 按预期工作并验证我的用户
var awsProperties = NSDictionary(contentsOfFile: NSBundle.mainBundle().pathForResource("AWS", ofType: "plist")!)
var credentialsProvider : AWSCognitoCredentialsProvider
var loggedIn = false
override init() {
credentialsProvider = AWSCognitoCredentialsProvider.credentialsWithRegionType(
AWSRegionType.USEast1,
accountId:awsProperties?.valueForKey(GlobalConstants.AccountId) as String,
identityPoolId:awsProperties?.valueForKey(GlobalConstants.USIdentityPoolId) as String,
unauthRoleArn:awsProperties?.valueForKey(GlobalConstants.UnauthDefaultRole) as String,
authRoleArn:awsProperties?.valueForKey(GlobalConstants.AuthDefaultRole) as String)
}
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: NSDictionary?) -> Bool {
let defaultServiceConfiguration = AWSServiceConfiguration(
region: AWSRegionType.USEast1,
credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().setDefaultServiceConfiguration(defaultServiceConfiguration)
credentialsProvider.getIdentityId().continueWithBlock { (task: BFTask!) -> AnyObject! in
if((task.error) != nil) {
NSLog("%@", task.error)
} else {
NSLog("%@", self.credentialsProvider.identityId)
self.loggedIn = true
}
return self.loggedIn
}
return true
}
我有必要的代码允许在单独的登录控制器中登录 G+,没有特定区域。
但是,如果我使用完全相同的代码,但将区域更改为 EUWest1 并使用我基于欧盟的识别池,我会得到以下异常:
AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:453 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | In refresh, but identityId is nil.
AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:454 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | Result from getIdentityId is (null)
我的 IAM 角色的信任策略允许访问两个身份池:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "accounts.google.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": [
"eu-west-1:XXXXXX",
"us-east-1:XXXXXX"
]
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
}
我是否遗漏了我应该覆盖该区域的地方?
通常,在为此苦苦挣扎了几天之后,我终于找到了问题并发布到 SO。
问题是在框架搜索路径上链接了以前版本的 AWS iOS SDK,它没有 EUCentral1。将其包含在枚举中似乎已经更改了索引,并且鉴于 Cognito 仅在 USEast1 和 EUWest1 中受支持,它正在尝试针对不正确的区域进行身份验证。
我有一个使用 AWS Cognito API 以 Swift 编写的 iOS 应用程序。连接到 USEast1 按预期工作并验证我的用户
var awsProperties = NSDictionary(contentsOfFile: NSBundle.mainBundle().pathForResource("AWS", ofType: "plist")!)
var credentialsProvider : AWSCognitoCredentialsProvider
var loggedIn = false
override init() {
credentialsProvider = AWSCognitoCredentialsProvider.credentialsWithRegionType(
AWSRegionType.USEast1,
accountId:awsProperties?.valueForKey(GlobalConstants.AccountId) as String,
identityPoolId:awsProperties?.valueForKey(GlobalConstants.USIdentityPoolId) as String,
unauthRoleArn:awsProperties?.valueForKey(GlobalConstants.UnauthDefaultRole) as String,
authRoleArn:awsProperties?.valueForKey(GlobalConstants.AuthDefaultRole) as String)
}
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: NSDictionary?) -> Bool {
let defaultServiceConfiguration = AWSServiceConfiguration(
region: AWSRegionType.USEast1,
credentialsProvider: credentialsProvider)
AWSServiceManager.defaultServiceManager().setDefaultServiceConfiguration(defaultServiceConfiguration)
credentialsProvider.getIdentityId().continueWithBlock { (task: BFTask!) -> AnyObject! in
if((task.error) != nil) {
NSLog("%@", task.error)
} else {
NSLog("%@", self.credentialsProvider.identityId)
self.loggedIn = true
}
return self.loggedIn
}
return true
}
我有必要的代码允许在单独的登录控制器中登录 G+,没有特定区域。
但是,如果我使用完全相同的代码,但将区域更改为 EUWest1 并使用我基于欧盟的识别池,我会得到以下异常:
AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:453 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | In refresh, but identityId is nil.
AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:454 | __46-[AWSCognitoCredentialsProvider getIdentityId]_block_invoke | Result from getIdentityId is (null)
我的 IAM 角色的信任策略允许访问两个身份池:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "accounts.google.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"cognito-identity.amazonaws.com:aud": [
"eu-west-1:XXXXXX",
"us-east-1:XXXXXX"
]
},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "authenticated"
}
}
}
]
}
我是否遗漏了我应该覆盖该区域的地方?
通常,在为此苦苦挣扎了几天之后,我终于找到了问题并发布到 SO。
问题是在框架搜索路径上链接了以前版本的 AWS iOS SDK,它没有 EUCentral1。将其包含在枚举中似乎已经更改了索引,并且鉴于 Cognito 仅在 USEast1 和 EUWest1 中受支持,它正在尝试针对不正确的区域进行身份验证。