0
  1. 我正在使用 AWS Cognito 身份验证进行签名机制。为了获得凭证(访问、秘密和会话令牌),我们需要获得身份令牌。
  2. 我有用户名、密码、clientId、userPoolId、identityPoolId 信息。但是,当我尝试使用 USER_PASSWORD_AUTH 作为身份验证流类型生成 id 令牌时,我收到以下错误 原因:com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException:缺少身份验证令牌(服务:AWSCognitoIdentityProvider;状态代码:400;错误代码:MissingAuthenticationTokenException;请求 ID:;代理:空)

下面是代码:

AnonymousAWSCredentials awsCreds = new AnonymousAWSCredentials();

    AWSCognitoIdentityProvider provider = AWSCognitoIdentityProviderClientBuilder.standard()
            .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
            .withRegion(//region)
            .build();
           

    AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
            .withAuthFlow(AuthFlowType.USER_PASSWORD_AUTH)
            .withClientId("")
            .withUserPoolId("")
            .withAuthParameters(map);
    Map<String,String> map = new HashMap<>();
    map.put("USERNAME","");
    map.put("PASSWORD","");

这里的地图将有用户名和密码。

有人可以帮助如何在 Java 中配置身份验证以生成 id 令牌和访问令牌吗?提前致谢!!

4

1 回答 1

4

您的代码可能如下所示。请注意:

  1. 用于身份验证的 ADMIN_USER_PASSWORD_AUTH 流。请参阅 AdminInitiateAuth

  2. 在 Cognito 的客户端设置中,在“Auth Flows Configuration”部分下,应启用下一个选项“Enable username password auth for admin APIs for authentication (ALLOW_ADMIN_USER_PASSWORD_AUTH)”

     public static void auth(String username, String password) {

 AwsBasicCredentials awsCreds = AwsBasicCredentials.create(AWS_KEY,
         AWS_SECRET);

 CognitoIdentityProviderClient identityProviderClient =
         CognitoIdentityProviderClient.builder()
                 .credentialsProvider(StaticCredentialsProvider.create(awsCreds))
                 .region(Region.of(REGION))
                 .build();

 final Map<String, String> authParams = new HashMap<>();
 authParams.put("USERNAME", username);
 authParams.put("PASSWORD", password);
 authParams.put("SECRET_HASH", calculateSecretHash(CLIENT_ID,
         CLIENT_SECRET, username));

 final AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
         .authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
         .clientId(CLIENT_ID)
         .userPoolId(POOL_ID)
         .authParameters(authParams)
         .build();

 AdminInitiateAuthResponse result = identityProviderClient.adminInitiateAuth(authRequest);

 System.out.println(result.authenticationResult().accessToken());
 System.out.println(result.authenticationResult().idToken());

    }

  3. 方法 calculateSecretHash 取自 AWS Documentation Signing Up and Confirming User Accounts

     private static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
 final String HMAC_SHA256_ALGORITHM = "HmacSHA256";

 SecretKeySpec signingKey = new SecretKeySpec(
         userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
         HMAC_SHA256_ALGORITHM);
 try {
     Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
     mac.init(signingKey);
     mac.update(userName.getBytes(StandardCharsets.UTF_8));
     byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
     return Base64.getEncoder().encodeToString(rawHmac);
 } catch (Exception e) {
     throw new RuntimeException("Error while calculating ");
 }}
于 2020-09-18T10:32:24.660 回答