Amazon web services 登录抛出';用户名或密码不正确';用户登录时出错
我创建了一个Cognito用户池,用户可以在其中注册,但不能再登录。我尝试过许多不同的配置,例如禁用MFA,关闭我所看到的可能导致此问题的设备的记忆,但都没有成功 最奇怪的是,它可以在本地正常工作(Amazon web services 登录抛出';用户名或密码不正确';用户登录时出错,amazon-web-services,authentication,aws-sdk,amazon-cloudformation,amazon-cognito,Amazon Web Services,Authentication,Aws Sdk,Amazon Cloudformation,Amazon Cognito,我创建了一个Cognito用户池,用户可以在其中注册,但不能再登录。我尝试过许多不同的配置,例如禁用MFA,关闭我所看到的可能导致此问题的设备的记忆,但都没有成功 最奇怪的是,它可以在本地正常工作(localhost:5000)。我可以创建帐户和登录,但当我尝试登录我的网站https://example.com(托管在S3上)它抛出上述错误。如果我注册的话,用户似乎也会在Cognito中创建,所以这是可行的,但是登录除了本地之外在任何地方都不起作用 我对每个设置、环境变量、重新创建的用户池等进行
localhost:5000
)。我可以创建帐户和登录,但当我尝试登录我的网站https://example.com
(托管在S3上)它抛出上述错误。如果我注册的话,用户似乎也会在Cognito中创建,所以这是可行的,但是登录除了本地之外在任何地方都不起作用
我对每个设置、环境变量、重新创建的用户池等进行了双重、三重检查
错误
这是我尝试登录时引发的不明确错误:
{
__type: "NotAuthorizedException",
message: "Incorrect username or password."
}
预先注册触发的lambda
在用户通过lambda注册之前,我会确认:
import {INTERNAL_SERVER_ERROR} from 'http-status-codes';
export async function validateHumanViaSns(
event: CognitoUserPoolTriggerEvent,
context: Context,
callback: Callback
): Promise<CognitoUserPoolTriggerHandler> {
try {
event.response.autoConfirmUser = true;
callback(null, event);
return;
} catch (error) {
console.error(error);
callback(null, new Response(INTERNAL_SERVER_ERROR, {message: 'Something went wrong'}));
return;
}
}
CloudFormation同源模板
UserPool:
Type: 'AWS::Cognito::UserPool'
Properties:
UserPoolName: myapp-${self:provider.stage}-user-pool
SmsVerificationMessage: 'Your verification code is {####}.'
AutoVerifiedAttributes:
- email
MfaConfiguration: 'OFF'
EmailVerificationSubject: 'Your MyApp verification code'
EmailVerificationMessage: 'Your MyApp verification code is {####}.'
SmsAuthenticationMessage: 'Your MyApp authentication code is {####}.'
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: false
- Name: email
AttributeDataType: String
Mutable: false
Required: false
- Name: phone_number
AttributeDataType: String
Mutable: true
Required: false
Policies:
PasswordPolicy:
RequireLowercase: true
RequireSymbols: false
RequireNumbers: true
MinimumLength: 8
RequireUppercase: true
AdminCreateUserConfig:
InviteMessageTemplate:
EmailMessage: 'Your MyApp username is {username} and temporary password is {####}.'
EmailSubject: 'Your temporary MyApp password'
SMSMessage: 'Your MyApp username is {username} and temporary password is {####}.'
UnusedAccountValidityDays: 7
AllowAdminCreateUserOnly: false
# Creates a User Pool Client to be used by the identity pool
UserPoolClient:
Type: 'AWS::Cognito::UserPoolClient'
Properties:
ClientName: myapp-${self:provider.stage}-web-client
GenerateSecret: false
UserPoolId:
Ref: UserPool
# Creates a federeated Identity pool
IdentityPool:
Type: 'AWS::Cognito::IdentityPool'
Properties:
IdentityPoolName: MyApp{self:provider.stage}Identity
AllowUnauthenticatedIdentities: true
CognitoIdentityProviders:
- ClientId:
Ref: UserPoolClient
ProviderName:
'Fn::GetAtt': [ UserPool, ProviderName ]
# Create a role for unauthorized access to AWS resources. Very limited access. Only allows users in the previously created Identity Pool
CognitoUnAuthorizedRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Federated: 'cognito-identity.amazonaws.com '
Action:
- 'sts:AssumeRoleWithWebIdentity'
Condition:
StringEquals:
'cognito-identity.amazonaws.com :aud':
Ref: IdentityPool
'ForAnyValue:StringLike':
'cognito-identity.amazonaws.com :amr': unauthenticated
Policies:
- PolicyName: 'CognitoUnauthorizedPolicy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 'mobileanalytics:PutEvents'
- 'cognito-sync:*'
Resource: '*'
# Create a role for authorized access to AWS resources. Control what your user can access. This example only allows Lambda invokation
# Only allows users in the previously created Identity Pool
CognitoAuthorizedRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Federated: 'cognito-identity.amazonaws.com '
Action:
- 'sts:AssumeRoleWithWebIdentity'
Condition:
StringEquals:
'cognito-identity.amazonaws.com :aud':
Ref: IdentityPool
'ForAnyValue:StringLike':
'cognito-identity.amazonaws.com :amr': authenticated
Policies:
- PolicyName: 'CognitoAuthorizedPolicy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 'mobileanalytics:PutEvents'
- 'cognito-sync:*'
- 'cognito-identity:*'
Resource: '*'
- Effect: 'Allow'
Action:
- 'lambda:InvokeFunction'
Resource: '*'
# Assigns the roles to the Identity Pool
IdentityPoolRoleMapping:
Type: 'AWS::Cognito::IdentityPoolRoleAttachment'
Properties:
IdentityPoolId:
Ref: IdentityPool
Roles:
authenticated:
'Fn::GetAtt': [ CognitoAuthorizedRole, Arn ]
unauthenticated:
'Fn::GetAtt': [ CognitoUnAuthorizedRole, Arn ]
有没有人知道为什么会抛出这个特定错误(我认为这是误导性的),或者更好的是,如何修复这个错误?这是在AWS Amplify Github问题积压中修复的 无论在何处导入amplify,由于amplify js库中的Typescript编译问题,您都需要事先直接导入
crypto js
依赖项:
import 'crypto-js/lib-typedarrays'; // add this line
import Amplify, {Auth} from 'aws-amplify';
看起来这将是未来pull请求中的一个永久修复,因此,根据您何时到达此处,请尝试首先将
aws amplify
包更新为1.1.19
,以查看它是否已首先在主包中修复。这似乎是一个尚未解决的普遍问题(令人惊讶!)超过7个月:S3网站上使用的放大版本怎么样?与这两种情况相比,一定存在一些环境差异。由于这是从本地站点执行的,因此这肯定不是服务问题或用户池配置。@agent420我锁定了所有版本,并且在过去几周内我检查了大多数版本。可能是因为SDK/lib过时?我看到你已经检查了环境,设置和技术。但我仍然建议检查并比较这两种环境。我使用Amplify JS构建了一个PoC,但没有发现任何问题,所以它一定是env特有的,那么这是一个非常奇怪的错误。
import 'crypto-js/lib-typedarrays'; // add this line
import Amplify, {Auth} from 'aws-amplify';