Fatal编程技术网

Amazon web services Firebase作为Cognito/AWS的身份提供者

amazon-web-services

Amazon web services Firebase作为Cognito/AWS的身份提供者,amazon-web-services,firebase-authentication,aws-sdk,amazon-cognito,amazon-iam,Amazon Web Services,Firebase Authentication,Aws Sdk,Amazon Cognito,Amazon Iam,我很难使用Firebase作为开放ID连接提供商。 你能进一步描述一下你在完成这项工作之前和之后所经历的步骤吗 以下是我迄今为止所做的工作: 在AWS控制台中: 1-创建IAM身份提供程序(OpenID Connect),并使用securetoken.google.com/作为URL,供观众使用 2-手动检查指纹(与AWS生成的指纹匹配) 3-创建了具有访问所需服务权限的角色 4-在Cognito中创建了一个身份池,并在“已验证角色”下拉列表中选择了我新创建的角色 5-在Authenticati

我很难使用Firebase作为开放ID连接提供商。 你能进一步描述一下你在完成这项工作之前和之后所经历的步骤吗

以下是我迄今为止所做的工作: 在AWS控制台中:

1-创建IAM身份提供程序(OpenID Connect),并使用
securetoken.google.com/
作为URL,
供观众使用

2-手动检查指纹(与AWS生成的指纹匹配)

3-创建了具有访问所需服务权限的角色

4-在Cognito中创建了一个身份池,并在“已验证角色”下拉列表中选择了我新创建的角色

5-在Authentication Providers>OpenID类别下选择我的身份提供者(因此格式为):
securetoken.google.com/

在我的代码中(我使用的是Vue.js),以下是我经历的逻辑步骤:

  • 导入/设置AWS SDK

  • 调用Firebase身份验证服务

  • 创建一个新的认知身份
  • 使用getOpenIdTokenForDeveloperIdentity并推送从Firebase接收的令牌ID
问题是,我不断收到“配置中缺少凭据”错误

守则:

import axios from 'axios';
const AWS = require('aws-sdk');

AWS.config.region = 'eu-west-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
  IdentityPoolId: 'MY_COGNITO_POOL_ID',
});

export default {
  name: 'My Vue.js component name',
  data() {
    return {
      email: '',
      password: '',
      msg: '',
    };
  },
  methods: {
    submit() {
      axios
        .post(
          'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=MY_KEY',
        {
          email: this.email,
          password: password,
          returnSecureToken: true,
        },
        )
        .then((res) => {
         // stores tokens locally
          localStorage.setItem('jwt', JSON.stringify(res.data));
          const cognitoidentity = new AWS.CognitoIdentity();
          const params = {
            IdentityPoolId: 'MY_COGNITO_POOL_ID',
            Logins: {
              'securetoken.google.com/<PROJECT_ID>': res.data.idToken,
            },
            IdentityId: null,
            TokenDuration: 3600,
          };
          cognitoidentity.getOpenIdTokenForDeveloperIdentity(params, (err, data) => {
            if (err) console.log(err, err.stack); // an error occurred
            else console.log(data);           // successful response
          });
        });
    },
  },
};

从“axios”导入axios;
const AWS=require('AWS-sdk');
AWS.config.region='eu-west-1';
AWS.config.credentials=新的AWS.CognitoIdentityCredentials({
IdentityPoolId:“我的认知池”,
});
导出默认值{
名称:“我的Vue.js组件名称”,
数据(){
返回{
电子邮件:“”,
密码:“”,
消息:“”,
};
},
方法:{
提交(){
axios
.邮政(
'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=MY_KEY',
{
电子邮件:this.email,
密码:密码,
returnSecureToken:true,
},
)
。然后((res)=>{
//在本地存储令牌
setItem('jwt',JSON.stringify(res.data));
const cognitoidentity=新的AWS.cognitoidentity();
常量参数={
IdentityPoolId:“我的认知池”,
登录:{
'securetoken.google.com/':res.data.idToken,
},
IdentityId:null,
持续时间:3600,
};
cognitoidentity.getOpenIdTokenForDeveloperIdentity(参数,(错误,数据)=>{
if(err)console.log(err,err.stack);//发生错误
else console.log(数据);//响应成功
});
});
},
},
};
以下是我在尝试实现这一目标时使用的资源:

  • 尝试在
    CognitoIdentityCredentials
    对象中设置登录映射,即firebase令牌。见医生

    AWS.config.credentials=新的AWS.CognitoIdentityCredentials({ IdentityPoolId:“我的认知池”, 登录:{ “securetoken.google.com/”: } });
  • 在初始化Cognito客户端之前,尝试调用credentials对象上的方法。您也可以使用
  • 如果上述步骤不起作用&它们应该在初始化Cognito客户机时作为选项传递凭据。有关使用CognitoIdentity构造函数时可用的选项,请参见文档

    const cognitoidentity = new AWS.CognitoIdentity({credentials: AWS.config.credentials}); const cognitoidentity=new AWS.cognitoidentity({credentials:AWS.config.credentials})
  • 如果仍然收到错误,请在调用get()方法后尝试在控制台中记录credentials对象。理想情况下,它应该具有临时凭证(accessKey、secretKey和sessionToken)

如果最终代码对任何人都有帮助:

import axios from 'axios';

const AWS = require('aws-sdk');
const aws4 = require('aws4');

export default {
  name: 'VUE_CPNT_NAME',
  data() {
    return {
      email: '',
      password: '',
      msg: '',
      idToken: '',
    };
  },
  methods: {
    submit() {
      // Firebase SignIn API
      // Doc: https://firebase.google.com/docs/reference/rest/auth/
      axios
        .post(
          'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[MY_KEY]',
        {
          email: this.email,
          password: this.password,
          returnSecureToken: true,
        },
        )
        .then((res) => {
          this.idToken = res.data.idToken;
          localStorage.setItem('jwt', JSON.stringify(res.data));
          AWS.config.credentials = new AWS.CognitoIdentityCredentials({
            IdentityPoolId: 'IDENTITY_POOL_ID',
            Logins: {
              'securetoken.google.com/<FIREBASE_PROJECT_ID>': res.data.idToken,
            },
          }, {
            region: 'eu-west-1',
          });
          // AWS.config.crendentials.get() methods works as well
          // or a call to cognitoidentity.getId() followed by a call to getCredentialsForIdentity() 
          // will achieve the same thing. Cool. But why!?
          AWS.config.getCredentials((err) => {
            if (err) {
              console.log(err);
            }
            const request = {
              host: 'API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com',
              method: 'GET',
              url: 'https://API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com/PATH',
              path: '/API_ENDPOINT_PATH',
            };
            // Signing the requests to API Gateway when the Authorization is set AWS_IAM.
            // Not required when Cognito User Pools are used
            const signedRequest = aws4.sign(request,
              {
                secretAccessKey: AWS.config.credentials.secretAccessKey,
                accessKeyId: AWS.config.credentials.accessKeyId,
                sessionToken: AWS.config.credentials.sessionToken,
              });
            // removing the Host header to avoid errors in Chrome
            delete signedRequest.headers.Host;
            axios(signedRequest);
          });
        });
    },
  },
};

从“axios”导入axios;
const AWS=require('AWS-sdk');
const aws4=需要(“aws4”);
导出默认值{
名称:“VUE_CPNT_名称”,
数据(){
返回{
电子邮件:“”,
密码:“”,
消息:“”,
idToken:“”,
};
},
方法:{
提交(){
//Firebase SignIn API
//文件:https://firebase.google.com/docs/reference/rest/auth/
axios
.邮政(
'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[我的钥匙],
{
电子邮件:this.email,
密码:this.password,
returnSecureToken:true,
},
)
。然后((res)=>{
this.idToken=res.data.idToken;
setItem('jwt',JSON.stringify(res.data));
AWS.config.credentials=新的AWS.CognitoIdentityCredentials({
IdentityPoolId:“IDENTITY\u POOL\u ID”,
登录:{
'securetoken.google.com/':res.data.idToken,
},
}, {
地区:“欧盟-西部-1”,
});
//AWS.config.crendentials.get()方法也可以工作
//或者调用cognitoidentity.getId(),然后调用getCredentialsForIdentity()
//会达到同样的效果。很酷。但是为什么呢!?
AWS.config.getCredentials((错误)=>{
如果(错误){
控制台日志(err);
}
常量请求={
主机:“API\u GATEWAY\u ENDPOINT.eu-west-1.amazonaws.com”,
方法:“GET”,
网址:'https://API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com/PATH',
路径:'/API_端点_路径',
};
//授权设置为AWS_IAM时对API网关的请求进行签名。
//使用Cognito用户池时不需要
const signedRequest=aws4.签名(请求,
{
secretAccessKey:AWS.config.credentials.secretAccessKey,
accessKeyId:AWS.config.credentials.accessKeyId,
sessionToken:AWS.config.credentials.sessionToken,
});
//删除主机头以避免Chrome中的错误
删除signedRequest.headers.Host;
axios(签名请求);

import axios from 'axios';

const AWS = require('aws-sdk');
const aws4 = require('aws4');

export default {
  name: 'VUE_CPNT_NAME',
  data() {
    return {
      email: '',
      password: '',
      msg: '',
      idToken: '',
    };
  },
  methods: {
    submit() {
      // Firebase SignIn API
      // Doc: https://firebase.google.com/docs/reference/rest/auth/
      axios
        .post(
          'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[MY_KEY]',
        {
          email: this.email,
          password: this.password,
          returnSecureToken: true,
        },
        )
        .then((res) => {
          this.idToken = res.data.idToken;
          localStorage.setItem('jwt', JSON.stringify(res.data));
          AWS.config.credentials = new AWS.CognitoIdentityCredentials({
            IdentityPoolId: 'IDENTITY_POOL_ID',
            Logins: {
              'securetoken.google.com/<FIREBASE_PROJECT_ID>': res.data.idToken,
            },
          }, {
            region: 'eu-west-1',
          });
          // AWS.config.crendentials.get() methods works as well
          // or a call to cognitoidentity.getId() followed by a call to getCredentialsForIdentity() 
          // will achieve the same thing. Cool. But why!?
          AWS.config.getCredentials((err) => {
            if (err) {
              console.log(err);
            }
            const request = {
              host: 'API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com',
              method: 'GET',
              url: 'https://API_GATEWAY_ENDPOINT.eu-west-1.amazonaws.com/PATH',
              path: '/API_ENDPOINT_PATH',
            };
            // Signing the requests to API Gateway when the Authorization is set AWS_IAM.
            // Not required when Cognito User Pools are used
            const signedRequest = aws4.sign(request,
              {
                secretAccessKey: AWS.config.credentials.secretAccessKey,
                accessKeyId: AWS.config.credentials.accessKeyId,
                sessionToken: AWS.config.credentials.sessionToken,
              });
            // removing the Host header to avoid errors in Chrome
            delete signedRequest.headers.Host;
            axios(signedRequest);
          });
        });
    },
  },
};