Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ios/95.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Ios cognito-禁止访问身份_Ios_Amazon Web Services_Amazon S3_Amazon Cognito_Amazon Mobile Analytics - Fatal编程技术网
Fatal编程技术网
  • ios/
  • Ios cognito-禁止访问身份

Ios cognito-禁止访问身份

ios amazon-web-services amazon-s3

Ios cognito-禁止访问身份,ios,amazon-web-services,amazon-s3,amazon-cognito,amazon-mobile-analytics,Ios,Amazon Web Services,Amazon S3,Amazon Cognito,Amazon Mobile Analytics,我正在尝试理解AmazonCognito,并尝试在通过facebook登录后列出S3文件夹的内容。 FaceBook登录工作正常。当我点击test按钮(cmdTestS3Tapped)时,它抛出以下错误 我将amazon提供的示例中的AmazonClientManager.h、AmazonClientManager.m和Constants.h包含到项目中。 常数以belllow的形式给出。谁能帮我解决这个问题 #define AWSAccountID @"MyAccountID" #define

我正在尝试理解AmazonCognito,并尝试在通过facebook登录后列出S3文件夹的内容。 FaceBook登录工作正常。当我点击test按钮(cmdTestS3Tapped)时,它抛出以下错误

我将amazon提供的示例中的AmazonClientManager.h、AmazonClientManager.m和Constants.h包含到项目中。 常数以belllow的形式给出。谁能帮我解决这个问题

#define AWSAccountID @"MyAccountID"
#define CognitoPoolID @"us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
#define CognitoRoleAuth @"arn:aws:iam::MyAccountID:role/Cognito_iOSTestPoolAuth_DefaultRole"
#define CognitoRoleUnauth @"arn:aws:iam::MyAccountID:role/Cognito_iOSTestPoolAuth_DefaultRole"
这是角色-Cognito_iOSTestPoolAuth_DefaultRole

{
    "Version": "2012-10-17",
    "Statement": [{
        "Action": [
            "mobileanalytics:PutEvents",
            "cognito-sync:*"
        ],
        "Effect": "Allow",
        "Resource": [
            "*"
        ],
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": "*"
    }]
}
这里是信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "unauthenticated"
        }
      }
    }
  ]
}
这是我正在使用的代码

- (IBAction)cmdLoginWithFB:(id)sender {
    [[UIApplication sharedApplication] setNetworkActivityIndicatorVisible:YES];
    [self disableUI];
    [[AmazonClientManager sharedInstance] loginFromView:self.view withCompletionHandler:^(NSError *error) {
        dispatch_async(dispatch_get_main_queue(), ^{
            [self refreshUI];
        });
    }];
}

-(void)refreshUI {
    [[UIApplication sharedApplication] setNetworkActivityIndicatorVisible:NO];
    //self.browseDataButton.enabled = YES;
    self.cmdLoginWithFB.enabled = YES;
    if ([[AmazonClientManager sharedInstance] isLoggedIn]) {
        self.cmdLoginWithFB.titleLabel.text = @"Link";
        NSLog(@"-----------LOGED IN -------------->");
    }
    else {
        self.cmdLoginWithFB.titleLabel.text = @"Login";
        NSLog(@"-----------NOT LOGED IN -------------->");
    }
    self.cmdLogoutWipe.enabled = [[AmazonClientManager sharedInstance] isLoggedIn];
}


- (IBAction)cmdTestS3Tapped:(id)sender {
    if ([[AmazonClientManager sharedInstance] isLoggedIn]) {
        NSLog(@"-----------LOGED IN -------------->");
        [self testListBucket];
    }
    else {
        NSLog(@"-----------NOT LOGED IN -------------->");
    }
}


- (void)testListBucket {
    AWSS3GetObjectRequest *getObjectRequest = [[AWSS3GetObjectRequest alloc] init];
    getObjectRequest.key = @"image1.jpg";
    getObjectRequest.bucket = @"multix-test";

    NSLog(@"============================================>");

    //default service has been configured previously
    //AWSS3 *s3 = [[AWSS3 new] initWithConfiguration:[AWSServiceManager defaultServiceManager].defaultServiceConfiguration];

     AWSS3 *s3 = [AWSS3 defaultS3];


    [[s3 getObject:getObjectRequest] continueWithBlock:^id(BFTask *task) {
        if(task.error)
        {
            NSLog(@"Error: %@",task.error);
        }
        else
        {
            NSLog(@"Got File");
            NSData *data = [task.result body];
            NSString *urlString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
            NSURL *url = [[NSURL alloc] initWithString:urlString];
            if ([[UIApplication sharedApplication] canOpenURL:url]) {
                [[UIApplication sharedApplication] openURL:url];
            }
        }
        return nil;
    }];
    NSLog(@"============================================>");
}
错误

我认为这种信任关系是不正确的。应该是

 "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
因为你的用户是通过Facebook认证的。您提供的信任关系适用于未经身份验证的用户

有关Cognito、角色和信任关系的更多详细信息,请参见Bob由三部分组成的博客

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "unauthenticated"
        }
      }
    }
  ]
}
第1部分:

第2部分:

第3部分:

错误“禁止访问标识”通常是由于未能将登录提供商(FB)的令牌包含在凭据提供商上而导致的

您没有包含处理FB登录的代码,但我会确保您在AWSCognitoCredentials提供程序上正确设置了令牌,并将该提供程序设置为默认设置

注意这一点仍然很重要,因为如果您使用的角色不正确,以后可能会遇到STS错误。

谢谢Bob&Sebastien

问题是。我忘了在viewdidload中放入以下代码

[[AmazonClientManager sharedInstance] resumeSessionWithCompletionHandler:^(NSError *error) {
    dispatch_async(dispatch_get_main_queue(), ^{
        [self refreshUI];
    });
}];
这是否意味着在每次AWS API调用之前,AWSCognitoCredentials logins属性应与identity browser中的链接登录名相匹配?@BaSha凭据提供程序至少每小时启动一次刷新流。