当前位置 : 主页 > 手机开发 > ios >

ios – cognito – 禁止访问身份

来源:互联网 收集:自由互联 发布时间:2021-06-11
我试图通过Facebook登录后了解亚马逊认知和尝试S3文件夹的列表内容. 脸书登录工作正常.当我点击测试按钮(cmdTestS3Tapped)时,它会抛出以下错误. 我从Amazon amazon提供的项目中将AmazonClientMa
我试图通过Facebook登录后了解亚马逊认知和尝试S3文件夹的列表内容.
脸书登录工作正常.当我点击测试按钮(cmdTestS3Tapped)时,它会抛出以下错误.

我从Amazon amazon提供的项目中将AmazonClientManager.h,AmazonClientManager.m和Constants.h包含在项目中.
常数以belllow的形式给出.任何人都可以帮我解决这个问题.

#define AWSAccountID @"MyAccountID"
#define CognitoPoolID @"us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
#define CognitoRoleAuth @"arn:aws:iam::MyAccountID:role/Cognito_iOSTestPoolAuth_DefaultRole"
#define CognitoRoleUnauth @"arn:aws:iam::MyAccountID:role/Cognito_iOSTestPoolAuth_DefaultRole"

这是角色–Cognito_iOSTestPoolAuth_DefaultRole

{
    "Version": "2012-10-17",
    "Statement": [{
        "Action": [
            "mobileanalytics:PutEvents",
            "cognito-sync:*"
        ],
        "Effect": "Allow",
        "Resource": [
            "*"
        ],
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": "*"
    }]
}

这是信任关系

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "unauthenticated"
        }
      }
    }
  ]
}

这是我正在使用的代码

- (IBAction)cmdLoginWithFB:(id)sender {
    [[UIApplication sharedApplication] setNetworkActivityIndicatorVisible:YES];
    [self disableUI];
    [[AmazonClientManager sharedInstance] loginFromView:self.view withCompletionHandler:^(NSError *error) {
        dispatch_async(dispatch_get_main_queue(), ^{
            [self refreshUI];
        });
    }];
}

-(void)refreshUI {
    [[UIApplication sharedApplication] setNetworkActivityIndicatorVisible:NO];
    //self.browseDataButton.enabled = YES;
    self.cmdLoginWithFB.enabled = YES;
    if ([[AmazonClientManager sharedInstance] isLoggedIn]) {
        self.cmdLoginWithFB.titleLabel.text = @"Link";
        NSLog(@"-----------LOGED IN -------------->");
    }
    else {
        self.cmdLoginWithFB.titleLabel.text = @"Login";
        NSLog(@"-----------NOT LOGED IN -------------->");
    }
    self.cmdLogoutWipe.enabled = [[AmazonClientManager sharedInstance] isLoggedIn];
}


- (IBAction)cmdTestS3Tapped:(id)sender {
    if ([[AmazonClientManager sharedInstance] isLoggedIn]) {
        NSLog(@"-----------LOGED IN -------------->");
        [self testListBucket];
    }
    else {
        NSLog(@"-----------NOT LOGED IN -------------->");
    }
}


- (void)testListBucket {
    AWSS3GetObjectRequest *getObjectRequest = [[AWSS3GetObjectRequest alloc] init];
    getObjectRequest.key = @"image1.jpg";
    getObjectRequest.bucket = @"multix-test";

    NSLog(@"============================================>");

    //default service has been configured previously
    //AWSS3 *s3 = [[AWSS3 new] initWithConfiguration:[AWSServiceManager defaultServiceManager].defaultServiceConfiguration];

     AWSS3 *s3 = [AWSS3 defaultS3];


    [[s3 getObject:getObjectRequest] continueWithBlock:^id(BFTask *task) {
        if(task.error)
        {
            NSLog(@"Error: %@",task.error);
        }
        else
        {
            NSLog(@"Got File");
            NSData *data = [task.result body];
            NSString *urlString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
            NSURL *url = [[NSURL alloc] initWithString:urlString];
            if ([[UIApplication sharedApplication] canOpenURL:url]) {
                [[UIApplication sharedApplication] openURL:url];
            }
        }
        return nil;
    }];
    NSLog(@"============================================>");
}

错误

2014-11-26 20:58:24.048 FBLoginTest[2647:83767] initializing clients...
2014-11-26 20:58:24.055 FBLoginTest[2647:83767] -----------LOGED IN -------------->
2014-11-26 20:58:33.542 FBLoginTest[2647:83767] -----------LOGED IN -------------->
2014-11-26 20:58:33.542 FBLoginTest[2647:83767] ============================================>
2014-11-26 20:58:33.551 FBLoginTest[2647:83767] ============================================>
2014-11-26 20:58:33.554 FBLoginTest[2647:88515] AWSiOSSDKv2 [Verbose] AWSURLRequestSerialization.m line:110 | -[AWSJSONRequestSerializer serializeRequest:headers:parameters:] | Request body: [{"IdentityId":"us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"}]
2014-11-26 20:58:34.870 FBLoginTest[2647:88605] AWSiOSSDKv2 [Debug] AWSURLResponseSerialization.m line:85 | -[AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response header: [{
    "Content-Length" = 129;
    "Content-Type" = "application/x-amz-json-1.1";
    Date = "Wed, 26 Nov 2014 16:58:34 GMT";
    nnCoection = close;
    "x-amzn-RequestId" = "7558584c-758d-11e4-a92d-11020f90ea0e";
}]
2014-11-26 20:58:34.871 FBLoginTest[2647:88605] AWSiOSSDKv2 [Verbose] AWSURLResponseSerialization.m line:90 | -[AWSJSONResponseSerializer responseObjectForResponse:originalRequest:currentRequest:data:error:] | Response body: [{"__type":"NotAuthorizedException","message":"Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden."}]
2014-11-26 20:58:34.873 FBLoginTest[2647:88605] AWSiOSSDKv2 [Error] AWSIdentityProvider.m line:212 | __42-[AWSBasicCognitoIdentityProvider refresh]_block_invoke_2 | GetOpenIdToken failed. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 "The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 8.)" UserInfo=0x7fd042491650 {__type=NotAuthorizedException, message=Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden.}]
2014-11-26 20:58:34.873 FBLoginTest[2647:88605] AWSiOSSDKv2 [Error] AWSCredentialsProvider.m line:433 | __40-[AWSCognitoCredentialsProvider refresh]_block_invoke293 | Unable to refresh. Error is [Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 "The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 8.)" UserInfo=0x7fd042491650 {__type=NotAuthorizedException, message=Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden.}]
2014-11-26 20:58:34.873 FBLoginTest[2647:88605] Error: Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=8 "The operation couldn’t be completed. (com.amazonaws.AWSCognitoIdentityErrorDomain error 8.)" UserInfo=0x7fd042491650 {__type=NotAuthorizedException, message=Access to Identity 'us-east-1:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' is forbidden.}
我认为信任关系是不正确的.它应该是

"ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }

因为您的用户已通过Facebook验证.您提供的信任关系适用于未经身份验证的用户.

有关Cognito,角色和信任关系的更多详细信息,请参阅Bob的三部分博客

第1部分:http://mobile.awsblog.com/post/Tx2UQN4KWI6GDJL/Understanding-Amazon-Cognito-Authentication

第2部分:http://mobile.awsblog.com/post/Tx2FL1QAPDE0UAH/Understanding-Amazon-Cognito-Authentication-Part-2-Developer-Authenticated-Ident

第3部分:http://mobile.awsblog.com/post/Tx1OSMBRHZVM9V0/Understanding-Amazon-Cognito-Authentication-Part-3-Roles-and-Policies

网友评论