我正在嘗試使用 Cognito 對 Java 應(yīng)用程序進行身份驗證。我在 python 中使用了運行良好的保證庫。但我現(xiàn)在想在java中做同樣的事情。我用我的 Python 函數(shù)對保證庫進行身份驗證def SRPauthentication(organizationAdmin, password, pool_id, client_id, client): aws = AWSSRP(username=organizationAdmin, password=password, pool_id=pool_id, client_id=client_id, client=client) tokens = aws.authenticate_user() authorization_token= tokens['AuthenticationResult']['IdToken'] return authorization_token 有了這個,我可以輕松訪問一些安全的 API?,F(xiàn)在我想用 Java 做同樣的事情,但我有問題。到目前為止,這是我的解決方案是這種方法: public static void GetCreds() { AWSCognitoIdentityProvider identityProvider = AWSCognitoIdentityProviderClientBuilder.defaultClient(); AdminInitiateAuthRequest adminInitiateAuthRequest = new AdminInitiateAuthRequest(). withAuthFlow(AuthFlowType.USER_SRP_AUTH). withClientId("234234234234").withUserPoolId("eu-central-1_sdfsdfdsf") .addAuthParametersEntry("USERNAME", "UserK"). addAuthParametersEntry("PASSWORD","#######); }當我運行它時,我得到一個異常:Exception in thread "main" `com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException: User: arn:aws:iam::XXXXXXXXXXXXXXXXX:user/khan is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito-idp:eu-central-1:XXXXXXXX:userpool/eu-central-1_XXXXXXX with an explicit deny (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: AccessDeniedException; Request ID: 21be0b8e-adec-11e8-ad45-234234234)`它說我無權(quán)執(zhí)行此類指令。所以我想我在做一些普遍錯誤的事情。因為它與我的 python 代碼一起工作,并且在 Java 中它可以從憑據(jù)中識別我的用戶名。Cognito 調(diào)用實際上應(yīng)該獨立于我的 aws 憑據(jù)/用戶帳戶,對嗎?如何使用 Java 對 Cognito 進行身份驗證以獲取令牌以訪問安全的 aws 服務(wù)?
Cognito SRP 身份驗證 JAVA SDK
慕的地6264312
2021-08-25 15:24:47