我正在嘗試使用開發人員身份驗證的amazon cognito。我的API已成功返回一個id和令牌。然而,當我使用這些標記將內容上傳到S3我收到以下錯誤:AWS Cognito iOS開發人員身份驗證
Not authorized to perform sts:AssumeRoleWithWebIdentity
下面是我用於設置憑據提供代碼。
ZGAWSIdentityProvider *identityProvider = [ZGAWSIdentityProvider new];
[identityProvider setIdentityPoolId:AWS_IDENTITY_POOL_ID];
AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc]
initWithRegionType:AWSRegionUSEast1
identityProvider:identityProvider
unauthRoleArn:AWS_UNAUTH_ROLE_ARN
authRoleArn:AWS_AUTH_ROLE_ARN];
AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSWest1
credentialsProvider:credentialsProvider];
[AWSServiceManager defaultServiceManager].defaultServiceConfiguration = configuration;
而且我正在使用http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#create-an-identity-pool-that-supports-developer-authenticated-identities提供的模板來創建身份提供程序。
@implementation ZGAWSIdentityProvider
@synthesize identityPoolId=_identityPoolId;
@synthesize identityId=_identityId;
@synthesize token=_token;
- (BFTask *)getIdentityId {
// Should ensure that identityId property is valid. The below code can probably
// be used for most use cases.
if (self.identityId) {
return [BFTask taskWithResult:nil];
} else {
return [[BFTask taskWithResult:nil] continueWithBlock:^id(BFTask *task) {
if (!self.identityId) {
return [self refresh];
}
return nil;
}];
}
}
- (BFTask *)refresh {
BFTaskCompletionSource *task = [BFTaskCompletionSource taskCompletionSource];
__weak __typeof(self)weakSelf = self;
[[ZGAccountController sharedInstance] getAWSCredentialsWithCompletion:^(NSDictionary *credentials) {
if (credentials && [credentials objectForKey:@"identity_id"] && [credentials objectForKey:@"identity_id"]) {
__strong __typeof(weakSelf)strongSelf = weakSelf;
strongSelf.identityId = [credentials objectForKey:@"identity_id"];
strongSelf.token = [credentials objectForKey:@"token"];
[task setResult:nil];
} else {
NSError *error = [NSError errorWithDomain:@"com.##.##" code:-1 userInfo:nil];
[task setError:error];
}
}];
return task.task;
}
@end
這似乎是角色信任的問題。我使用亞馬遜網頁界面創建了身份池,並且雙重檢查身份池ID是否正確。我已經能夠成功上傳w未經身份驗證的身份,所以我認爲這不是角色權限問題。
可能有點偏離主題,但我想問一下爲什麼在'-getIdentityID'方法的'else'塊中返回[[BFTask ...];'而不是簡單的'return [self refresh ];'? – slava 2016-01-04 18:58:39