我是 AWS 新手,所以请不要介意我的愚蠢问题
我正在开发一个项目,其中我有一个离子反应前端,用户可以使用 firebase 作为提供商登录 google,之后我想获得一个临时 aws 令牌,以便 clinet 可以访问 aws 服务。我正在使用 aws cognito 联合身份来执行此操作。我在创建身份池时已将 google 添加为
Authenticated identity sourcesNotAuthorizedException:登录令牌无效。发行人与提供商名称不匹配
这是我从客户端获得的访问令牌
eyJhbGciOiJSUzI1NiIsImtpZCI6ImYwOGU2ZTNmNzg4ZDYwMTk0MDA1ZGJiYzE5NDc0YmY5Mjg5ZDM5ZWEiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoiUGxlYXNlIElnbm9yZSIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS9BQ2c4b2NKU0ItZFNBS0loY2VGc2Z1OXdlUTgzWVdKZC12aUp6a0tHNDVKTEJPNTNlZVNYVEpRPXM5Ni1jIiwiaXNzIjoiaHR0cHM6Ly9zZWN1cmV0b2tlbi5nb29nbGUuY29tL2lieXRlc3QwMSIsImF1ZCI6ImlieXRlc3QwMSIsImF1dGhfdGltZSI6MTcxOTU5Mzg4MiwidXNlcl9pZCI6InIySVlFUFJPWnNhZDB5ZERQT0prN0ZyVW50ajEiLCJzdWIiOiJyMklZRVBST1pzYWQweWREUE9KazdGclVudGoxIiwiaWF0IjoxNzE5NTkzOTEwLCJleHAiOjE3MTk1OTc1MTAsImVtYWlsIjoieW95bzI5MjA2QGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7Imdvb2dsZS5jb20iOlsiMTEyNjIxOTY4ODI3MTYzMTA2MzU2Il0sImVtYWlsIjpbInlveW8yOTIwNkBnbWFpbC5jb20iXX0sInNpZ25faW5fcHJvdmlkZXIiOiJnb29nbGUuY29tIn19.OxrJvKCGi_cEuKjJEUhCwHqLx13Wq2lmKxqC1vvmORhhcPBnknukLVbjNpzjkozfow6j0zKtx07ydD1RRdD79dJ113DDtJeJjsrdKAACfe8m40ymF7Ytlk-oMHI-dltnkSIg6Gv3ZTcYmCTkAe5e6d86T49aSIysoYKRNjrl72L-UjufW_Ozf7lTXOd6d5i4uNdEvcBCui78IY8CpQ3LTKgtSteR1xtEH0hP1TlFJwdrC3u0bY0j2sj2PZYYFlOpeVK3IzEgIIfx6GjXyx77aFHFJtSPiBxXcC1qyUncysIj9ZeNIM4Qc2431OOhpg7-3VkH5p8Lmz0U324I5QAxWQ
这是我当前正在使用的nodejs、express 后端中的代码
我这里只添加了相关代码
const AWS = require("aws-sdk");
AWS.config.update({
region: "ap-southeast-2",
accessKeyId: process.env.accessKeyId,
secretAccessKey: process.env.secretAccessKey,
});
const { idToken } = req.body;
const params = {
IdentityPoolId: "ap-southeast-2:xxxx-xxxx-xxxx-xxxx-xxxx",
Logins: {
"accounts.google.com": idToken,
},
};
await new Promise((resolve, reject) => {
AWS.config.region = "ap-southeast-2";
AWS.config.credentials = new AWS.CognitoIdentityCredentials(params);
AWS.config.credentials.refresh((err) => {
if (err) {
console.log("err", err);
reject(err);
} else {
console.log("credentials", AWS.config.credentials);
resolve(AWS.config.credentials);
}
});
});
res.json({
AccessKeyId: credentials.accessKeyId,
SecretAccessKey: credentials.secretAccessKey,
SessionToken: credentials.sessionToken,
Expiration: credentials.expiration,
});
所以任何人都可以帮我解决这个问题或提出相关问题,以便我可以解决这个问题,拜托😢😢
Google 登录按钮中的令牌是错误的令牌。 如果您想使用 Google 登录按钮 创建或登录用户,请使用 signInWithIDP Rest API 端点。这将自动创建一个用户。
https://cloud.google.com/identity-platform/docs/reference/rest/v1/accounts/signInWithIdp
import functions from '@google-cloud/functions-framework'
import {OAuth2Client} from 'google-auth-library'
import axios from 'axios'
const client = new OAuth2Client();
functions.http('auth', async (req, res) => {
try {
res.set('Access-Control-Allow-Origin', '*');
if (req.method === 'OPTIONS') {
res.set('Access-Control-Allow-Methods', 'POST, OPTIONS');
res.set('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept');
res.set('Access-Control-Max-Age', '3600');
res.status(204).send('');
} else {
const { action, token } = req.body
switch (action) {
case 'GOOGLE_AUTH':
let payload = null
await client.verifyIdToken({
idToken: token,
audience: '150058109548-uql0ee1csjb2jvhdfsbrevu4qtkv1k6o.apps.googleusercontent.com',
})
console.log(req.body)
console.log(process.env.apikey)
let { data } = await axios({
method: 'post',
timeout: 30000,
url: `https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=${process.env.apikey}`,
data: {
tenantId: 'Users-men7z',
postBody: `id_token=${token}&providerId=google.com`,
returnSecureToken: true,
requestUri: 'http://localhost:3000'
}
})
res.status(200).send(data)
default:
res.status(400).send('Not Found')
}
}
}
catch(error){
console.error(error)
res.status(500).send(error.message)
}
});