Closed ToddHoff closed 8 years ago
I believe you asked the same question on AWS forums. Will close this in favor of forum post.
I asked there because I really need an answer to make progress with this service. So it's not closed.
On Wed, Jun 22, 2016 at 12:28 AM, Chetan Mehta notifications@github.com wrote:
I believe you asked the same question on AWS forums. Will close this in favor of forum post.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
I have answered your question on the forum post and was hoping that we can continue the discussion there if needed. Basically, after configuring your credentials object with the token, you will need to make a call to obtain those credentials by calling refresh(). You can then put your call to S3 inside the callback.
AWS.config.credentials = new AWS.CognitoIdentityCredentials({...}); AWS.config.credentials.refresh(function(){ // Your S3 code here... });
Thanks! I never seem to get emails from amazon threads even though I'm watching them.
One thing, if this is necessary, shouldn't it be in the example code?
So I made the code change:
console.log("BEFORE AWSCognito.CognitoIdentityServiceProvider.CognitoUser"); var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { console.log('access token + ' + result.getAccessToken().getJwtToken());
var login_fldname = "cognito-idp.us-east-1.amazonaws.com/" +
login.userPoolId;
console.log("BEFORE new AWS.CognitoIdentityCredentials"); AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: login.identityPoolId, Logins : { login_fldname : result.getIdToken().getJwtToken() } }); console.log("BEFORE refresh"); AWS.config.credentials.refresh(function(err){ console.log(err); console.log("BEFORE new AWS.S3"); var s3 = new AWS.S3();
And I get this error from AWS.config.credentials.refresh(function(err):
pro.html:90 Error: Logins don't match. Please include at least one valid login for this identity or identity pool.(…)
It doesn't matter if I hard code the login to:
AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: login.identityPoolId, Logins : { "cognito-idp.us-east-1.amazonaws.com/us-east-1_P0RM3dXyy" : result.getIdToken().getJwtToken() } });
I'm not sure why the login is invalid, it's the same data that was used when registering the user and confirming the code. the AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool and AWSCognito.CognitoIdentityServiceProvider.CognitoUser calls.
One thing I've noticed that every time I run the authentication code I see the identity count in my federated identity pool increase. Is that correct?
thanks
On Wed, Jun 22, 2016 at 7:46 AM, Chetan Mehta notifications@github.com wrote:
I have answered your question on the forum post. Basically, after configuring your credentials object with the token, you will need to make a call to obtain those credentials by calling refresh(). You can then put your call to S3 inside the callback.
`AWS.config.credentials = new AWS.CognitoIdentityCredentials({...});
AWS.config.credentials.refresh(function(){ // Your S3 code here... });`
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/aws/amazon-cognito-identity-js/issues/68#issuecomment-227767456, or mute the thread https://github.com/notifications/unsubscribe/ABOgrtZukXWVffRXolWEchTBAiv1IfViks5qOUrWgaJpZM4I6QKJ .
Logins don't match. Please include at least one valid login for this identity or identity pool
error is thrown if your identity pool is not configured to support authentication providers and just supports unauthenticated access.
You can follow this guide to see the steps which can help you configure your federated identity pool with a user pool. Once this is done, you should not get this error.
Logins don't match. Please include at least one valid login for this identity or identity pool
error is thrown if your identity pool is not configured to support authentication providers and just supports unauthenticated access.
You can follow this guide to see the steps which can help you configure your federated identity pool with a user pool. Once this is done, you should not get this error.
Thanks, I selected cognito but didn't match it to a pool. I did so and in the federated identity dashboard I see a us-east-1_P0RM3dXyy
_2.6%_1
Now I get an error from the refresh call:
NotAuthorizedException: Invalid login token. Issuer doesn't match providerName
I rechecked all my ids and I looked up the error and didn't see anything obviously relevant.
It does give me a token:
access token + eyJraWQiOiJ5TnVsR3YrVHh6Nk9cL0xFcldNOWFNTjNyNzA5UzAzRlFYMTd6dUJIOXFHZz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJkNTkyMTFhOS0yNjMzLTQzMDAtODliMy1jYjQwNDMwZjBmZjAiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIiwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tXC91cy1lYXN0LTFfUDBSTTNkWHl5IiwiZXhwIjoxNDY2NzAzODA0LCJjbGllbnRfaWQiOiI2NzhvYnN0ZmR1dmlqbXVxOWdhOGh1Zzg4biIsInVzZXJuYW1lIjoiYW5uaWUifQ.Yd6ra8wR2Qkt07xrEs4RjiwKI7Wn1bj4XSurH4MtUYhhJptHOBoe2qioJWGoyz8PAtpeIJCAgqq_y8SSqxTnGnfNdfLylx9XEcqvbuETGCnMnjoDNOhXzp7jWpg0KmJyKnVhU5-LViON0T_2hrDGJ3VsqgLDb78pNmSiH6vHg7FatAlLMvfUYWMgTgVEezk66yLT7yM_ur0uZin0t1vxSqGs_EGyFZUE27eA2wbcQtI7EGON7yifnzAckpSQB3Vfk5ucq4_dLH9cMOmkcM1HeJYDu5pjI6y3yEGNKlOLwu7tWTspnNST2s0aMBfP4ssu04EckoirpxOUjZ9VXbZ4dg
The code:
var login = { region: "us-east-1", username: "xxx", password: "yyy", email: "user@gmail.com", identityPoolId: "us-east-1:d7dfdd6f-5a5e-43dd-abd6-7674606a8712", userPoolId: "us-east-1_P0RM3dXyy", clientId: "678obstfduvijmuq9ga8hug88n", }
function authenticateUser(login) { console.log("authenticateUser:" + JSON.stringify(login));
AWS.config.region = login.region, AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: login.identityPoolId, });
AWSCognito.config.region = login.region; AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: login.identityPoolId, });
var authenticationData = { Username : login.username, Password : login.password };
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData); var poolData = { UserPoolId : login.userPoolId, ClientId : login.clientId };
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData); var userData = { Username : login.username, Pool : userPool };
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
console.log('access token + ' +
result.getAccessToken().getJwtToken());
var login_fldname = "cognito-idp.us-east-1.amazonaws.com/" +
login.userPoolId;
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: login.identityPoolId,
Logins : {
login_fldname : result.getIdToken().getJwtToken()
}
});
console.log("BEFORE refresh");
AWS.config.credentials.refresh(function(err){
if (err) {
console.log("Refresh Error:" + err);
} else {
console.log("BEFORE new AWS.S3");
var s3 = new AWS.S3();
s3.listBuckets(function(err, data) {
if (err) { console.log("Error:", err); }
else {
for (var index in data.Buckets) {
var bucket = data.Buckets[index];
console.log("Bucket: ", bucket.Name, ' : ',
bucket.CreationDate); } } }) } }) }, onFailure: function(err) { alert("Error:" + err); }, });
}// authenticateUser
On Wed, Jun 22, 2016 at 2:43 PM, Chetan Mehta notifications@github.com wrote:
Reopened #68 https://github.com/aws/amazon-cognito-identity-js/issues/68 .
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/aws/amazon-cognito-identity-js/issues/68#event-701135591, or mute the thread https://github.com/notifications/unsubscribe/ABOgrkBz27aY7FUuglrBQVN6j-1xZNtUks5qOayNgaJpZM4I6QKJ .
This all looks fine and should work as expected. If this keeps failing for you, can you post a request id with the time stamp which got this error? It will help us debug this on the service side.
Credentials are no longer required since we are now making unauthenticated calls. Closing.
Wow... @ToddHoff did you ever get this resolved? I don't see a resolution posted and explained here or on your AWS forum thread. I am having the same exact issue. When I call "authenticateUser" I successfully get back all 3 tokens which are written to LocalStorage automatically. However when I try to call "get" or "refresh" on my credentials object I get: Invalid login token. Issuer doesn't match providerName
Here's some of the http headers from the response: Date:Wed, 14 Sep 2016 15:24:58 GMT x-amzn-ErrorMessage:Invalid login token. Issuer doesn't match providerName x-amzn-ErrorType:NotAuthorizedException: x-amzn-RequestId:65853701-7a8f-11e6-9dd6-635c717d3ebc
My client id, user pool id, and identity pool id are all set properly and verified.
@chetanme can I take you up on your offer to look into the service logs for my RequestId above?
I figured it out. Most people will want a central "config" location where they define values for their user pool id, identity pool id, client id, etc so they don't have to proliferate these hardcoded values throughout their code. However you can't use a variable value as a key when constructing your cognito credentials idp Logins map / dict.
In case anybody else is trying something similar.
Don't:
let loginsCognitoKey = 'cognito-idp.us-east-1.amazonaws.com/' + AppConfig.USER_POOL_ID;
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: AppConfig.IDENTITY_POOL_ID,
Logins: {
loginsCognitoKey: result.getIdToken().getJwtToken()
}
});
Do:
let loginsCognitoKey = 'cognito-idp.us-east-1.amazonaws.com/' + AppConfig.USER_POOL_ID;
let loginsIdpData = {};
loginsIdpData[loginsCognitoKey] = result.getIdToken().getJwtToken();
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: AppConfig.IDENTITY_POOL_ID,
Logins: loginsIdpData
});
I didn't notice this until I was inspecting the http request body that was being sent when trying to retrieve AWS creds. Would be nice if the cognito examples were updated with a little more real world examples using best practices of not proliferating hardcoded values throughout the code.
Thanks for the feedback. You can send a pull request to make it clear in the documentation how you need to construct your logins map.
Know this is closed but this should not be in the docs as it is simple JavaScript.
{ Logins: { loginsCognitoKey: result.getIdToken().getJwtToken() } }
Will always equate to a prop name of loginsCognitoKey.
Just do this:
` { Logins: {
} } `
I'm able to register a user and a confirm the code. Yay. Now I want to list some buckets in S3. The error I get in the console is: Error: Missing credentials in config
The token prints out and everything looks good until the s3.listBuckets call. Here's the code:
function authenticateUser(username, password, identityPoolId, userPoolId, clientId) {
AWS.config.region = 'us-east-1'; AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: identityPoolId, });
AWSCognito.config.region = 'us-east-1'; AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: identityPoolId, });
var authenticationData = { Username : username, Password : password };
console.log(authenticationData);
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData); var poolData = { UserPoolId : userPoolId, ClientId : clientId }; var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData); var userData = { Username : username, Pool : userPool }; var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { console.log('access token + ' + result.getAccessToken().getJwtToken());
});
}// authenticateUser
Is there something I'm doing wrong here?