Closed jrdavenport closed 1 month ago
aBurmeseDev
commented
1 year ago Hi @jrdavenport - thanks for reaching out. I wasn't able to reproduce the same behavior. Could you share your debug logs from both commands by adding --debug to them? That would give us more insight into it.
github-actions[bot]
commented
1 year ago Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.
jrdavenport
commented
1 year ago Hi,
My concern is that there is no explicit AllowClassicFlow property for the identityPool if no [--allow-classic-flow | --no-allow-classic-flow] option is provided when the pool is created. The get-open-id-token operation only seems to be denied if there is an explicit AllowClassicFlow = false property, whereas it feels like it would be more sensible to only allow the operation if AllowClassicFlow is explicitly true.
Here's the commands with debug that allows the get-open-id-token to operate without an explicit AllowClassicFlow = true setting.
aws cognito-identity create-identity-pool --identity-pool-name TestPool1 --allow-unauthenticated-identities --debug
// Debug logs:
2023-02-17 16:56:34,562 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64
2023-02-17 16:56:34,563 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cognito-identity', 'create-identity-pool', '--identity-pool-name', 'TestPool1', '--allow-unauthenticated-identities', '--profile=james-nonprod', '--debug']
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x7fe7d9895940>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x7fe7d95f01f0>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fe7d9590550>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fe7d959a550>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x7fe7d98a8310>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x7fe7d9738ca0>
2023-02-17 16:56:34,593 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2023-02-17 16:56:34,594 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x7fe7d989e550>
2023-02-17 16:56:34,594 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/data/cli.json
2023-02-17 16:56:34,596 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x7fe7d97eb670>
2023-02-17 16:56:34,596 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x7fe7d97f01f0>
2023-02-17 16:56:34,596 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x7fe7d97f0160>
2023-02-17 16:56:34,596 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x7fe7d97f0310>
2023-02-17 16:56:34,597 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x7fe7d97f0280>
2023-02-17 16:56:34,597 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x7fe7d9943140>
2023-02-17 16:56:34,597 - MainThread - botocore.session - DEBUG - Setting config variable for profile to 'james-nonprod'
2023-02-17 16:56:34,598 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off
2023-02-17 16:56:34,598 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cognito-identity', 'create-identity-pool', '--identity-pool-name', 'TestPool1', '--allow-unauthenticated-identities', '--profile=james-nonprod', '--debug']
2023-02-17 16:56:34,598 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x7fe7d9895f70>
2023-02-17 16:56:34,598 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x7fe7d931b790>
2023-02-17 16:56:34,598 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x7fe7d9905430>
2023-02-17 16:56:34,599 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x7fe7d9314b80>
2023-02-17 16:56:34,599 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7fe7d9387310>
2023-02-17 16:56:34,601 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2023-02-17 16:56:34,614 - MainThread - botocore.credentials - DEBUG - Skipping environment variable credential check because profile name was explicitly set.
2023-02-17 16:56:34,614 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x7fe7d9738b80>
2023-02-17 16:56:34,614 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x7fe7d95ee0d0>
2023-02-17 16:56:34,647 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json
2023-02-17 16:56:34,651 - MainThread - botocore.hooks - DEBUG - Event building-command-table.cognito-identity: calling handler <function add_waiters at 0x7fe7d989e550>
2023-02-17 16:56:34,675 - MainThread - awscli.clidriver - DEBUG - OrderedDict([('identity-pool-name', <awscli.arguments.CLIArgument object at 0x7fe7d9a56b20>), ('allow-unauthenticated-identities', <awscli.arguments.BooleanArgument object at 0x7fe7d9a56af0>), ('no-allow-unauthenticated-identities', <awscli.arguments.BooleanArgument object at 0x7fe7d9a56d00>), ('allow-classic-flow', <awscli.arguments.BooleanArgument object at 0x7fe7d9a56d30>), ('no-allow-classic-flow', <awscli.arguments.BooleanArgument object at 0x7fe7d9a56d90>), ('supported-login-providers', <awscli.arguments.CLIArgument object at 0x7fe7d9a56dc0>), ('developer-provider-name', <awscli.arguments.CLIArgument object at 0x7fe7d9a56d60>), ('open-id-connect-provider-arns', <awscli.arguments.ListArgument object at 0x7fe7d9a56df0>), ('cognito-identity-providers', <awscli.arguments.ListArgument object at 0x7fe7d9a56e20>), ('saml-provider-arns', <awscli.arguments.ListArgument object at 0x7fe7d9a56e50>), ('identity-pool-tags', <awscli.arguments.CLIArgument object at 0x7fe7d9a56e80>)])
2023-02-17 16:56:34,675 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.create-identity-pool: calling handler <function add_streaming_output_arg at 0x7fe7d9898280>
2023-02-17 16:56:34,675 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.create-identity-pool: calling handler <function add_cli_input_json at 0x7fe7d9387af0>
2023-02-17 16:56:34,675 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.create-identity-pool: calling handler <function add_cli_input_yaml at 0x7fe7d9387d30>
2023-02-17 16:56:34,676 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.create-identity-pool: calling handler <function unify_paging_params at 0x7fe7d95f0700>
2023-02-17 16:56:34,709 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/cognito-identity/2014-06-30/paginators-1.json
2023-02-17 16:56:34,710 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.create-identity-pool: calling handler <function add_generate_skeleton at 0x7fe7d97dfc10>
2023-02-17 16:56:34,710 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.create-identity-pool: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7fe7d9a56f70>>
2023-02-17 16:56:34,710 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.create-identity-pool: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7fe7d9a56fa0>>
2023-02-17 16:56:34,710 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.create-identity-pool: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7fe7d9a56fd0>>
2023-02-17 16:56:34,711 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.identity-pool-name: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,711 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.cognito-identity.create-identity-pool: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7fe7d9342b20>
2023-02-17 16:56:34,712 - MainThread - awscli.arguments - DEBUG - Unpacked value of 'TestPool1' for parameter "identity_pool_name": 'TestPool1'
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.allow-unauthenticated-identities: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.allow-classic-flow: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.supported-login-providers: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.developer-provider-name: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.open-id-connect-provider-arns: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.cognito-identity-providers: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.saml-provider-arns: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.identity-pool-tags: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.cli-input-yaml: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.create-identity-pool.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fe7d998bbb0>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.create-identity-pool: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7fe7d9a56f70>>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.create-identity-pool: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7fe7d9a56fa0>>
2023-02-17 16:56:34,712 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.create-identity-pool: calling handler <bound method GenerateCliSkeletonArgument.generate_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7fe7d9a56fd0>>
2023-02-17 16:56:34,713 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2023-02-17 16:56:34,713 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2023-02-17 16:56:34,713 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2023-02-17 16:56:34,713 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2023-02-17 16:56:34,714 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2023-02-17 16:56:34,715 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/endpoints.json
2023-02-17 16:56:34,728 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x7fe7d88b1430>
2023-02-17 16:56:34,729 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.cognito-identity: calling handler <function add_generate_presigned_url at 0x7fe7d8835c10>
2023-02-17 16:56:34,735 - MainThread - botocore.endpoint - DEBUG - Setting cognito-identity timeout as (60, 60)
2023-02-17 16:56:34,736 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.cognito-identity.CreateIdentityPool: calling handler <function base64_decode_input_blobs at 0x7fe7d9905b80>
2023-02-17 16:56:34,736 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.cognito-identity.CreateIdentityPool: calling handler <function generate_idempotent_uuid at 0x7fe7d88cb430>
2023-02-17 16:56:34,736 - MainThread - botocore.hooks - DEBUG - Event before-call.cognito-identity.CreateIdentityPool: calling handler <function inject_api_version_header_if_needed at 0x7fe7d88d0ca0>
2023-02-17 16:56:34,736 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=CreateIdentityPool) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'X-Amz-Target': 'AWSCognitoIdentityService.CreateIdentityPool', 'Content-Type': 'application/x-amz-json-1.1', 'User-Agent': 'aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off command/cognito-identity.create-identity-pool'}, 'body': b'{"IdentityPoolName": "TestPool1", "AllowUnauthenticatedIdentities": true}', 'url': 'https://cognito-identity.eu-west-1.amazonaws.com/', 'context': {'client_region': 'eu-west-1', 'client_config': <botocore.config.Config object at 0x7fe7d9ef77f0>, 'has_streaming_input': False, 'auth_type': None}}
2023-02-17 16:56:34,736 - MainThread - botocore.hooks - DEBUG - Event request-created.cognito-identity.CreateIdentityPool: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe7d9ef77c0>>
2023-02-17 16:56:34,736 - MainThread - botocore.hooks - DEBUG - Event choose-signer.cognito-identity.CreateIdentityPool: calling handler <function set_operation_specific_signer at 0x7fe7d88cb310>
2023-02-17 16:56:34,737 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2023-02-17 16:56:34,737 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/
content-type:application/x-amz-json-1.1
host:cognito-identity.eu-west-1.amazonaws.com
x-amz-date:20230217T165634Z
x-amz-target:AWSCognitoIdentityService.CreateIdentityPool
content-type;host;x-amz-date;x-amz-target
405a545c480099dfddf545c16bc5633c30c6bb49f60be7c4df3def94c7ac06d8
2023-02-17 16:56:34,737 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20230217T165634Z
20230217/eu-west-1/cognito-identity/aws4_request
8117714761b577739e81eae9512d23838152d3be036ba91538afe7c904edea2e
2023-02-17 16:56:34,737 - MainThread - botocore.auth - DEBUG - Signature:
4c475e970d2f32fa8c7059a894c8f39021f4be3eef9a1a422c58b75ac2001df0
2023-02-17 16:56:34,737 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://cognito-identity.eu-west-1.amazonaws.com/, headers={'X-Amz-Target': b'AWSCognitoIdentityService.CreateIdentityPool', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off command/cognito-identity.create-identity-pool', 'X-Amz-Date': b'20230217T165634Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIATVFBC2TD35NMVGXV/20230217/eu-west-1/cognito-identity/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=4c475e970d2f32fa8c7059a894c8f39021f4be3eef9a1a422c58b75ac2001df0', 'Content-Length': '73'}>
2023-02-17 16:56:34,739 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-02-17 16:56:34,739 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): cognito-identity.eu-west-1.amazonaws.com:443
2023-02-17 16:56:34,879 - MainThread - urllib3.connectionpool - DEBUG - https://cognito-identity.eu-west-1.amazonaws.com:443 "POST / HTTP/1.1" 200 158
2023-02-17 16:56:34,879 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Fri, 17 Feb 2023 16:56:35 GMT', 'Content-Type': 'application/x-amz-json-1.1', 'Content-Length': '158', 'Connection': 'keep-alive', 'x-amzn-RequestId': '81983574-6346-4aff-9c6c-82f7639dd84a', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'}
2023-02-17 16:56:34,879 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"AllowUnauthenticatedIdentities":true,"IdentityPoolId":"eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576","IdentityPoolName":"TestPool1","IdentityPoolTags":{}}'
2023-02-17 16:56:34,879 - MainThread - botocore.hooks - DEBUG - Event needs-retry.cognito-identity.CreateIdentityPool: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7fe7d9f3b1c0>>
2023-02-17 16:56:34,880 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-02-17 16:56:34,880 - MainThread - botocore.hooks - DEBUG - Event after-call.cognito-identity.CreateIdentityPool: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7fe7d9ef7c10>>
2023-02-17 16:56:34,880 - MainThread - awscli.formatter - DEBUG - RequestId: 81983574-6346-4aff-9c6c-82f7639dd84a
// Response:
{
"IdentityPoolId": "eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576",
"IdentityPoolName": "TestPool1",
"AllowUnauthenticatedIdentities": true,
"IdentityPoolTags": {}
}
aws cognito-identity get-id --identity-pool-id eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576 --debug
// Debug logs:
2023-02-17 16:57:53,534 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64
2023-02-17 16:57:53,534 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cognito-identity', 'get-id', '--identity-pool-id', 'eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576', '--profile=james-nonprod', '--debug']
2023-02-17 16:57:53,562 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x7fca63095940>
2023-02-17 16:57:53,562 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x7fca61ef01f0>
2023-02-17 16:57:53,562 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2023-02-17 16:57:53,562 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fca61e90550>
2023-02-17 16:57:53,562 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fca61e9a550>
2023-02-17 16:57:53,562 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x7fca630a9310>
2023-02-17 16:57:53,563 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x7fca61f38ca0>
2023-02-17 16:57:53,563 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2023-02-17 16:57:53,563 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x7fca6309e550>
2023-02-17 16:57:53,563 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/data/cli.json
2023-02-17 16:57:53,566 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x7fca61feb670>
2023-02-17 16:57:53,566 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x7fca61ff01f0>
2023-02-17 16:57:53,566 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x7fca61ff0160>
2023-02-17 16:57:53,566 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x7fca61ff0310>
2023-02-17 16:57:53,566 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x7fca61ff0280>
2023-02-17 16:57:53,566 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x7fca63143300>
2023-02-17 16:57:53,566 - MainThread - botocore.session - DEBUG - Setting config variable for profile to 'james-nonprod'
2023-02-17 16:57:53,566 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off
2023-02-17 16:57:53,566 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cognito-identity', 'get-id', '--identity-pool-id', 'eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576', '--profile=james-nonprod', '--debug']
2023-02-17 16:57:53,567 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x7fca63095f70>
2023-02-17 16:57:53,567 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x7fca61c1b790>
2023-02-17 16:57:53,567 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x7fca63105430>
2023-02-17 16:57:53,567 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x7fca61c14b80>
2023-02-17 16:57:53,567 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7fca61c87310>
2023-02-17 16:57:53,579 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2023-02-17 16:57:53,586 - MainThread - botocore.credentials - DEBUG - Skipping environment variable credential check because profile name was explicitly set.
2023-02-17 16:57:53,586 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x7fca61f38b80>
2023-02-17 16:57:53,586 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x7fca61eee0d0>
2023-02-17 16:57:53,612 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json
2023-02-17 16:57:53,618 - MainThread - botocore.hooks - DEBUG - Event building-command-table.cognito-identity: calling handler <function add_waiters at 0x7fca6309e550>
2023-02-17 16:57:53,643 - MainThread - awscli.clidriver - DEBUG - OrderedDict([('account-id', <awscli.arguments.CLIArgument object at 0x7fca63244c70>), ('identity-pool-id', <awscli.arguments.CLIArgument object at 0x7fca63244ca0>), ('logins', <awscli.arguments.CLIArgument object at 0x7fca63244cd0>)])
2023-02-17 16:57:53,643 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-id: calling handler <function add_streaming_output_arg at 0x7fca63098280>
2023-02-17 16:57:53,643 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-id: calling handler <function add_cli_input_json at 0x7fca61c87af0>
2023-02-17 16:57:53,643 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-id: calling handler <function add_cli_input_yaml at 0x7fca61c87d30>
2023-02-17 16:57:53,644 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-id: calling handler <function unify_paging_params at 0x7fca61ef0700>
2023-02-17 16:57:53,669 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/cognito-identity/2014-06-30/paginators-1.json
2023-02-17 16:57:53,669 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-id: calling handler <function add_generate_skeleton at 0x7fca61fdfc10>
2023-02-17 16:57:53,670 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.get-id: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7fca63244b20>>
2023-02-17 16:57:53,670 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.get-id: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7fca63244d30>>
2023-02-17 16:57:53,670 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.get-id: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7fca63244dc0>>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-id.account-id: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fca6318ce20>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-id.identity-pool-id: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fca6318ce20>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.cognito-identity.get-id: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7fca61c42b50>
2023-02-17 16:57:53,671 - MainThread - awscli.arguments - DEBUG - Unpacked value of 'eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576' for parameter "identity_pool_id": 'eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576'
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-id.logins: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fca6318ce20>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-id.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fca6318ce20>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-id.cli-input-yaml: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fca6318ce20>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-id.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fca6318ce20>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.get-id: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7fca63244b20>>
2023-02-17 16:57:53,671 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.get-id: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7fca63244d30>>
2023-02-17 16:57:53,672 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.get-id: calling handler <bound method GenerateCliSkeletonArgument.generate_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7fca63244dc0>>
2023-02-17 16:57:53,672 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2023-02-17 16:57:53,672 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2023-02-17 16:57:53,672 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2023-02-17 16:57:53,672 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2023-02-17 16:57:53,673 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2023-02-17 16:57:53,674 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/endpoints.json
2023-02-17 16:57:53,688 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x7fca5feb1430>
2023-02-17 16:57:53,689 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.cognito-identity: calling handler <function add_generate_presigned_url at 0x7fca5fe35c10>
2023-02-17 16:57:53,702 - MainThread - botocore.endpoint - DEBUG - Setting cognito-identity timeout as (60, 60)
2023-02-17 16:57:53,702 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.cognito-identity.GetId: calling handler <function base64_decode_input_blobs at 0x7fca63105b80>
2023-02-17 16:57:53,703 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.cognito-identity.GetId: calling handler <function generate_idempotent_uuid at 0x7fca5fecb430>
2023-02-17 16:57:53,703 - MainThread - botocore.hooks - DEBUG - Event before-call.cognito-identity.GetId: calling handler <function inject_api_version_header_if_needed at 0x7fca5fed0ca0>
2023-02-17 16:57:53,703 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=GetId) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'X-Amz-Target': 'AWSCognitoIdentityService.GetId', 'Content-Type': 'application/x-amz-json-1.1', 'User-Agent': 'aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off command/cognito-identity.get-id'}, 'body': b'{"IdentityPoolId": "eu-west-1:86e4abe2-df1c-45dd-9dc3-9bc279b0b576"}', 'url': 'https://cognito-identity.eu-west-1.amazonaws.com/', 'context': {'client_region': 'eu-west-1', 'client_config': <botocore.config.Config object at 0x7fca636e1400>, 'has_streaming_input': False, 'auth_type': 'none'}}
2023-02-17 16:57:53,703 - MainThread - botocore.hooks - DEBUG - Event request-created.cognito-identity.GetId: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fca636e13d0>>
2023-02-17 16:57:53,703 - MainThread - botocore.hooks - DEBUG - Event choose-signer.cognito-identity.GetId: calling handler <function disable_signing at 0x7fca5fecb8b0>
2023-02-17 16:57:53,703 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://cognito-identity.eu-west-1.amazonaws.com/, headers={'X-Amz-Target': b'AWSCognitoIdentityService.GetId', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off command/cognito-identity.get-id', 'Content-Length': '68'}>
2023-02-17 16:57:53,704 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-02-17 16:57:53,704 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): cognito-identity.eu-west-1.amazonaws.com:443
2023-02-17 16:57:53,809 - MainThread - urllib3.connectionpool - DEBUG - https://cognito-identity.eu-west-1.amazonaws.com:443 "POST / HTTP/1.1" 200 63
2023-02-17 16:57:53,809 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Fri, 17 Feb 2023 16:57:53 GMT', 'Content-Type': 'application/x-amz-json-1.1', 'Content-Length': '63', 'Connection': 'keep-alive', 'x-amzn-RequestId': 'af0d58d7-ecc5-4b03-a688-6ba1428d628a', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'}
2023-02-17 16:57:53,810 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"IdentityId":"eu-west-1:59e4d322-7249-4f52-b030-4076938f390c"}'
2023-02-17 16:57:53,810 - MainThread - botocore.hooks - DEBUG - Event needs-retry.cognito-identity.GetId: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7fca636e1d90>>
2023-02-17 16:57:53,810 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-02-17 16:57:53,810 - MainThread - botocore.hooks - DEBUG - Event after-call.cognito-identity.GetId: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7fca636e1820>>
2023-02-17 16:57:53,810 - MainThread - awscli.formatter - DEBUG - RequestId: af0d58d7-ecc5-4b03-a688-6ba1428d628a
// Response:
{
"IdentityId": "eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe"
}
aws cognito-identity get-open-id-token --identity-id eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe --debug
// Debug logs:
2023-02-17 17:00:22,748 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64
2023-02-17 17:00:22,749 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cognito-identity', 'get-open-id-token', '--identity-id', 'eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe', '--profile=james-nonprod', '--debug']
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x7fc1eb7d5940>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x7fc1eb4f11f0>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fc1eb491550>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fc1eb49b550>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x7fc1eb7e8310>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x7fc1eb53aca0>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2023-02-17 17:00:22,774 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x7fc1eb7de550>
2023-02-17 17:00:22,775 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/data/cli.json
2023-02-17 17:00:22,777 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x7fc1eb72b670>
2023-02-17 17:00:22,777 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x7fc1eb7301f0>
2023-02-17 17:00:22,777 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x7fc1eb730160>
2023-02-17 17:00:22,777 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x7fc1eb730310>
2023-02-17 17:00:22,777 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x7fc1eb730280>
2023-02-17 17:00:22,777 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x7fc1ec183340>
2023-02-17 17:00:22,777 - MainThread - botocore.session - DEBUG - Setting config variable for profile to 'james-nonprod'
2023-02-17 17:00:22,778 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off
2023-02-17 17:00:22,778 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['cognito-identity', 'get-open-id-token', '--identity-id', 'eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe', '--profile=james-nonprod', '--debug']
2023-02-17 17:00:22,778 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x7fc1eb7d5f70>
2023-02-17 17:00:22,778 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x7fc1eb21c790>
2023-02-17 17:00:22,778 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x7fc1ec145430>
2023-02-17 17:00:22,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x7fc1eb215b80>
2023-02-17 17:00:22,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7fc1eb288310>
2023-02-17 17:00:22,780 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2023-02-17 17:00:22,787 - MainThread - botocore.credentials - DEBUG - Skipping environment variable credential check because profile name was explicitly set.
2023-02-17 17:00:22,787 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x7fc1eb53ab80>
2023-02-17 17:00:22,787 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x7fc1eb4ef0d0>
2023-02-17 17:00:22,813 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/cognito-identity/2014-06-30/service-2.json
2023-02-17 17:00:22,818 - MainThread - botocore.hooks - DEBUG - Event building-command-table.cognito-identity: calling handler <function add_waiters at 0x7fc1eb7de550>
2023-02-17 17:00:22,844 - MainThread - awscli.clidriver - DEBUG - OrderedDict([('identity-id', <awscli.arguments.CLIArgument object at 0x7fc1ec261c40>), ('logins', <awscli.arguments.CLIArgument object at 0x7fc1ec261c70>)])
2023-02-17 17:00:22,844 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-open-id-token: calling handler <function add_streaming_output_arg at 0x7fc1eb7d8280>
2023-02-17 17:00:22,844 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-open-id-token: calling handler <function add_cli_input_json at 0x7fc1eb288af0>
2023-02-17 17:00:22,844 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-open-id-token: calling handler <function add_cli_input_yaml at 0x7fc1eb288d30>
2023-02-17 17:00:22,844 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-open-id-token: calling handler <function unify_paging_params at 0x7fc1eb4f1700>
2023-02-17 17:00:22,870 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/cognito-identity/2014-06-30/paginators-1.json
2023-02-17 17:00:22,870 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.cognito-identity.get-open-id-token: calling handler <function add_generate_skeleton at 0x7fc1eb71ec10>
2023-02-17 17:00:22,871 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.get-open-id-token: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7fc1ec261b80>>
2023-02-17 17:00:22,871 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.get-open-id-token: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7fc1ec261b50>>
2023-02-17 17:00:22,871 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.cognito-identity.get-open-id-token: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7fc1ec261d60>>
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-open-id-token.identity-id: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc1ec1cce20>
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.cognito-identity.get-open-id-token: calling handler <awscli.argprocess.ParamShorthandParser object at 0x7fc1eb242b50>
2023-02-17 17:00:22,872 - MainThread - awscli.arguments - DEBUG - Unpacked value of 'eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe' for parameter "identity_id": 'eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe'
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-open-id-token.logins: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc1ec1cce20>
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-open-id-token.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc1ec1cce20>
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-open-id-token.cli-input-yaml: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc1ec1cce20>
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.cognito-identity.get-open-id-token.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x7fc1ec1cce20>
2023-02-17 17:00:22,872 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.get-open-id-token: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputJSONArgument object at 0x7fc1ec261b80>>
2023-02-17 17:00:22,873 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.get-open-id-token: calling handler <bound method CliInputArgument.add_to_call_parameters of <awscli.customizations.cliinput.CliInputYAMLArgument object at 0x7fc1ec261b50>>
2023-02-17 17:00:22,873 - MainThread - botocore.hooks - DEBUG - Event calling-command.cognito-identity.get-open-id-token: calling handler <bound method GenerateCliSkeletonArgument.generate_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7fc1ec261d60>>
2023-02-17 17:00:22,873 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2023-02-17 17:00:22,873 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2023-02-17 17:00:22,873 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2023-02-17 17:00:22,873 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2023-02-17 17:00:22,874 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2023-02-17 17:00:22,875 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/aws-cli/awscli/botocore/data/endpoints.json
2023-02-17 17:00:22,888 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x7fc1ea8f1430>
2023-02-17 17:00:22,889 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.cognito-identity: calling handler <function add_generate_presigned_url at 0x7fc1ea875c10>
2023-02-17 17:00:22,896 - MainThread - botocore.endpoint - DEBUG - Setting cognito-identity timeout as (60, 60)
2023-02-17 17:00:22,897 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.cognito-identity.GetOpenIdToken: calling handler <function base64_decode_input_blobs at 0x7fc1ec145b80>
2023-02-17 17:00:22,897 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.cognito-identity.GetOpenIdToken: calling handler <function generate_idempotent_uuid at 0x7fc1ea90b430>
2023-02-17 17:00:22,897 - MainThread - botocore.hooks - DEBUG - Event before-call.cognito-identity.GetOpenIdToken: calling handler <function inject_api_version_header_if_needed at 0x7fc1ea910ca0>
2023-02-17 17:00:22,897 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=GetOpenIdToken) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'X-Amz-Target': 'AWSCognitoIdentityService.GetOpenIdToken', 'Content-Type': 'application/x-amz-json-1.1', 'User-Agent': 'aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off command/cognito-identity.get-open-id-token'}, 'body': b'{"IdentityId": "eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe"}', 'url': 'https://cognito-identity.eu-west-1.amazonaws.com/', 'context': {'client_region': 'eu-west-1', 'client_config': <botocore.config.Config object at 0x7fc1ec7fe370>, 'has_streaming_input': False, 'auth_type': 'none'}}
2023-02-17 17:00:22,897 - MainThread - botocore.hooks - DEBUG - Event request-created.cognito-identity.GetOpenIdToken: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fc1ec7fe340>>
2023-02-17 17:00:22,897 - MainThread - botocore.hooks - DEBUG - Event choose-signer.cognito-identity.GetOpenIdToken: calling handler <function disable_signing at 0x7fc1ea90b8b0>
2023-02-17 17:00:22,897 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://cognito-identity.eu-west-1.amazonaws.com/, headers={'X-Amz-Target': b'AWSCognitoIdentityService.GetOpenIdToken', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'aws-cli/2.7.4 Python/3.9.11 Darwin/22.3.0 exe/x86_64 prompt/off command/cognito-identity.get-open-id-token', 'Content-Length': '64'}>
2023-02-17 17:00:22,898 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-02-17 17:00:22,898 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): cognito-identity.eu-west-1.amazonaws.com:443
2023-02-17 17:00:23,000 - MainThread - urllib3.connectionpool - DEBUG - https://cognito-identity.eu-west-1.amazonaws.com:443 "POST / HTTP/1.1" 200 996
2023-02-17 17:00:23,001 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Fri, 17 Feb 2023 17:00:23 GMT', 'Content-Type': 'application/x-amz-json-1.1', 'Content-Length': '996', 'Connection': 'keep-alive', 'x-amzn-RequestId': 'bf033889-84cf-499f-ae61-aed84d6bbe34', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'}
2023-02-17 17:00:23,001 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"IdentityId":"eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe","Token":"eyJraWQiOiJldS13ZXN0LTEzIiwidHlwIjoiSldTIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJldS13ZXN0LTE6ODlmMDRhY2QtMTc2NS00N2E0LWIwNTMtZmFhNWZlNjQxZmJlIiwiYXVkIjoiZXUtd2VzdC0xOjg2ZTRhYmUyLWRmMWMtNDVkZC05ZGMzLTliYzI3OWIwYjU3NiIsImFtciI6WyJ1bmF1dGhlbnRpY2F0ZWQiXSwiaXNzIjoiaHR0cHM6Ly9jb2duaXRvLWlkZW50aXR5LmFtYXpvbmF3cy5jb20iLCJodHRwczovL2NvZ25pdG8taWRlbnRpdHkuYW1hem9uYXdzLmNvbS9pZGVudGl0eS1wb29sLWFybiI6ImFybjphd3M6Y29nbml0by1pZGVudGl0eTpldS13ZXN0LTE6MjUxNTkzNDEzODMxOmlkZW50aXR5cG9vbC9ldS13ZXN0LTE6ODZlNGFiZTItZGYxYy00NWRkLTlkYzMtOWJjMjc5YjBiNTc2IiwiZXhwIjoxNjc2NjUzODIzLCJpYXQiOjE2NzY2NTMyMjN9.PbwoojHZRDPi-iW_sATvF_Aciq9xssR1wQ7TGMB26xDHIMu44_c9gH7RkP6fU-jxA1ljQQTvQVeGyz__9g_qclPxnKaA6BpUgpLWrkzphhj9MS6shHu-_TEo4irRPwKTSOJ7dsNKUDz5ElWQBjG_zB51KtoLkITdF9UMcc_HEyxyQuyJatrTmLa3zLoLEAoT5L1KhexGwghJv7fv90D21QgU3jCP3heI_DiW9IXTnTmdI8ZOot7pmjLZfWHWzYw27V5LSPaSfoOHxkwtfon87hCBsa_0nMgNSZuy-K7RCrCji5nnoQUSs5ui9vJm7H6yA2erTKhLbP3ebRZUTiJ52w"}'
2023-02-17 17:00:23,001 - MainThread - botocore.hooks - DEBUG - Event needs-retry.cognito-identity.GetOpenIdToken: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7fc1ec7fed00>>
2023-02-17 17:00:23,001 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-02-17 17:00:23,001 - MainThread - botocore.hooks - DEBUG - Event after-call.cognito-identity.GetOpenIdToken: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7fc1ec7fe790>>
2023-02-17 17:00:23,002 - MainThread - awscli.formatter - DEBUG - RequestId: bf033889-84cf-499f-ae61-aed84d6bbe34
// Response:
{
"IdentityId": "eu-west-1:89f04acd-1765-47a4-b053-faa5fe641fbe",
"Token": "eyJraWQiOiJldS13ZXN0LTEzIiwidHlwIjoiSldTIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJldS13ZXN0LTE6ODlmMDRhY2QtMTc2NS00N2E0LWIwNTMtZmFhNWZlNjQxZmJlIiwiYXVkIjoiZXUtd2VzdC0xOjg2ZTRhYmUyLWRmMWMtNDVkZC05ZGMzLTliYzI3OWIwYjU3NiIsImFtciI6WyJ1bmF1dGhlbnRpY2F0ZWQiXSwiaXNzIjoiaHR0cHM6Ly9jb2duaXRvLWlkZW50aXR5LmFtYXpvbmF3cy5jb20iLCJodHRwczovL2NvZ25pdG8taWRlbnRpdHkuYW1hem9uYXdzLmNvbS9pZGVudGl0eS1wb29sLWFybiI6ImFybjphd3M6Y29nbml0by1pZGVudGl0eTpldS13ZXN0LTE6MjUxNTkzNDEzODMxOmlkZW50aXR5cG9vbC9ldS13ZXN0LTE6ODZlNGFiZTItZGYxYy00NWRkLTlkYzMtOWJjMjc5YjBiNTc2IiwiZXhwIjoxNjc2NjUzODIzLCJpYXQiOjE2NzY2NTMyMjN9.PbwoojHZRDPi-iW_sATvF_Aciq9xssR1wQ7TGMB26xDHIMu44_c9gH7RkP6fU-jxA1ljQQTvQVeGyz__9g_qclPxnKaA6BpUgpLWrkzphhj9MS6shHu-_TEo4irRPwKTSOJ7dsNKUDz5ElWQBjG_zB51KtoLkITdF9UMcc_HEyxyQuyJatrTmLa3zLoLEAoT5L1KhexGwghJv7fv90D21QgU3jCP3heI_DiW9IXTnTmdI8ZOot7pmjLZfWHWzYw27V5LSPaSfoOHxkwtfon87hCBsa_0nMgNSZuy-K7RCrCji5nnoQUSs5ui9vJm7H6yA2erTKhLbP3ebRZUTiJ52w"
}Sorry for the long silence here. The expected behavior should be that, if the AllowClassicFlow value is not explicitly set during the create-identity-pool operation, the classic flow should be disabled by default, and the get-open-id-token operation should return an error similar to when AllowClassicFlow is explicitly set to false.
When creating new Cognito Identity pools, can you try setting the --allow-classic-flow or --no-allow-classic-flow flag to ensure that the behavior is predictable and consistent with your requirements?
github-actions[bot]
commented
1 month ago Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.
Describe the bug
It is possible to create identity-pools with no
AllowClassicFlowvalue as the[--allow-classic-flow | --no-allow-classic-flow]flags are optional forcreate-identity-pool.if an identity's parent pool has
AllowClassicFlow = false,get-open-id-tokenwill return the below error as expected:However if a pool is created without an explicit
AllowClassicFlowvalue,get-open-id-tokenwill allow the operation and return a token.Expected Behavior
get-open-id-tokenshould not allow a token to be generated if an explicitAllowClassicFlow = trueis not configured on the parent pool.Current Behavior
get-open-id-tokenallows a token to be generated if no explicitAllowClassicFlowvalue is configured on the parent pool.Reproduction Steps
behaviour with no explicit
AllowClassicFlowvalue:Comparison of behaviour with an explicit false:
An error occurred (InvalidParameterException) when calling the GetOpenIdToken operation: Basic (classic) flow is not enabled, please use enhanced flow.
Possible Solution
Only allow a token to be returned if an explicit
AllowClassicFlow = trueis configured on the parent pool.Additional Information/Context
No response
CLI version used
aws-cli/2.7.4 Python/3.9.11 Darwin/21.6.0 exe/x86_64 prompt/off
Environment details (OS name and version, etc.)
Mac OS, Montery