search

catnekaise / cognito-idpool-auth

Authenticate with Amazon Cognito Identity from GitHub Actions.
https://catnekaise.github.io
MIT License
2 stars 5 forks source link

Error: GetId operation: Invalid login token. Incorrect token audience. #7

Closed pgasiorowski closed 1 week ago

pgasiorowski commented 1 week ago

Following this blog post I set up Cognito Identity Pool and role for Basic AuthFlow: https://awsteele.com/blog/2023/10/25/aws-role-session-tags-for-github-actions.html

I also tried another workflow from catnekaise/cognito-idpool-basic-auth@alpha

The error I see is:

An error occurred (NotAuthorizedException) when calling the GetId operation: Invalid login token. Incorrect token audience.

Any idea what may be wrong. How can I troubleshoot it?

djonser commented 1 week ago

@pgasiorowski this action and the other has audience as an input parameter with default value cognito-identity.amazonaws.com.

If using this default audience the GitHub Actions identity provider in AWS IAM must be configured with this value as one of its audiences.

The screenshot below shows the GitHub Actions identity provider configured to enable using his action with its default audience value.

image
pgasiorowski commented 1 week ago

I will give it a try. Thank you sir!

pgasiorowski commented 1 week ago

Confirmed. That was the missing piece!

Thanks for sharing this 👍