我创建了一个Cognito用户池,用户可以在其中注册但不能再次登录。我尝试了许多不同的配置,例如禁用MFA,关闭对设备的记忆,因为我认为这可能导致此问题,但无济于事。
最奇怪的是,在本地(localhost:5000)正常工作。我可以创建帐户并登录,没有任何麻烦,但是当我尝试在我的站点https://example.com(托管在S3上)上进行登录时,会出现上述错误。如果我注册,实际上用户似乎也可以在Cognito中创建-这样就可以了,但是登录只能在本地进行,而不能在任何地方进行。
我对每个设置,环境变量,创建的用户池等进行了两次,三次检查。
错误
这是我尝试登录时抛出的模棱两可的错误:
{
__type: "NotAuthorizedException",
message: "Incorrect username or password."
}
预注册触发的lambda
我要先确认用户,然后再通过lambda进行注册:
import {INTERNAL_SERVER_ERROR} from 'http-status-codes';
export async function validateHumanViaSns(
event: CognitoUserPoolTriggerEvent,
context: Context,
callback: Callback
): Promise<CognitoUserPoolTriggerHandler> {
try {
event.response.autoConfirmUser = true;
callback(null, event);
return;
} catch (error) {
console.error(error);
callback(null, new Response(INTERNAL_SERVER_ERROR, {message: 'Something went wrong'}));
return;
}
}
package.json
我的客户正在使用最新的amplify-js库。
dependencies: {
"amplify": "1.1.19" // broken since 1.1.18
}
CloudFormation Cognito模板
UserPool:
Type: 'AWS::Cognito::UserPool'
Properties:
UserPoolName: myapp-${self:provider.stage}-user-pool
SmsVerificationMessage: 'Your verification code is {####}.'
AutoVerifiedAttributes:
- email
MfaConfiguration: 'OFF'
EmailVerificationSubject: 'Your MyApp verification code'
EmailVerificationMessage: 'Your MyApp verification code is {####}.'
SmsAuthenticationMessage: 'Your MyApp authentication code is {####}.'
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: false
- Name: email
AttributeDataType: String
Mutable: false
Required: false
- Name: phone_number
AttributeDataType: String
Mutable: true
Required: false
Policies:
PasswordPolicy:
RequireLowercase: true
RequireSymbols: false
RequireNumbers: true
MinimumLength: 8
RequireUppercase: true
AdminCreateUserConfig:
InviteMessageTemplate:
EmailMessage: 'Your MyApp username is {username} and temporary password is {####}.'
EmailSubject: 'Your temporary MyApp password'
SMSMessage: 'Your MyApp username is {username} and temporary password is {####}.'
UnusedAccountValidityDays: 7
AllowAdminCreateUserOnly: false
# Creates a User Pool Client to be used by the identity pool
UserPoolClient:
Type: 'AWS::Cognito::UserPoolClient'
Properties:
ClientName: myapp-${self:provider.stage}-web-client
GenerateSecret: false
UserPoolId:
Ref: UserPool
# Creates a federeated Identity pool
IdentityPool:
Type: 'AWS::Cognito::IdentityPool'
Properties:
IdentityPoolName: MyApp{self:provider.stage}Identity
AllowUnauthenticatedIdentities: true
CognitoIdentityProviders:
- ClientId:
Ref: UserPoolClient
ProviderName:
'Fn::GetAtt': [ UserPool, ProviderName ]
# Create a role for unauthorized access to AWS resources. Very limited access. Only allows users in the previously created Identity Pool
CognitoUnAuthorizedRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Federated: 'cognito-identity.amazonaws.com '
Action:
- 'sts:AssumeRoleWithWebIdentity'
Condition:
StringEquals:
'cognito-identity.amazonaws.com :aud':
Ref: IdentityPool
'ForAnyValue:StringLike':
'cognito-identity.amazonaws.com :amr': unauthenticated
Policies:
- PolicyName: 'CognitoUnauthorizedPolicy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 'mobileanalytics:PutEvents'
- 'cognito-sync:*'
Resource: '*'
# Create a role for authorized access to AWS resources. Control what your user can access. This example only allows Lambda invokation
# Only allows users in the previously created Identity Pool
CognitoAuthorizedRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
Federated: 'cognito-identity.amazonaws.com '
Action:
- 'sts:AssumeRoleWithWebIdentity'
Condition:
StringEquals:
'cognito-identity.amazonaws.com :aud':
Ref: IdentityPool
'ForAnyValue:StringLike':
'cognito-identity.amazonaws.com :amr': authenticated
Policies:
- PolicyName: 'CognitoAuthorizedPolicy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 'mobileanalytics:PutEvents'
- 'cognito-sync:*'
- 'cognito-identity:*'
Resource: '*'
- Effect: 'Allow'
Action:
- 'lambda:InvokeFunction'
Resource: '*'
# Assigns the roles to the Identity Pool
IdentityPoolRoleMapping:
Type: 'AWS::Cognito::IdentityPoolRoleAttachment'
Properties:
IdentityPoolId:
Ref: IdentityPool
Roles:
authenticated:
'Fn::GetAtt': [ CognitoAuthorizedRole, Arn ]
unauthenticated:
'Fn::GetAtt': [ CognitoUnAuthorizedRole, Arn ]
对于为什么会抛出此特定错误(我认为这具有误导性)甚至更好,是否有人有任何想法?如何解决此问题?
答案 0 :(得分:0)
此问题已在AWS Amplify Github问题积压more context here中解决。
无论何时导入amplify,由于amplify-js库中的Typescript编译问题,都需要直接直接导入crypto-js依赖项:
import 'crypto-js/lib-typedarrays'; // add this line
import Amplify, {Auth} from 'aws-amplify';
看来这将是未来拉取请求中的永久性修复程序,因此,根据您登陆的时间,尝试将aws-amplify软件包更新为> 1.1.19首先,先查看它是否已在主软件包中修复。