感谢任何人都可以帮助我。我正在AWS中构建一个认知用户池+ API网关解决方案。现在配置已完成,但令牌不起作用。这是我的测试方式,
我使用了API端点
https://mydomain/login?response_type=token&client_id=5gjg8956um7bf2h5c3fuav1o46&redirect_uri=https://www.example.com
获得令牌,这是结果。
https://www.example.com/#id_token=eyJraWQiOiJiTTcrSVlMUHBHVTBQK3FnTmkrMWxSeGFyNjRrb3hxYUluemptZllMTmZ3PSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiMmJXdHU5STVMQUJkQWFTSmM5S3ZtQSIsInN1YiI6ImYwNDk3NjgwLWJlNDEtNGNlZC1iMzQ4LWQ0NTg3M2Q5OTg2MSIsImF1ZCI6IjVnamc4OTU2dW03YmYyaDVjM2Z1YXYxbzQ2IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV2ZW50X2lkIjoiODIyMWI3MjQtMzI5ZS00ZGJjLThjZjktZjhlMjY5NWFiNjkzIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1OTM5MDg1MjEsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMi5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMl9Qa1ROR1RPNzIiLCJjb2duaXRvOnVzZXJuYW1lIjoiZjA0OTc2ODAtYmU0MS00Y2VkLWIzNDgtZDQ1ODczZDk5ODYxIiwiZXhwIjoxNTkzOTEyMTIxLCJpYXQiOjE1OTM5MDg1MjEsImVtYWlsIjoicWlhby5saUBob2xtZXNnbGVuLmVkdS5hdSJ9.lkTA49l_EQpWnhiLnKdbBR1anA0H4psFwEEBJuWgwQ6Iwg_GVZgvl3Sf0_p8OF-_vgRvcGbg1uI7nJdcTBs5EAcLV75AKfglQT7UjWXQtv10D7lh86sLNmIuLWRcJDV-8iCNSlHeFqJnBcskEH4yTXJI03s7Ikp9ZVZiNDW-wZzt6fW3n1SEtfN57sV4xvknByJBqswwUv07vL3URGk60MLMfLex16vVijBVHOhvMwWByEOpvWFMH3jY0NrGjx9ty5U4I-Bq1OvwJlR5SGPz2OjiPMdXnGM8eA-E8AUHjY8VtFIW4Ec6d74axlw7qMIayUHL8UaNMKKHSDM_giIpMg&access_token=eyJraWQiOiIxOEpWY2hGcWowQndhNjkxdUFlWW5IVThxdWdaWVhxOW9FaGFZNUd3cGtZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJmMDQ5NzY4MC1iZTQxLTRjZWQtYjM0OC1kNDU4NzNkOTk4NjEiLCJldmVudF9pZCI6IjgyMjFiNzI0LTMyOWUtNGRiYy04Y2Y5LWY4ZTI2OTVhYjY5MyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoicGhvbmUgb3BlbmlkIHByb2ZpbGUgZW1haWwiLCJhdXRoX3RpbWUiOjE1OTM5MDg1MjEsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMi5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMl9Qa1ROR1RPNzIiLCJleHAiOjE1OTM5MTIxMjEsImlhdCI6MTU5MzkwODUyMSwidmVyc2lvbiI6MiwianRpIjoiMjVkM2MzMTYtNDNkMS00OTY5LTg3YTQtOTkxNWE3YzE0Y2FiIiwiY2xpZW50X2lkIjoiNWdqZzg5NTZ1bTdiZjJoNWMzZnVhdjFvNDYiLCJ1c2VybmFtZSI6ImYwNDk3NjgwLWJlNDEtNGNlZC1iMzQ4LWQ0NTg3M2Q5OTg2MSJ9.J0j9jZFzEG8gjowipZdJ_O_uXUKP5Jyk5PrZvWf5yVZ4jbdoJpgom3IcxFcaDvXbTkB_NNx9soq8Prc-whpYrjQ9RxDTd3Fb6ZyDOXhRaVQAmQSnagVr0_jPhH9Bw4_AS_4jNy4t27yDufpOnEgNWQW1sy96zpuaLFHJYAQblaJCxt_qbf_KETRDCil8ap63XUbAElaCvnSRrIGCcXmVOPChUMDSHVDu4CoMm9cgRQvj-kWFKP96YEO62tFa4_gZk1CICvjFEi7VCH0tvN9JVe8baSHm2GL1jaTeoUeE0jmGPGxGc-7fDBY37JjPbnPiHDZlm3D8eGE1AhO5qI3rng&expires_in=3600&token_type=Bearer
我在https://jwt.io/上验证了令牌,该令牌可解码。但是,当尝试在API网关Authorizer中的测试工具中测试令牌时,出现401错误。
此外,我也尝试在Postman中发布请求,结果也是401,结果如下。
{
"message": "Unauthorized"
}
我的看法是,如果我可以通过端点获取令牌,那么令牌必须正确,对吗?我该如何排除故障?谢谢
答案 0 :(得分:0)
现在,我使用“ wild rydes”应用登录了令牌,该令牌将通过API网关中的Authorizer测试,Postman API调用也可以正常工作。
尽管如此,Cognito中“托管UI”生成的令牌仍然无法使用,就像原始问题一样。
答案 1 :(得分:0)
API网关上的Cognito授权者将接受ID令牌或访问令牌,具体取决于您在添加授权时是否为API网关方法指定了OAUTH范围。
API Gateway上的Authorizer测试仅接受ID令牌。因此,我建议您检查一下是否从与API网关Cognito授权者匹配的正确Cognito UserPool获得令牌,然后检查API Gateway方法以查看是否指定了OAUTH范围。如果指定了范围,则该范围将需要在发送到API网关的访问令牌中。如果未指定范围,请发送ID令牌。