【发布时间】:2019-05-14 11:58:19
【问题描述】:
我正在尝试从 Lambda 调用一个由计时器定期触发的突变。这就是我正在做的事情
const params = {
AccountId: "XXXXXXX",
RoleArn: "arn:aws:iam::XXXX:role/appsync_lamda_role", // tried removing this too
IdentityPoolId: "ap-southeast-1:xxxx-xxxx-xxx-xxxx-xxx",
LoginId: "demo_access" // tried with and without this
};
AWS.config.update({
region: "ap-southeast-1",
credentials: new AWS.CognitoIdentityCredentials(params)
});
现在,我打电话给
AWS.config.credentials.get(err => {
const signer = new AWS.Signers.V4(httpRequest, "appsync", true);
signer.addAuthorization(AWS.config.credentials, AWS.util.date.getDate());
const options = {
method: httpRequest.method,
body: httpRequest.body,
headers: httpRequest.headers
};
fetch(uri.href, options)
.then(res => res.json())
.then(json => {
console.log(`JSON Response = ${JSON.stringify(json, null, 2)}`);
callback(null, event);
})
.catch(err => {
console.error(`FETCH ERROR: ${JSON.stringify(err, null, 2)}`);
callback(err);
});
});
当我这样做时,我从 APPSYNC 收到一个错误,称为“错误”:[ { "errorType": "UnauthorizedException", “消息”:“无法解析 JWT 令牌。” } 我已授予角色访问权限以调用 GraphQL 并编辑信任关系
{
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity"
}
我在这里缺少什么?请帮忙。
当我查看生成的标头时,我没有看到 JWT 令牌,但我看到了会话令牌 喜欢
'User-Agent': 'aws-sdk-nodejs/2.275.1 linux/v8.10.0 exec-env/AWS_Lambda_nodejs8.10',
host: 'xxxxx.appsync-api.ap-southeast-1.amazonaws.com',
'Content-Type': 'application/json',
'X-Amz-Date': '20181213T080156Z',
'x-amz-security-token': 'xxxxxx//////////xxxxxEOix8u062xxxxxynf4Q08FxxxLZxV+xx/xxx/xxx/xxxxx=',
Authorization: 'AWS4-HMAC-SHA256 Credential=xxxxxxxxx/20181213/ap-southeast-1/appsync/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=xxxxxxxxxxxxxxxxxxxxxxx' }
提前致谢
【问题讨论】:
标签: lambda amazon-cognito aws-appsync