我正在使用新的(有点)Google Identity Toolkit我正面临一个奇怪的问题。
它生成的JWT token如下:
{
"alg": "RS256",
"kid": "qwYevA"
}
{
"iss": "https://identitytoolkit.google.com/",
"aud": "950882198692-jrb8d5t979qahaechf5gd4t3g59gpvou.apps.googleusercontent.com",
"iat": 1444275809,
"exp": 1445485409,
"user_id": "05244125885327377646",
"email": "**********@gmail.com",
"provider_id": "facebook.com",
"verified": false,
"display_name": "NOT_MY_NAME",
"photo_url": "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-xaf1/v/t1.0-1/c155.48.597.597/s50x50/notmyphotonotmyphotonotmyphotonotmyphoto.jpg?oh=notmyphotonotmyphotonotmyphotonotmyphoto&oe=notmyphoto&__gda__=notmyphotonotmyphotonotmyphotonotmyphotonotmyphoto"
}
{
*signature*
}
我正在正确设置 iss:
CognitoSyncClientManager.addLogins("https://identitytoolkit.google.com/",
idToken.getTokenString());
每当我尝试同步数据集时都会出现错误:
Dataset dataset = syncClient.openOrCreateDataset("myTestDataset");
dataset.put("myTestKey", "myTestValue");
dataset.synchronize(new DefaultSyncCallback() {
@Override
public void onSuccess(Dataset dataset, List newRecords) {
System.out.println(dataset.get("myTestKey"));
}
});
错误日志:
com.google.identitytoolkit.demo E/DefaultSyncCallback: Failure occurred during sync
***: com.amazonaws.mobileconnectors.cognito.exceptions.DataStorageException: Failed to list records in dataset: myTestDataset
***: at com.amazonaws.mobileconnectors.cognito.internal.storage.CognitoSyncStorage.handleException(CognitoSyncStorage.java:293)
***: at com.amazonaws.mobileconnectors.cognito.internal.storage.CognitoSyncStorage.listUpdates(CognitoSyncStorage.java:152)
***: at com.amazonaws.mobileconnectors.cognito.DefaultDataset.synchronizeInternal(DefaultDataset.java:388)
***: at com.amazonaws.mobileconnectors.cognito.DefaultDataset$1.run(DefaultDataset.java:149)
***: at java.lang.Thread.run(Thread.java:818)
***: Caused by: com.amazonaws.AmazonServiceException: 1 validation error detected: Value '{https://identitytoolkit.google.com/=eyJhb---*MASSIVE-JWT*---c5demjsRlQtqjz8A}' at
'logins' failed to satisfy constraint: Map keys must satisfy constraint: [Member must have length less than or equal to 128, Member must have length greater than or equal to 1,
Member must satisfy regular expression pattern: [\w._/-]+] (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: ValidationException; Request ID: ab0d6028-6d80-11e5-ac9f-33bc83bfc548)
......
***: failed to synchronize myTestDataset
那么,我做错了什么?
这是我第一次使用 AWS,我对 JWT 也是相当陌生。感谢您的帮助。
我应该提到我正在使用这个项目的类和示例:https://github.com/awslabs/aws-sdk-android-samples/tree/master/CognitoSyncDemo
最佳答案
Google 的 OpenID Connect 发行者名称是“accounts.google.com”,这应该作为 addLogins 的第一个参数传递,而不是“”https://identitytoolkit.google.com/。 "用于 Google token 。
但是,看起来您的 token 实际上指定了“https://identitytoolkit.google.com/”作为颁发者。如果这是您从 Identity Toolkit 收到的 token 类型,恐怕您将无法使用它们通过 Cognito 向 Google 进行身份验证,因为它不是有效的 OpenID Connect 颁发者 according to this .可能值得向 Identity Toolkit 的人询问这个问题,因为这看起来像是他们这边的一个错误。
关于android - AWS Cognito 数据集和 Google Identity Toolkit 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33008461/