AWS Cognito iOS 开发人员身份验证

我正在尝试将 amazon cognito 与开发人员验证身份一起使用.我的 API 已成功返回 ID 和令牌.但是，当我使用这些令牌将内容上传到 S3 时，我收到以下错误:

I am trying to use amazon cognito with developer authenticated identities. My API is successfully returning an id and token. However, when I use these tokens to upload content to S3 I receive the following error:

Not authorized to perform sts:AssumeRoleWithWebIdentity

以下是我设置凭据提供程序的代码.

Below is my code for setting up the credentials provider.

ZGAWSIdentityProvider *identityProvider = [ZGAWSIdentityProvider new];
[identityProvider setIdentityPoolId:AWS_IDENTITY_POOL_ID];

AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc]
                                           initWithRegionType:AWSRegionUSEast1
                                           identityProvider:identityProvider
                                           unauthRoleArn:AWS_UNAUTH_ROLE_ARN
                                           authRoleArn:AWS_AUTH_ROLE_ARN];


AWSServiceConfiguration *configuration = [AWSServiceConfiguration configurationWithRegion:AWSRegionUSWest1
                                                                      credentialsProvider:credentialsProvider];

[AWSServiceManager defaultServiceManager].defaultServiceConfiguration = configuration;

我正在使用 http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#create-an-identity-pool-that-supports-developer-authenticated-identities 以创建身份提供者.

And I am using the template provided at http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#create-an-identity-pool-that-supports-developer-authenticated-identities to create the identity provider.

@implementation ZGAWSIdentityProvider
@synthesize identityPoolId=_identityPoolId;
@synthesize identityId=_identityId;
@synthesize token=_token;


- (BFTask *)getIdentityId {
    // Should ensure that identityId property is valid. The below code can probably
    // be used for most use cases.

    if (self.identityId) {
        return [BFTask taskWithResult:nil];
    } else {
        return [[BFTask taskWithResult:nil] continueWithBlock:^id(BFTask *task) {
            if (!self.identityId) {
                return [self refresh];
            }
            return nil;
        }];
    }
}

- (BFTask *)refresh {

    BFTaskCompletionSource *task = [BFTaskCompletionSource taskCompletionSource];
    __weak __typeof(self)weakSelf = self;
    [[ZGAccountController sharedInstance] getAWSCredentialsWithCompletion:^(NSDictionary *credentials) {

        if (credentials && [credentials objectForKey:@"identity_id"] && [credentials objectForKey:@"identity_id"]) {
            __strong __typeof(weakSelf)strongSelf = weakSelf;
            strongSelf.identityId = [credentials objectForKey:@"identity_id"];
            strongSelf.token = [credentials objectForKey:@"token"];
            [task setResult:nil];
        } else {
            NSError *error = [NSError errorWithDomain:@"com.##.##" code:-1 userInfo:nil];
            [task setError:error];
        }

    }];

    return task.task;
}

@end

这似乎是角色信任的问题.我使用亚马逊 Web 界面创建了身份池，并仔细检查了身份池 ID 是否正确.我已经能够成功上传 w 个未经身份验证的身份，所以我认为不是角色权限问题​​.

It appears to be an issue with Role Trust. I created the identity pool using the amazon web interface and have double checked that the identity pool id is correct. I have been able to successfully upload w unauthenticated identities, so I believe is not a role permissions issue.