- 最新
- 最多得票
- 最多評論
Hi,
Thank you for contacting us! I understand that you're concerned about receiving the following error message while trying to fetch and use credentials using a Cognito identity pool:
" NotAuthorizedException: Token is not from a supported provider of this identity pool."
- This issue usually occurs if the app client used for authenticating the user is different from the app client configured with the identity pool. You may confirm this by checking if the aud value in the identity token is different from what's configured in your identity pool.
If this is issue, please make sure to authenticate against the correct app client by updating your application to use the app client configured with your identity pool.
- Another reason for why you may face this issue is if identity pool is configured with an incorrect provider name for user pool. For configuring user pool with identity pool via API CreateIdentityPool, you need to provide the providerName and clientId. The providerName must match with the iss claim of the JWT token. In case of user pools, it is of the format:
cognito-idp.{region}.amazonaws.com/{user-pool-id}
- Verifying a JSON web token - Step 3: Verify the claims - https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html#amazon-cognito-user-pools-using-tokens-step-3
Where {region} is the region where user pool is located at.
- Accessing AWS services using an identity pool after sign-in - Integrating a user pool with an identity pool - https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.html#amazon-cognito-integrating-user-pools-with-identity-pools-using
Note the following mentioned in the document above:
"After your app user is authenticated, add that user's identity token to the logins map in the credentials provider. The provider name will depend on your Amazon Cognito user pool ID. It will have the following structure:
cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID> The value for <region> will be the same as the region in the User Pool ID. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789."
If the suggestions above do not help resolve the issue, we might need to troubleshoot based on your configurations. Could you please create a support case instead so we may discuss details on your resource configurations?
Please do not post any sensitive information over re:Post since this is a public platform.
As always, feel free to reach back with any further questions or concerns in the meantime!
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
Ok, I am still not entirely sure why it originally failed, but I was able to have success when I added a Cognito user pool and had that use the login with amazon button. Then I set up the Cognito identity pool to use the user pool and that worked.