1 個回答
- 最新
- 最多得票
- 最多評論
0
You're encountering an error where AWS STS is rejecting your ID token as invalid, even though it appears valid when decoded and tested manually. The issue likely arises from asynchronous token retrieval. Ensure that your token retrieval function completes before passing it to fromWebToken()
. This timing problem may cause STS to receive an incomplete or invalid token. Modify your code to await the token retrieval function before passing it to fromWebToken()
. This ensures the token is fully retrieved and ready for use, resolving the issue.
const getTokenFromIdp = async () => {
const token = await auth.tokenManager.get("idToken");
return token.idToken;
}
const getCredentials = async () => {
const webIdentityToken = await getTokenFromIdp();
const oidcCredentials = fromWebToken({
roleArn: "arn:aws:iam::2222333344445556:role/OIDCroleReadS3",
roleSessionName: "session_111",
durationSeconds: 7200,
webIdentityToken: webIdentityToken
});
return oidcCredentials;
}
const main = async () => {
const credentials = await getCredentials();
const s3client = new S3({
region: "us-east-2",
credentials: credentials,
});
// Now you can use the S3 client with the obtained credentials
}
main();
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 5 個月前