Skip to content
This repository has been archived by the owner on Feb 24, 2018. It is now read-only.

Getting errors with use case 17 #162

Closed
nueverest opened this issue Sep 27, 2016 · 10 comments
Closed

Getting errors with use case 17 #162

nueverest opened this issue Sep 27, 2016 · 10 comments

Comments

@nueverest
Copy link

nueverest commented Sep 27, 2016

I get this console output when I run the code below:

image

POST https://cognito-identity... 400 (Bad Request)
Error: Invalid login token. Issuer doesn't match providerName(...)

How do I make these errors go away?

How do I console.log() the refresh token string?

AWS.config.region = 'XX-XXXX-X';
AWSCognito.config.region = 'XX-XXXX-X';
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();
var loginKey = 'cognito-idp.' + region + '.amazonaws.com/' + poolData.UserPoolId

// Integrate User Pools with Cognito Identity and handle token refresh.
if (cognitoUser != null) {
    cognitoUser.getSession(function (err, result) {
        if (err) {
            console.error(err);
        }
        if (result) {
            console.log('You are now logged in.');

            // Add the User's Id Token to the Cognito credentials login map.
            AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                IdentityPoolId: identityPoolId,
                Logins: {
                    loginKey: result.getIdToken().getJwtToken()
                }
            });
        }
    });
}

// Not sure why this doesn't work it is copy/pasted from AWS use case 17
//call refresh method in order to authenticate user and get new temp credentials
AWS.config.credentials.refresh(function (error) {
    if (error) {
        console.error(error);
    } else {
        console.log('Successfully logged!');
    }
});

As a side note, use case 17 seems to mix in ES6 function formatting and includes an extra tab on the last line. The full word error is used as opposed to err.

What does console.log('Successfully logged!'); mean? Does that mean successfully logged in, or is some sort of aws server logging operation taking place?

@chetanme
Copy link
Contributor

Issuer doesn't match providerName indicates that the loginKey being constructed does not match the value that token has. Can you print and confirm that loginKey you are sending in the Logins map is of format cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>?

value should be one of us-east-1, eu-west-1, us-west-2 or ap-northeast-1.

As for printing the refresh token, like ID token, we have a get method. getRefreshToken which also returns a JWT token.

@nueverest
Copy link
Author

When I run the following:

idToken.textContent = result.getIdToken().getJwtToken();
accessToken.textContent = result.getAccessToken().getJwtToken();
refreshToken.textContent = result.getRefreshToken().getJwtToken();

The id and access token requests succeed, but the getRefreshToken() fails.

Uncaught TypeError: result.getRefreshToken(...).getJwtToken is not a function

@nueverest
Copy link
Author

I just solved the refresh token issue with this: refreshToken.textContent = result.getRefreshToken().token;

@nueverest
Copy link
Author

nueverest commented Sep 28, 2016

My loginKey looks like this: cognito-idp.us-west-2.amazonaws.com/us-west-2_XXXXXXX

Also, it is this part of the code that throws an error.

AWS.config.credentials.refresh(function (error) {
    if (error) {
        console.error(error);
    } else {
        console.log('Successfully logged!');
    }
});

@chetanme
Copy link
Contributor

Can you post a service request id for one of these failed requests with the time stamp?

@nueverest
Copy link
Author

Date:Wed, 28 Sep 2016 13:26:43 GMT
x-amzn-ErrorMessage: Invalid login token. Issuer doesn't match providerName
x-amzn-ErrorType: NotAuthorizedException:
x-amzn-RequestId: 32b963a7-857f-11e6-94cf-7372c5356b7d

@nickGermi
Copy link

You can't use:

                Logins: {
                    loginKey: result.getIdToken().getJwtToken()
                }

Above 'loginKey' will be interpreted literally and not by it's value. Instead create an empty object, assign the value of loginKey as it's key with its value being result.getIdToken().getJwtToken()

For example:

var loginProvider = {};
loginProvider[loginKey] = result.getIdToken().getJwtToken();
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: identityPoolId,
    Logins: loginProvider
});

@bradennapier
Copy link

bradennapier commented May 24, 2017

You could also potentially use ES6 if you are setup for it:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
   ...identity,
   Logins: {
     [`cognito-idp.${AWS_REGION}.amazonaws.com/${POOL_ID}`]: session.getIdToken().getJwtToken()
   }
})

@tbiinfotech
Copy link

How can I get identityPoolId ?

@dotchev
Copy link

dotchev commented Jun 27, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants