php - MissingAuthenticationTokenException ("Missing Authentication Token") from CognitoIdentityProviderClient::adminCreateUser()
问题描述
I have a working implementation of the AWS PHP SDK. Operations like $client->getUser()
are working, but $client->adminCreateUser()
and others are not working.
When I call $client->adminCreateUser([...])
, it results in:
Error executing "AdminCreateUser" on "https://cognito-idp.ap-southeast-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.ap-southeast-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
MissingAuthenticationTokenException (client): Missing Authentication Token - {"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
Line 191 in /var/www/project/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php
Similar services evoked from CLI (e.g cognito-idp admin-create-user
) with the exact same credentials are working.
What is causing this?
Example Details
My environment:
- Ubuntu 18.04
- Apache 2.4.29
- PHP 7.3
- aws/aws-sdk-php 3.92.3
.aws/credentials
[default]
aws_access_key_id=XXXX
aws_secret_access_key=XXXX
I am using my developer credentials
Example code:
$client = new CognitoIdentityProviderClient([
'version' => 'latest',
'region' => 'ap-southeast-2',
'credentials' => false, // Set to false to allow roles provisioned to our EC2 instances
]);
$result = $client->adminCreateUser([
'DesiredDeliveryMediums' => ['Email'],
'MessageAction' => 'RESEND',
'TemporaryPassword' => 'TemporaryPassword1234',
'UserAttributes' => [
['Name' => 'email', 'Value' => 'mailbox@domain.tld'],
],
'UserPoolId' => 'ap-southeast-2_XXXX',
'Username' => 'mailbox@domain.tld',
]);
解决方案
您需要'credentials' => false
从CognitoIdentityProviderClient
配置中删除。
该adminCreateUser()
操作需要一个签名的请求(与类似的操作不同signUp()
,这就是为什么signUp()
可以使用未签名的请求但adminCreateUser()
其他需要开发人员凭据的操作不会)
来自 AWS 文档
https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#admincreateuser说
AdminCreateUser 需要开发人员凭据。
https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#credentials说
传递 false 以使用空凭据而不签署请求。
需要对请求进行签名以提供开发人员凭据。
推荐阅读
- html - 如何更改活动导航器的背景颜色
- c++ - 如何使用 std::string 作为 QHash 的键?
- python - Python字数(2个包含单词的文件)(1个用于字数的文件)(最后一个文件写在他里面字+计数)
- c# - 如何将登录密码保存到 xamarin 中的钥匙串
- node.js - 使用nodejs更新mongodb中的多个不同数组对象元素
- django - MEDIA_ROOT 问题
- python - TypeError: unhashable type: 'list' pandas python
- css - 在 Emotion 中使用 `css` 属性覆盖样式组件
- c++ - 错误:在第 6 行的 '{' 标记之前不允许函数定义
- python - 我安装了诅咒,但仍然得到没有找到诅咒的错误