reactjs - 反应:AWS Cognito 令牌端点在被 Shopify 商店重定向时返回 400 invalid_grant
问题描述
我们的 React 应用程序使用 AWS Amplify 和 Cognito 托管的 UI 进行身份验证。我们的应用程序中有一个功能可以链接 Shopify 商店。为此,我们获取用户的 Shopify 商店 URL 并将用户重定向到其管理面板以获取权限和访问令牌。用户授予权限后,他会再次被重定向到我们的应用程序。
问题出现在这一点上。在查看控制台时,我们会看到类似这样的内容。Cognito 令牌端点抛出 400 invalid_grant 错误。当我们刷新页面时,这个错误就消失了,但我们认为应该有更好的解决方案。
有人可以向我们提供有关如何克服这些 Cognito 错误的建议吗?非常感谢所有有用的建议。
用户从 Shopify 商店重定向的页面如下。
import React, { useEffect } from "react";
import { Auth } from "aws-amplify";
import { useSelector, useDispatch } from "react-redux";
import * as api from "../../services/api";
const ShopifyAuthCallback = ({ history }) => {
const classes = useStyles();
const dispatch = useDispatch();
const organizationId = useSelector(
(state) => state.dashboard.userOrganizationId
);
useEffect(() => {
Auth.currentSession()
.then((res) => {
const params = new URLSearchParams(window.location.search);
const shopOrigin = params.get("shop");
const authCode = params.get("code");
api
.post(`shopify/access-token`, {
authCode: authCode,
shopOrigin: shopOrigin,
organizationId: organizationId,
})
.then((data) => {
history.push("/");
})
.catch((error) => {
console.error(error);
});
})
.catch((error) => {
console.log(error);
});
});
return (
<div>
<p>Redirecting...</p>
</div>
);
};
export default ShopifyAuthCallback;
Amplify auth 设置App.js
如下。
import React, { useEffect, useState } from "react";
import { createBrowserHistory } from "history";
import theme from "./theme";
import Routes from "./Routes";
import { withAuthenticator } from "aws-amplify-react";
import Amplify, { Auth } from "aws-amplify";
import aws_exports from "./aws-exports";
import { Router } from 'react-router-dom';
import {useSelector } from "react-redux";
import { useDispatch } from "react-redux";
import * as api from "services/api";
Amplify.configure(aws_exports);
Auth.configure();
const browserHistory = createBrowserHistory();
const App = () => {
const dispatch = useDispatch();
useEffect(() => {
try {
Auth.currentSession()
.then(cognitoUser => {
const { idToken: { payload } } = cognitoUser
if (payload['custom:organization']) {
// do something }
else {
// do something else
}
})
.then( async (res) => {
// do something
})
.catch(err => {
console.log(err);
});
} catch (e) {
console.log(e);
}
}, []);
return (
<ThemeProvider theme={theme}>
<Router history={browserHistory}>
<Routes />
</Router>
</ThemeProvider>
);
}
const signUpConfig = {
header: "Create a new account",
hideAllDefaults: true,
defaultCountryCode: "1",
signUpFields: [
{
label: "Name",
key: "name",
required: true,
displayOrder: 1,
type: "string"
},
{
label: "Password",
key: "password",
required: true,
displayOrder: 2,
type: "password"
},
{
label: "Email",
key: "username",
required: true,
displayOrder: 4,
type: "string"
}
]
};
export default withAuthenticator(App, {
signUpConfig
});
编辑:
这些是 Cognito 令牌端点的请求和响应详细信息。
General:
Request URL: https://ogmo-dev.auth.eu-central-1.amazoncognito.com/oauth2/token
Request Method: POST
Status Code: 400
Remote Address: 35.156.210.187:443
Referrer Policy: strict-origin-when-cross-origin
Response:
access-control-allow-credentials: true
access-control-allow-origin: https://dev.ogmo.xyz/
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json;charset=UTF-8
date: Sun, 25 Oct 2020 06:52:21 GMT
expires: 0
pragma: no-cache
server: Server
set-cookie: XSRF-TOKEN=<token_value>; Path=/; Secure; HttpOnly; SameSite=Lax
status: 400
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Origin
x-amz-cognito-request-id: b4cd564e-b0b1-42bf-a7a1-9361ce4db34d
x-application-context: application:prod:8443
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
Request headers:
:authority: ogmo-dev.auth.eu-central-1.amazoncognito.com
:method: POST
:path: /oauth2/token
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
content-length: 147
content-type: application/x-www-form-urlencoded
origin: https://dev.ogmo.xyz
referer: https://dev.ogmo.xyz/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Form data:
grant_type: authorization_code
code: 91a86bdadbe488ae1cd5ec10343a3461
client_id: <client_id>
redirect_uri: https://dev.ogmo.xyz/
解决方案
推荐阅读
- php - 在我的 wordpress 网站上出现这些错误(rankmath 404 Monitor)
- r - 错误:在 Shiny 应用程序中,只有字符串可以转换为符号
- c - 解析简单的数学表达式
- git - .gitignore 问题我只需要使用 !*02.* 模式跟踪文件,但我只能排除它们而不是使用 !*02.* 跟踪它们
- python - 为什么 python3 ttk 复选框使用的任何选项都会出错?
- angular - 输入中的自动完成建议为光标后的灰色字母,而不是选择弹出窗口
- javascript - 对按键作出反应,只执行一次 setTimeout
- c++ - 用 CRTP 实例化和注册派生类的最佳方法?
- neo4j - 使用 apoc.load.jdbc() 时无法在 conf/neo4j.conf 中为数据库连接字符串起别名
- python - Python Scapy无线扫描并匹配存储在文本文件中的mac地址