Search code examples
node.jsamazon-web-servicesamazon-cognitofederated-identity

AWS cognito: getCredentials not working

Im in the process of learning to use AWS Cognito. I have set up a userpool and a identity pool.

Code (simplified): 

cognitoUser.authenticateUser(authenticationDetails, {
      onSuccess: (result) => {
        let cognitoGetUser = userPool.getCurrentUser();
        if (cognitoGetUser != null) {
          cognitoGetUser.getSession((err, result) => {
            if (result) {
              console.log ("Authenticated to Cognito User and Identity Pools!");
              let token = result.getIdToken().getJwtToken();
              let cognitoParams = {
                IdentityPoolId: this.identityPool,
                Logins: {}
              };
              cognitoParams.Logins["cognito-idp.eu-west-1.amazonaws.com/"+this.poolData.UserPoolId] = token;
              AWS.config.credentials = new AWS.CognitoIdentityCredentials(cognitoParams);

              AWS.config.getCredentials(() => {
                  console.log(AWS.config.credentials.accessKeyId)
                  console.log(AWS.config.credentials.secretAccessKey)
                  console.log(AWS.config.credentials.sessionToken)  
              }
            }
          }
        }
      },
      onFailure: function(err) {
        console.log('error');
        console.log(err)
      }
    }
  }

Most of the code works as expected: The authenticateUser fires the onSuccess and I can see a jwt token ect

Problem: I cant get the AWS.config.getCredentials to work. It executed without any errors, but accessKeyId, secretAccessKey and SessionToken are all undefined.

Any suggestions to what I'm doing wrong?

Solution

  • I cant get the AWS.config.getCredentials to work. It executed without any errors but,

    This may be a mistaken assumption. Your abbreviated code is missing a couple of closing parentheses, but ran fine for me without any meaningful adjustments.

    When calling getCredentials, any errors are "silently" reported through an error object. I would think you'd see a 400 response somewhere (network tab or console or both), but getCredentials() doesn't really report errors in a visible fashion by itself.

    To see what is going wrong, you should add a parameter to the callback you pass to getCredentials():

    AWS.config.getCredentials((err) => {
    if (err) {
        console.log(err);
    } else {
        console.log(AWS.config.credentials.accessKeyId)
        console.log(AWS.config.credentials.secretAccessKey)
        console.log(AWS.config.credentials.sessionToken)
    }
});

    For reference, one commonly encountered error object looks like this. Note that the useful message is found in originalError.message:

    {
    "message": "Could not load credentials from CognitoIdentityCredentials",
    "code": "CredentialsError",
    "time": "2018-06-03T15:19:02.078Z",
    "requestId": "71b03b4a-6741-11e8-98af-b70a114474f8",
    "statusCode": 400,
    "retryable": false,
    "retryDelay": 94.28032122526344,
    "originalError": {
        "message": "Invalid login token. Issuer doesn't match providerName",
        "code": "NotAuthorizedException",
        "time": "2018-06-03T15:19:02.078Z",
        "requestId": "71b03b4a-6741-11e8-98af-b70a114474f8",
        "statusCode": 400,
        "retryable": false,
        "retryDelay": 94.28032122526344
    }
}

    The corresponding 400 in the Network tab contains this response:

    {"__type":"NotAuthorizedException","message":"Invalid login token. Issuer doesn't match providerName"}