Amazon-cognito-identity-js: Getting errors with use case 17

Created on 28 Sep 2016  路  10Comments  路  Source: amazon-archives/amazon-cognito-identity-js

I get this console output when I run the code below:

image

POST https://cognito-identity... 400 (Bad Request)
Error: Invalid login token. Issuer doesn't match providerName(...)

How do I make these errors go away?

How do I console.log() the refresh token string?

AWS.config.region = 'XX-XXXX-X';
AWSCognito.config.region = 'XX-XXXX-X';
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();
var loginKey = 'cognito-idp.' + region + '.amazonaws.com/' + poolData.UserPoolId

// Integrate User Pools with Cognito Identity and handle token refresh.
if (cognitoUser != null) {
    cognitoUser.getSession(function (err, result) {
        if (err) {
            console.error(err);
        }
        if (result) {
            console.log('You are now logged in.');

            // Add the User's Id Token to the Cognito credentials login map.
            AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                IdentityPoolId: identityPoolId,
                Logins: {
                    loginKey: result.getIdToken().getJwtToken()
                }
            });
        }
    });
}

// Not sure why this doesn't work it is copy/pasted from AWS use case 17
//call refresh method in order to authenticate user and get new temp credentials
AWS.config.credentials.refresh(function (error) {
    if (error) {
        console.error(error);
    } else {
        console.log('Successfully logged!');
    }
});

As a side note, use case 17 seems to mix in ES6 function formatting and includes an extra tab on the last line. The full word error is used as opposed to err.

What does console.log('Successfully logged!'); mean? Does that mean successfully logged in, or is some sort of aws server logging operation taking place?

Most helpful comment

You can't use:

                Logins: {
                    loginKey: result.getIdToken().getJwtToken()
                }

Above 'loginKey' will be interpreted literally and not by it's value. Instead create an empty object, assign the value of loginKey as it's key with its value being result.getIdToken().getJwtToken()

For example:

var loginProvider = {};
loginProvider[loginKey] = result.getIdToken().getJwtToken();
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: identityPoolId,
    Logins: loginProvider
});

All 10 comments

Issuer doesn't match providerName indicates that the loginKey being constructed does not match the value that token has. Can you print and confirm that loginKey you are sending in the Logins map is of format cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>?

value should be one of us-east-1, eu-west-1, us-west-2 or ap-northeast-1.

As for printing the refresh token, like ID token, we have a get method. getRefreshToken which also returns a JWT token.

When I run the following:

idToken.textContent = result.getIdToken().getJwtToken();
accessToken.textContent = result.getAccessToken().getJwtToken();
refreshToken.textContent = result.getRefreshToken().getJwtToken();

The id and access token requests succeed, but the getRefreshToken() fails.

Uncaught TypeError: result.getRefreshToken(...).getJwtToken is not a function

I just solved the refresh token issue with this: refreshToken.textContent = result.getRefreshToken().token;

My loginKey looks like this: cognito-idp.us-west-2.amazonaws.com/us-west-2_XXXXXXX

Also, it is this part of the code that throws an error.

AWS.config.credentials.refresh(function (error) {
    if (error) {
        console.error(error);
    } else {
        console.log('Successfully logged!');
    }
});

Can you post a service request id for one of these failed requests with the time stamp?

Date:Wed, 28 Sep 2016 13:26:43 GMT
x-amzn-ErrorMessage: Invalid login token. Issuer doesn't match providerName
x-amzn-ErrorType: NotAuthorizedException:
x-amzn-RequestId: 32b963a7-857f-11e6-94cf-7372c5356b7d

You can't use:

                Logins: {
                    loginKey: result.getIdToken().getJwtToken()
                }

Above 'loginKey' will be interpreted literally and not by it's value. Instead create an empty object, assign the value of loginKey as it's key with its value being result.getIdToken().getJwtToken()

For example:

var loginProvider = {};
loginProvider[loginKey] = result.getIdToken().getJwtToken();
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: identityPoolId,
    Logins: loginProvider
});

You could also potentially use ES6 if you are setup for it:

AWS.config.credentials = new AWS.CognitoIdentityCredentials({
   ...identity,
   Logins: {
     [`cognito-idp.${AWS_REGION}.amazonaws.com/${POOL_ID}`]: session.getIdToken().getJwtToken()
   }
})

How can I get identityPoolId ?

@tbiinfotech, you should create an Identity Pool, see http://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html

Was this page helpful?
0 / 5 - 0 ratings