Amplify-js: Error: Token is not from a supported provider of this identity pool
I have basic auth operational, I can register, login and reset a users password. But then I started integrating the storage module, which kept throwing errors about ensure credentials.
So I figured out that this is caused when Auth.currentCredentials() is called, this does not return successfully. Maybe the user is not correctly authorized, but then I'm not sure what is wrong. Every time the credentials.refresh is called an error is returned: refresh credentials error: Error: Token is not from a supported provider of this identity pool.
I read a lot about using the wrong clientId, but in my view it should be correct, I've checked it a couple of times, and since login & registration is working, this does not seem to be the cause. Also MFA is disabled.
I've compressed all my code to trigger the issue, maybe someone can give me push in the right direction:
(note: this is react-native)
import React from 'react';
import Amplify from 'aws-amplify';
import { Auth, Storage } from 'aws-amplify';
Amplify.configure({
Auth: {
identityPoolId: 'us-east-1:********-****-****-****-************',
region: 'us-east-1',
userPoolId: 'us-east-1_*********',
userPoolWebClientId: '****************************',
mandatorySignIn: false
},
Storage: {
bucket: '******',
region: 'us-east-1',
}
});
Amplify.Logger.LOG_LEVEL = 'DEBUG';
window.LOG_LEVEL = 'DEBUG';
export default class App extends React.Component {
constructor() {
super();
}
componentDidMount() {
console.log('Start Login');
Auth.signIn('<valid user>', '<valid password>').then(user => {
console.log('SignedInUser:', user);
Auth.currentCredentials().then(a => {
console.log('currentCredentials', a);
});
Storage.put('test.txt', 'blaaaaa');
})
}
render() {
return (
<View></View>
)
}
}
Output log:
SignedinUser details (sorry for the redacted stuff, not sure what exactly should be considered secret) :
daanoz
All 2 comments
Based on the code you put above, it seems like you are manually setting up your aws resources and manually configuring the Amplify module, I'm not sure which step(s) you might have missed.
I would suggest you to use the awsmobile-cli to help you to setup your resources, then use the aws-exports.js to configure the Amplify module.
$ yarn global add awsmobile-cli
$ cd <your-project-path>
$ awsmobile init
answer / for source Directory and / for distribution directory
$ awsmobile features
select user-signin and user-files
$ awsmobile push
then you should see 'aws-exports.js' file in the project's root directory, use it to configure you Amplify module.
The Readme of our react native starter might provide some useful information
https://github.com/awslabs/aws-mobile-react-native-starter
UnleashedMind
on 23 Feb 2018
Ok, thanks. I'm indeed setting things up myself due to the fact that with the mobile hub, somethings cannot be changed. For example the attributes settings of cognito...
It would be awesome if there is an overview what exactly mobilehub is doing, because it's now quite easy to overlook something. And in my view, it also creates developer awareness. Because now a lot is happening behind the curtains, but if you need to customize something you are in for a nice challenge.
Anyway, I have also a mobile hub bare app, which I use to validate the settings I'm doing myself, I've found the issue, or actually issues.
For one, I had indeed my WebClientId correct in the app config and in the userpool config of cognito. But what I missed, that there is a third place to set the WebClientId, in the cognito federated identity pool. There is a setting for Authentication providers, that one did not match. Interestingly it did not stop me from authenticating and registering, maybe it's just lack of knowledge from my side, but that seems a bit strange?
Second, I did not have an IAM policy to access the S3 bucket. This piece of the manual kind of hints that this is the only setting needed to get the bucket working, but I that only applies to the mobile hub setup then?
daanoz
on 24 Feb 2018
Related issues
gHashTag
路
135Comments
kennu
路
64Comments
nomadus
路
57Comments
nomadus
路
53Comments
mdoesburg
路
65Comments
Most helpful comment
Ok, thanks. I'm indeed setting things up myself due to the fact that with the mobile hub, somethings cannot be changed. For example the attributes settings of cognito...
It would be awesome if there is an overview what exactly mobilehub is doing, because it's now quite easy to overlook something. And in my view, it also creates developer awareness. Because now a lot is happening behind the curtains, but if you need to customize something you are in for a nice challenge.
Anyway, I have also a mobile hub bare app, which I use to validate the settings I'm doing myself, I've found the issue, or actually issues.
For one, I had indeed my WebClientId correct in the app config and in the userpool config of cognito. But what I missed, that there is a third place to set the WebClientId, in the cognito federated identity pool. There is a setting for Authentication providers, that one did not match. Interestingly it did not stop me from authenticating and registering, maybe it's just lack of knowledge from my side, but that seems a bit strange?
Second, I did not have an IAM policy to access the S3 bucket. This piece of the manual kind of hints that this is the only setting needed to get the bucket working, but I that only applies to the mobile hub setup then?