1. 技术文章
  2. AWS API Gateway UnrecognizedClientException with Generated Javascript SDK

AWS API Gateway UnrecognizedClientException with Generated Javascript SDK

一世执手 提交于 2019-12-08 13:31:14

问题


I'm encountering a 403 status code with an UnrecognizedClientException in the x-amzn-errortype header of the response to my API Gateway GET Request using the generated Javascript SDK. The Resource being called utilizes IAM Auth which differentiates the users role based on their user group.

Here is my API Client Initialize Function

function initializeAPIClient(accessKey, secretKey, sessionToken){
    var config = {
        region : region,
        accessKey : accessKey,
        secretKey : secretKey,
        sessionToken : sessionToken
    }
    apigClient = apigClientFactory.newClient(config);
}

Here is my GET request Function

function testCall(){
    var params = '';
    var body = '';
    var additionalParams = '';

    apigClient.testCallGet(params, body, additionalParams)
    .then(function(result){
        alert("Permissions are available to this user.");
    })
    .catch(function(result){
        alert("Permissions are NOT available to this user.");
    });
}

Here are my request headers:

:authority:[API_ENDPOINT]
:method:GET
:path:/[STAGE]/[RESOURCE]
:scheme:https
accept:application/json
accept-encoding:gzip, deflate, sdch, br
accept-language:en-US,en;q=0.8
authorization:AWS4-HMAC-SHA256 Credential=[ACCESS_KEY_ID]/20170406/[REGION]/execute-api/aws4_request, SignedHeaders=accept;host;x-amz-date, Signature=[SIGNATURE]
origin:http://localhost:8000
referer:http://localhost:8000/php/[PAGE].php/?username=[USERNAME]&sessionToken=[SESSION_TOKEN]
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
x-amz-date:20170406T180808Z
x-amz-security-token:[SESSION_TOKEN]

I'm not sure what could be causing this. The solutions recommended when I search UnrecognizedClientException seem to suggest doing what I'm already doing.


回答1:


I've solved my own issue, so here's the answer for anybody who runs into a similar logic error. Do NOT use the Id token as your session token, which is what I was doing. The id token is used to generate the session token, along with the access key and secret key. Do not confuse the two.



来源:https://stackoverflow.com/questions/43263064/aws-api-gateway-unrecognizedclientexception-with-generated-javascript-sdk

标签
javascript
amazon-web-services
authentication
http-headers
aws-api-gateway
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!