问题
I've set up the user pool in Cognito and got the JWT token after authenticating the created user via cognito js sdk. And when I try to invoke the assumeRoleWithWebIdentity api it returns an error, below is the sample api call.
https://sts.amazonaws.com/
?Action=AssumeRoleWithWebIdentity
&DurationSeconds=3600
&RoleSessionName=app1
&RoleArn=arn:aws:iam::id:role/_cross_account_role
&WebIdentityToken=jwtAccessToken
&Version=2011-06-15
The api response,
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>InvalidIdentityToken</Code>
<Message>Missing a required claim: aud</Message>
</Error>
<RequestId>c01780d7-3705-11e8-80ef-533aa2d4f58f</RequestId>
</ErrorResponse>
Would be great if I could know the root cause for this issue.
回答1:
When the user is autheticated it gives an access token and ID token.
The issue occurs when you try to use the access token instead of the ID token.
来源:https://stackoverflow.com/questions/49623703/invalid-login-token-missing-a-required-claim-aud-when-accessing-aws-cognito-as