1、AWS4-HMAC-SHA256 是 sigV4 的签名。是 API gateway 生成的。并不想天泽说的那样,是 decode 出来的。所以,在 java client 里,在 input 里添加 accessToken 是没用的。需要在 header.authorizaiton 里加 JWT token 才行。
2024-11-13T14:40:16.724Z daf72e9a-b765-4bce-9d88-cbfe0e50d256 INFO Client token: AWS4-HMAC-SHA256 CredentialASIAQ3EGQJWRXQHAOF3N20241113us-west-2execute-apiaws4_request, SignedHeadersaccesstokenamz-sdk-invocation-idamz-sdk-requesthostx-amz-datex-amz-security-token, Signature2bdc47a537428e069bda448b0f807c7f9bb15e0505c689f887316043cde5f2d0
附录:
package com.amazon.gmconnectservice.test111;
import com.amazon.gmconnectservice.GMConnectServiceClient;
import com.amazon.gmconnectservice.GMConnectServiceConfigurationProvider;
import com.google.inject.AbstractModule;
import com.google.inject.Provides;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.services.gmconnect.GmConnectClient;
import software.amazon.awssdk.services.gmconnect.endpoints.GmConnectEndpointParams;
import java.net.URI;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import software.amazon.awssdk.services.gmconnect.model.Action;
import software.amazon.awssdk.services.gmconnect.model.GenerateAccessTokenRequest;
import software.amazon.awssdk.services.gmconnect.model.GenerateAccessTokenResponse;
import software.amazon.awssdk.services.gmconnect.model.GetCaseRequest;
import software.amazon.awssdk.services.gmconnect.model.GetCaseResponse;
import software.amazon.awssdk.services.gmconnect.model.Principal;
import software.amazon.awssdk.services.gmconnect.model.Resource;
import software.amazon.awssdk.services.gmconnect.model.ResourceType;
import software.amazon.awssdk.services.gmconnect.model.Scope;
public class GetActivityTest extends BaseTest {
public static final String STAGE = "Stage";
public static final String REGION = "AWS_REGION";
GmConnectClient serviceClient = provideGmConnectClient("", "", null);
@Provides
@Singleton
public GmConnectClient provideGmConnectClient(
@Named(STAGE) String domain,
@Named(REGION) String region,
// @Named("role") String assumeRoleArn,
AwsCredentialsProvider defaultCredentialsProvider) {
// StsClient stsClient =
// StsClient.builder()
// .credentialsProvider(defaultCredentialsProvider)
// .build();
//
// AwsCredentialsProvider credentialsProvider =
// StsAssumeRoleCredentialsProvider.builder()
// .stsClient(stsClient)
// .refreshRequest(
// AssumeRoleRequest.builder()
// .roleArn(assumeRoleArn)
// .roleSessionName("GMConnectServiceHydraTest")
// .build()
// )
// .build();
GmConnectEndpointParams endpointParams =
GMConnectServiceConfigurationProvider.getEndpointConfiguration("beta", "us-west-2");
return GmConnectClient.builder()
.endpointOverride(URI.create(endpointParams.endpoint()))
.region(endpointParams.region())
.credentialsProvider(getAWSCredentialsProvider())
.build();
}
@Provides
@Singleton
public AwsCredentialsProvider getAWSCredentialsProvider() {
return DefaultCredentialsProvider.create();
}
private String accessToken;
@BeforeClass
public void setup() {
// GenerateAccessTokenRequest request = GenerateAccessTokenRequest.builder()
// .subject(Principal.builder().externalUserId("ops1").externalUserType("OPS").build())
// .scopes(Scope.builder()
// .actions(Action.GET_CASE,
// Action.LIST_CASE_CONFIGURATION,
// Action.GET_CASE_CONFIGURATION,
// Action.GET_CASE_TEMPLATE)
// .resource(Resource.builder()
// .resourceType(ResourceType.PARTICIPANT)
// .resourceValue("*").build())
// .build())
// .build();
// GenerateAccessTokenResponse response = serviceClient.generateAccessToken(request);
// accessToken = response.token();
// System.out.println("access token = " + accessToken);
}
@Test
public void getCaseActivityTest() {
GetCaseRequest request = GetCaseRequest.builder()
.caseId("C48882C293A")
.embedWithStrings("sla")
.accessToken("eyJ0eXAiOiJKV1QiLCJhbGciOiJSU0FTU0FfUFNTX1NIQV8yNTYifQ.eyJzdWIiOiJPUFM6b3BzMSIsImlzcyI6IkNvbm5lY3RTeXN0ZW0iLCJDb25uZWN0QWNjZXNzQ2xhaW0iOiJbe1wicmVzb3VyY2VcIjp7XCJyZXNvdXJjZVR5cGVcIjpcIlBBUlRJQ0lQQU5UXCIsXCJyZXNvdXJjZVZhbHVlXCI6W1wiKlwiXX0sXCJhY3Rpb25zXCI6W1wiR2V0Q2FzZVwiLFwiTGlzdENhc2VDb25maWd1cmF0aW9uXCIsXCJHZXRDYXNlQ29uZmlndXJhdGlvblwiLFwiR2V0Q2FzZVRlbXBsYXRlXCJdLFwiY29uZGl0aW9uXCI6bnVsbH1dIiwiZXhwIjoxNzMxNTIyODUxLCJpYXQiOjE3MzE1MDg0NTF9.b5uqSRVr1w5KODosBHOcnw1JtMwncVhuLzWILzU9mfinM-zPzePjLx5hT1oybj8FwX3sIshTjL7f7eC6HZ6IXpx-Udvr5ngoFUVBcdsHnjyylleLQv1ZTnM5dqPv4glXWgHic7CYfItPjtF7UJfw2hF8KicC8XMCtmBkNTv0dcQkf9wOQG-RB43PTrqYsNP8syHZszWTZL5z87AJYhyPFRhS5nJFRpSkvZI5VG38cH1yd9O1GqOJroBkS0w-oBbyJzE32wSz-hf53w9Z3tc13vmiwD7_KAxsLDl20IYfjnAb0eZ5Im5Uyzzr3bqv81uWB7KVo3K5W9qcYA-qsVs9Jg")
.build();
GetCaseResponse response = serviceClient.getCase(request);
System.out.println(response);
}
}转载请注明:牛哥678 » accessToken 问题一则。是 tianze 提出来的问题,他说的 decode 其实不对,那是 IAM role 对应的 token