I've created a REST API as part of an Amplify project. In order to retrieve the authenticated user's username, I attempt to retrieve the full user object from Cognito:
const IDP_REGEX = /.*/.*,(.*)/(.*):CognitoSignIn:(.*)/;
const authProvider =
req.apiGateway.event.requestContext.identity
.cognitoAuthenticationProvider;
const [, , , userId] = authProvider.match(IDP_REGEX);
const cognito = new AWS.CognitoIdentityServiceProvider();
const listUsersResponse = await cognito
.listUsers({
UserPoolId: process.env.AUTH_LAMBDAUSER********_USERPOOLID,
Filter: `sub = "${userId}"`,
Limit: 1,
})
.promise();
const user = listUsersResponse.Users[0];
I've granted full auth permissions via the Amplify CLI, and verified in the cloudformation template.
When I invoke the API via my React app, the lambda can retrieve the relevant user record about half the time. The rest of the time, an UnrecognizedClientException is thrown.
UnrecognizedClientException: The security token included in the request is invalid.
Client POST reqest:
const params = {
body : {"myParam": value}
}
API.post('********', '/publish', params)
.then((res)=>{
// do something
})
.catch(error => {
// handle error
});
Why would this error occur only sometimes? From the request headers in my logs, I can see examples where the security token remains unchanged across multiple identical calls, but the exception gets thrown only every other attempt.
question from:
https://stackoverflow.com/questions/65866103/aws-cognito-intermittent-invalid-security-token-in-lambda 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
