I'm currently grabbing the idToken from an authenticated cognito user to use as credentials for making a s3Client command.
I receive the idToken which looks correct when decoded, and pass it to new CognitoIdentityClient but when I reach the s3Client.send command I get this error:
NotAuthorizedException: Token is not from a supported provider of this identity pool.
I've checked that the User Pool ID and App Client Id connected to the identity pool is correct.
other solutions did not quite help.
My code:
const session = await Auth.currentSession();
const idToken = session.getIdToken().getJwtToken();
if (idToken) {
const credentials = fromCognitoIdentityPool({
client: new CognitoIdentityClient({ region: "eu-central-1" }),
identityPoolId: "eu-central-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
logins: {
'cognito-idp.eu-central-1.amazonaws.com/eu-central-1_xxxxxxxxx': idToken,
},
});
const s3Client = new S3Client({ credentials, region: "eu-central-1" });
s3Client
.send(
new GetObjectCommand({
Bucket: "MY_BUCKET",
Key: "MY_KEY",
}),
)
.then((response) => {
console.log(response);
})
.catch((error) => {
console.log(error);
});
}
and package.json:
"dependencies": {
"@aws-amplify/ui-react": "^4.3.6",
"@aws-sdk/client-cognito-identity": "^3.278.0",
"@aws-sdk/client-s3": "^3.278.0",
"@aws-sdk/credential-provider-cognito-identity": "^3.278.0",
"aws-amplify": "^5.0.12",
"aws-sdk": "^2.1322.0",
"dotenv": "^16.0.3",
"i": "^0.3.7",
"npm": "^9.4.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-scripts": "5.0.1",
"typescript": "^4.9.5",
"web-vitals": "^2.1.4"
},