我正在尝试使用客户端证书通过AWS Cognito获取访问令牌,但还有其他要求。
我正在wso2 Enterprise integrator 6.1.0中执行此操作
<payloadFactory media-type="xml">
<format>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/1999/XMLSchema/instance">
<soapenv:Header>
<Content-Type xmlns="">$1</Content-Type>
<Authorization xmlns="">$2</Authorization>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
</format>
<args>
<arg evaluator="xml" value="application/x-www-form-urlencoded"/>
<arg value="Basic 2354sdfmdtrerkdfdgkeryryrtwdasr345345twsdfwsedtr34"/>
</args>
</payloadFactory>
<log level="full"/>
<property name="DISABLE_CHUNKING" scope="axis2" type="STRING" value="true"/>
<endpoint key="validateUser-ext-ep"/>
</call>
<log level="full"/>
在此之后,我得到的响应是这样的:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<ns:binary xmlns:ns="http://ws.apache.org/commons/ns/payload">PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbiYWNrZ3JvdW5kLWN1c3RvbWl6YWJsZSBtb2RhbC1jb250ZW50LW1vYmlsZSI+CiAgICAgICAgICAgICAgICA8ZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImJhbm5lci1jdXN0b21pemFibGUiPgogICAgICAgICAgICAgICAgICAgICAgICA8Y2VudGVyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgIDwvY2VudGVyPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJtb2RhbC1ib2R5Ij4KICAgICAgICAgICAgICAgICAgICA8cCBhbGlnbj0iY2VudGVyIj5BbiBlcnJvciB3YXMgZW5jb3VudGVyZWQgd2l0aCB0aGUgcmVxdWVzdGVkIHBhZ2UuPC9wPgogICAgICAgICAgICAgICAgICAgIDxicj4KICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2JvZHk+Cgo8L2h0bWw+Cg==</ns:binary>l
</soapenv:Body>
</soapenv:Envelope>
[我不知道我做错了什么,因为在邮递员中,我以获取令牌的相同方式发送数据,我以Authrization base64 endcoded(client:client_secret)和Basic dfudne4r49859dfnw34598sdfs的形式传递了Content-Type : application/x-www-form-urlencoded在标头和参数中,我为此传递了grant_type: client_credential,我能够获得令牌,但是当我在wso2 esb中尝试时,出现了以上错误端点看起来像:https://xxxxxxxxxx.us-east-1.amazoncognito.com/oauth2/token?grant_type=client_credentials
这是获取访问令牌的API,它返回访问令牌
<?xml version="1.0" encoding="UTF-8"?>
<api context="/api/myService" name="my-service-api" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="POST" uri-template="/getToken">
<inSequence>
<script language="js"><![CDATA[var payload = mc.getPayloadXML();
var log = mc.getServiceLog();
var client_id = payload..*::client_id.toString();
var client_secret = payload..*::client_secret.toString();
mc.setProperty("client_id", client_id);
mc.setProperty("client_secret", client_secret);]]>
</script>
<payloadFactory media-type="json">
<format/>
<args/>
</payloadFactory>
<property name="ContentType" scope="axis2" type="STRING" value="application/x-www-form-urlencoded"/>
<property expression="fn:concat($ctx:client_id,':',$ctx:client_secret)" name="credentials" scope="default" type="STRING"/>
<property expression="fn:concat('Basic ', base64Encode($ctx:credentials))" name="Authorization" scope="transport" type="STRING" xmlns:ns="http://org.apache.synapse/xsd"/>
<property name="FORCE_POST_PUT_NOBODY" scope="axis2" type="BOOLEAN" value="true"/>
<property name="DISABLE_CHUNKING" scope="axis2" type="STRING" value="true"/>
<call>
<endpoint>
<http method="post" uri-template="https://xxxxxxxxxxx.amazoncognito.com/oauth2/token?grant_type=client_credentials"/>
</endpoint>
</call>
<respond/>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>
像这样调用上面的API:
<payloadFactory media-type="xml">
<format>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header/>
<soapenv:Body>
<root>
<client_id>$1</client_id>
<client_secret>$2</client_secret>
</root>
</soapenv:Body>
</soapenv:Envelope>
</format>
<args>
<arg evaluator="xml" expression="get-property('client_id')"/>
<arg evaluator="xml" expression="get-property('client_secret')"/>
</args>
</payloadFactory>
<property name="ContentType" scope="default" type="STRING" value="application/xml"/>
<property action="remove" name="REST_URL_POSTFIX" scope="axis2"/>
<call>
<endpoint>
<http method="post" uri-template="http://localhost:8280/api/myService/getToken"/>
</endpoint>
</call>
<script language="js">
<![CDATA[ var tokenContainer = mc.getPayloadJSON();
var log = mc.getServiceLog();
mc.setProperty("Authorization_header", tokenContainer.access_token);]]>
</script>
响应将是
{"access_token":"LzSq94JoaUT2LwJlkEl35CXX0MdwqtUKIL8Wvi7dm4SqcSofR4xF5xBZre83MZXpHOr-Hg","expires_in":360,"token_type":"Bearer"}
在最后一个脚本介体中,您可以通过mc.getPayloadJSON()来获取令牌访问令牌,这将产生与上面的shwon相同的响应