I have an Android app using Amplify Auth. I am able to use guest access and secret keys, but not the session token. Postman requires a session token when using temporary credentials.
As per the Amplify documentation, I use this code to get the keys:
Amplify.Auth.fetchAuthSession(
result -> {
Log.i(TAG, "inside getGuestCredentials()...result....." + result.toString());
AWSCognitoAuthSession cognitoAuthSession = (AWSCognitoAuthSession) result;
Log.i(TAG, "Is user signed in: " + cognitoAuthSession.isSignedIn());
switch (cognitoAuthSession.getIdentityId().getType()) {
case SUCCESS:
Log.i(TAG, "Guest IdentityId: " + cognitoAuthSession.getIdentityId().getValue());
Log.i(TAG, "Guest access key: " + cognitoAuthSession.getAWSCredentials().getValue().getAWSAccessKeyId());
Log.i(TAG, "Guest secret key: " + cognitoAuthSession.getAWSCredentials().getValue().getAWSSecretKey());
String sessionToken = ((AWSSessionCredentials) mobileClient.getCredentials()).getSessionToken();
Log.i(TAG, "Guest sessionToken: " + sessionToken);
break;
case FAILURE:
Log.i(TAG, "failure Guest IdentityId not present because: " + cognitoAuthSession.getIdentityId().getError().toString());
break;
default:
Log.i(TAG, "default guest session: " + cognitoAuthSession.toString());
break;
}
},
error -> Log.i(TAG, error.toString())
);
I then use an instance of AWSMobileClient (which I get using the escape hatch)
to get a session token.
This worked for a while, but suddenly I started getting this 403 message:
"Message": "User: arn:aws:sts::xxxxxx:assumed-role/amplify-xxxxxx-unauthRole/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:xxxxxyyyyyyzzzz"
How can I get the session token?