After successfully obtaining a cognito identity, we then try to get an openIdToken()
AWS.config.credentials.get(function(err) {
if (!err) {
var cognitoIdentity = new AWS.CognitoIdentity();
cognitoIdentity.getOpenIdToken({IdentityId: AWS.config.credentials.identityId}, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
} else {
console.log('cognito error: ' + err);
}
});
However this fails with:
"NotAuthorizedException: Access to Identity 'us-east-1:xxxxx' is forbidden.
Full error trace:
POST https://cognito-identity.us-east-1.amazonaws.com/ 400 (Bad Request)
aws-sdk.min.js:5 [AWS cognitoidentity 400 0.192s 0 retries] getOpenIdToken({IdentityId: 'us-east-1:xxxxx' })
routing.html:64 Error: Access to Identity 'us-east-1:xxxxx' is forbidden.
at a (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:3548)
at r.SequentialExecutor.r.util.inherit.callListeners (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:28594)
at r.SequentialExecutor.r.util.inherit.emit (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:28390)
at a.Request.n.emitEvent (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:16483)
at u.setupStates.e (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:12946)
at r.runTo (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:7:25031)
at https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:7:25238
at null.<anonymous> (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:12982)
at null.<anonymous> (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:16538)
at r.SequentialExecutor.r.util.inherit.callListeners (https://www.example.com/bower_components/aws-sdk-js/dist/aws-sdk.min.js:6:28607) "NotAuthorizedException: Access to Identity 'us-east-1:xxxxx' is forbidden.
