1 year ago

#252698

test-img

Ronnie

Android AWS Kinesis Video Stream: Access to Identity 'us-east-1:xxxxxx' is forbidden

I am trying to connect my app with the AWS Kinesis Video Stream console. I take this aws document as a reference and try to run this official sample app. But every time I try to stream video, app crashes with a NotAuthorizedException exception where Access to Identity 'us-east-1:xxxx' is forbidden is the root cause of the issue. This is the logcat crash report.

2022-03-04 20:12:03.378 1034-1034/com.amazonaws.kinesisvideo.demoapp E/KinesisVideoAndroidClient: 2022-03-04T20:12Z T2: EXCEPTION: ExecutionException: Awaiting for the credentials update threw an exception: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Access to Identity 'us-east-1:0axxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxbff' is forbidden. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 44739d62-17b9-4aef-b88d-bc72a23da744)
2022-03-04 20:12:03.380 1034-1034/com.amazonaws.kinesisvideo.demoapp W/KinesisVideoClientWrapper: getAuthInfo(): Failed to get the object for the AuthInfo object. methodId �
2022-03-04 20:12:03.380 1034-1034/com.amazonaws.kinesisvideo.demoapp W/KinesisVideoClient: createKinesisVideoClient(): operation returned status code: 0x00000002
2022-03-04 20:12:03.380 1034-1034/com.amazonaws.kinesisvideo.demoapp I/KinesisVideoClientWrapper: throwNativeException(): Had to clear a pending exception found when throwing "Failed to create Kinesis Video client." (code 0x2)
2022-03-04 20:12:03.380 1034-1034/com.amazonaws.kinesisvideo.demoapp D/KinesisVideoClientWrapper: throwNativeException(): Throwing com/amazonaws/kinesisvideo/producer/ProducerException with message: Failed to create Kinesis Video client.
2022-03-04 20:12:03.394 1034-1034/com.amazonaws.kinesisvideo.demoapp E/StreamConfigurationFragment: Failed to create Kinesis Video client
    com.amazonaws.kinesisvideo.producer.ProducerException: Failed to create Kinesis Video client. StatusCode: 0x2
        at com.amazonaws.kinesisvideo.internal.producer.jni.NativeKinesisVideoProducerJni.createKinesisVideoClient(Native Method)
        at com.amazonaws.kinesisvideo.internal.producer.jni.NativeKinesisVideoProducerJni.create(NativeKinesisVideoProducerJni.java:235)
        at com.amazonaws.kinesisvideo.internal.producer.jni.NativeKinesisVideoProducerJni.createSync(NativeKinesisVideoProducerJni.java:247)
        at com.amazonaws.kinesisvideo.internal.producer.jni.NativeKinesisVideoProducerJni.createSync(NativeKinesisVideoProducerJni.java:212)
        at com.amazonaws.kinesisvideo.internal.client.NativeKinesisVideoClient.initializeNewKinesisVideoProducer(NativeKinesisVideoClient.java:219)
        at com.amazonaws.kinesisvideo.internal.client.NativeKinesisVideoClient.initialize(NativeKinesisVideoClient.java:136)

I also have noticed that somehow Identity id is different than mine in logcat. I don't know where this us-east-1:0axxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxbff is coming from. This is my awsconfiguration.json:

{
  "Version": "1.0",
  "CredentialsProvider": {
    "CognitoIdentity": {
      "Default": {
        "PoolId": "us-east-1:5dxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx446",
        "Region": "us-east-1"
      }
    }
  },
  "IdentityManager": {
    "Default": {}
  },
  "CognitoUserPool": {
    "Default": {
      "AppClientSecret": "xxxxxxxxxxxxxxxxx...",
      "AppClientId": "xxxxx...",
      "PoolId": "us-east-1_xxxxxxxxx",
      "Region": "us-east-1"
    }
  }
}

Part of the code where I initialise KVS and the exception gets thrown:

try {
    mKinesisVideoClient = KinesisVideoAndroidClientFactory.createKinesisVideoClient(
            getActivity(),
            KinesisVideoDemoApp.KINESIS_VIDEO_REGION,
            KinesisVideoDemoApp.getCredentialsProvider());
} catch (KinesisVideoException e) {
    Log.e(TAG, "Failed to create Kinesis Video client", e);
}

getCredentialsProvider():

public class KinesisVideoDemoApp extends Application {

    public static Regions KINESIS_VIDEO_REGION = Regions.US_EAST_1;

    public static AWSCredentialsProvider getCredentialsProvider() {
        return AWSMobileClient.getInstance();
    }
    ...
}

Initially, as the key is different in logcat I thought the default AWSMobileClient.getInstance() is flickering between two identity poles. So I manually tried to access it with the exact key but the result is the same:

try {
    mKinesisVideoClient = KinesisVideoAndroidClientFactory.createKinesisVideoClient(
            getActivity(),
            KinesisVideoDemoApp.KINESIS_VIDEO_REGION,
            new CognitoCachingCredentialsProvider(
                getApplicationContext(),
                "us-east-1:5dxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx446",
                Regions.US_EAST_1)
    );
} catch (KinesisVideoException e) {
    Log.e(TAG, "Failed to create Kinesis Video client", e);
}

As usual, I tried to surf the internet looking for a solution. I take this SlackOverFlow and this Github as a reference and tried all the possible solutions. I make sure:

-> I have the right user pool id and app client id in my identity Authentication Provider Coginito section.

-> Cross verified the signed-up user is listed in user pool.

-> Have the right set of roles both the UnAuth and Auth with right policy in identity pool settings.

Nothing really worked for me. Any kind of help is appreciated! Thank you!

android

amazon-web-services

amazon-kinesis

amazon-kinesis-video-streams

aws-identitypools

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs