gpt4 book ai didi

amazon-web-services - 使用 Amazon Cognito 进行手动身份验证

转载 作者:行者123 更新时间:2023-12-05 01:12:46 27 4
gpt4 key购买 nike

我知道两种方法可以作为用户进行身份验证并获取 access token,一种是通过 Hosted UI ,另一种是通过 various provided SDKs

我正在寻找的是一个端点直接使用用户凭据获取 access token

POST https://that-special-endpoint.com/login
{
username: "example@email.com",
password: "Abc123456",
...client ID, etc.
}

我已经搜索了一段时间,但找不到如何执行此操作。由于一些我不知道的安全问题,这不可能吗?

我确实考虑过创建一个 Lambda API 并使用 Cognito SDK 来满足我的用例,但我不确定这是否可取...

最佳答案

回答了类似的问题 here .您可以访问 https://cognito-idp.[region].amazonaws.com/ 以调用 InitiateAuthRespondToAuthChallenge API。


启动验证


  1. 创建一个json文件,aws-auth-data.json
{
"AuthParameters": {
"USERNAME": "your-email@example.com",
"PASSWORD": "your-first-password",
"SECRET_HASH": "......(required if the app client is configured with a client secret)"
},
"AuthFlow": "USER_PASSWORD_AUTH",
"ClientId": "5m........................"
}
  1. https://cognito-idp.us-east-2.amazonaws.com/ 上发送请求(如果用户池位于 us-east-2 region) 调用 InitiateAuth API 并启动身份验证流程。
curl -X POST --data @aws-auth-data.json \
-H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \
-H 'Content-Type: application/x-amz-json-1.1' \
https://cognito-idp.us-east-2.amazonaws.com/
  1. 然后你会得到用户的 token 。
{
"AuthenticationResult": {
"AccessToken": "eyJra........",
"ExpiresIn": 3600,
"IdToken": "eyJra........",
"RefreshToken": "eyJjd........",
"TokenType": "Bearer"
},
"ChallengeParameters": {}
}

RespondToAuthChallenge


您可能会收到一个挑战作为 InitiateAuth 响应。例如,当您第一次尝试“InitiateAuth”时,系统会要求您更改密码:

{
"ChallengeName": "NEW_PASSWORD_REQUIRED",
"ChallengeParameters": {
"USER_ID_FOR_SRP": "abababab-......",
"requiredAttributes": "[]",
"userAttributes": "{\"email_verified\":\"true\",\"email\":\"your-email@example.com\"}"
},
"Session": "DNdY......"
}

在这种情况下,使用 RespondToAuthChallenge 更改密码,您将获得 token 。

{
"ChallengeName": "NEW_PASSWORD_REQUIRED",
"ChallengeResponses": {
"USERNAME": "your-email@example.com",
"NEW_PASSWORD": "your-second-password"
},
"ClientId": "5m........................",
"Session": "DNdYN...(what you got in the preceding response)"
}
curl -X POST --data @aws-change-password.json \
-H 'X-Amz-Target: AWSCognitoIdentityProviderService.RespondToAuthChallenge' \
-H 'Content-Type: application/x-amz-json-1.1' \
https://cognito-idp.us-east-2.amazonaws.com/

另见:

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html

https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-client-side-authentication-flow

关于amazon-web-services - 使用 Amazon Cognito 进行手动身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61528968/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com