亚马逊 Cognito 身份验证流程
[英]Amazon Cognito AuthFlow
问题描述
Somewhat of multiple question but,
有点多问题但是,
How does one perform authentication with Amazon Cognito User Pools, in .NET.如何在 .NET 中使用 Amazon Cognito 用户池执行身份验证。 I am initiating the Auth with the following:我正在使用以下内容启动身份验证:
var response1 = client.InitiateAuth(new InitiateAuthRequest()
{
AuthFlow = AuthFlowType.USER_SRP_AUTH,
AuthParameters = new Dictionary<string, string>()
{
{"USERNAME","User" },
{"SRP_A" , A }
},
ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
});
Their documentation is really, really bad, and I can't seem to find what to pass when I want to respond to the challenge.他们的文档非常非常糟糕,当我想应对挑战时,我似乎无法找到通过什么。
client.RespondToAuthChallenge(new RespondToAuthChallengeRequest()
{
ChallengeName = ChallengeNameType.PASSWORD_VERIFIER,
ChallengeResponses = { /*WHAT am I supposed to add here, and where can I find any documnetation on what is expected?*/ },
Session = response1.Session,
ClientId = "xxxxxxxxxxxxx"
});
On a side note, I want to use Cognito Federated Identities to protected a custom .Net API, so my idea is to use a Token returned by Cognito to pass as the JWT to the webapi side, where I would then decode and validate the token.附带说明一下,我想使用 Cognito Federated Identities 来保护自定义 .Net API,所以我的想法是使用 Cognito 返回的令牌作为 JWT 传递到 webapi 端,然后我将在那里解码和验证令牌. Is this a expected way to use Amazon Cognito for?这是使用 Amazon Cognito 的预期方式吗? (I don't want to use amazon API gateway, for now at least). (至少现在我不想使用亚马逊 API 网关)。
I am assuming its just configuring OWIN with a default JWT middleware, or should I expected something else?我假设它只是使用默认的 JWT 中间件配置 OWIN,或者我应该期待其他什么?
3 个解决方案
解决方案1
0 已采纳 2017-01-16 19:16:13
The developer guide touches on what needs to go into the request for both initiate auth and respond to auth challenge. 开发人员指南涉及启动身份验证和响应身份验证挑战的请求需要进行的操作。
You will likely find it easier to offload the srp authentication to Cognito with the AdminInitiateAuth API (detailed in the same link), which will fill in these blanks for you. 您可能会发现使用AdminInitiateAuth API(在同一链接中详细说明)将srp身份验证卸载到Cognito更容易,这将为您填写这些空白。
The mobile SDKs have wrappers around SRP authentication for you, which help fill in these parameters, but other SDKs have no such features in place. 移动SDK为您提供了围绕SRP身份验证的包装器,这有助于填写这些参数,但其他SDK没有这样的功能。 You could use the code for the SDKs (all of which live in GitHub) to fill in things like SRP_A, but you'll likely find it far easier to just use AdminInitiateAuth. 您可以使用SDK的代码(所有这些代码都存在于GitHub中)来填充SRP_A之类的内容,但您可能会发现使用AdminInitiateAuth要容易得多。
解决方案2
0 2017-02-03 17:26:01
This guy here describes how to do the SRP calculations in a .NET app. 这里的人介绍了如何在.NET应用程序中进行SRP计算。 I had to add some logic to update the temp passwords issued when creating users in console, but other than that it works like a charm 我不得不添加一些逻辑来更新在控制台中创建用户时发出的临时密码,但除此之外它就像一个魅力
AWS Cognito SRP Login in C# / .NET AWS Cognito SRP使用C#/ .NET登录
解决方案3
0 2021-09-01 19:49:35
Here's an example of using RespondToAuthChallengeAsync 's ChallengeResponses这是使用RespondToAuthChallengeAsync的ChallengeResponses的示例
var RespondToAuthChallengeRequest = new RespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.PASSWORD_VERIFIER,
ClientId = "appClientId",
ChallengeResponses = new Dictionary<string, string>
{
{ "USERNAME", username },
{ "NEW_PASSWORD", password }
},
Session = response1.Session
};
var respondToAuthChallengeResponse = await client
.RespondToAuthChallengeAsync(respondToAuthChallengeRequest);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.