确认设备上的 AWS Cognito Boto3 错误：给出的设备密钥无效

Question

I have been creating a AWS Cognito flow with Python, Django and Boto3 with MFA enables.我一直在使用启用 MFA 的 Python、Django 和 Boto3 创建 AWS Cognito 流。

My authentication flow is the following:我的身份验证流程如下：

initiate_auth : called on an django rest endpoint initial_auth : 在 django rest 端点上调用

response = client.initiate_auth(
            ClientId=settings.AWS_COGNITO_CLIENT_ID,
            AuthFlow='USER_PASSWORD_AUTH',
            AuthParameters={
                'USERNAME': email,
                'SECRET_HASH': get_secret_hash(email),
                'PASSWORD': password,
            }
        )

if "ChallengeName" in response:
            data["mfa"] = True
            data["session"] = response["Session"]

respond_to_auth_challenge : called on a seperate django rest endpoint response_to_auth_challenge : 在单独的 django rest 端点上调用

response = client.respond_to_auth_challenge(
            ClientId=settings.AWS_COGNITO_CLIENT_ID,
            ChallengeName='SMS_MFA',
            Session=session,
            ChallengeResponses={
                'USERNAME': email,
                'SMS_MFA_CODE': code,
                'SECRET_HASH': get_secret_hash(email),
            }
        )

based on this post I wanted to implement the confirm device so MFA is skipped upon next login.基于这篇文章，我想实现确认设备，以便在下次登录时跳过 MFA。 So after the respond to auth challenge I have this code:因此，在响应身份验证挑战后，我有以下代码：

device_key = response['AuthenticationResult']['NewDeviceMetadata']['DeviceKey']
        device_group_key = response['AuthenticationResult']['NewDeviceMetadata']['DeviceGroupKey']

        device_password, device_secret_verifier_config = generate_hash_device(device_group_key, device_key)

        device = client.confirm_device(
            AccessToken=response["AuthenticationResult"]["AccessToken"],
            DeviceKey=device_key,
            DeviceSecretVerifierConfig=device_secret_verifier_config,
            DeviceName=email
        )

But I always get the但我总是得到

Unknown error An error occurred (InvalidParameterException) when calling the ConfirmDevice operation: Invalid device key given.未知错误调用 ConfirmDevice 操作时发生错误 (InvalidParameterException)：给定的设备密钥无效。

Can anyone help on why this happens?任何人都可以帮助解释为什么会发生这种情况吗？

Answer 1

So I found a something that worked for me.所以我找到了一个对我有用的东西。

In your challange response, you need to pass the username from the response for the initial_auth在您的挑战响应中，您需要为initial_auth传递响应中的用户名

In your code that should be stored at response["Username"]在您的代码中应该存储在response["Username"]

then when calling the respond_to_auth_challenge you will use this parameter然后在调用respond_to_auth_challenge您将使用此参数


response = client.respond_to_auth_challenge(
            ClientId=settings.AWS_COGNITO_CLIENT_ID,
            ChallengeName='SMS_MFA',
            Session=session,
            ChallengeResponses={
                'USERNAME': username, // response["Username"] <--------
                'SMS_MFA_CODE': code,
                'SECRET_HASH': get_secret_hash(email),
            }
        )

I wish it was better documented on AWS or they would have at least a better error message.我希望它在 AWS 上有更好的记录，否则他们至少会有更好的错误消息。

That solved the problem for me.那为我解决了问题。

确认设备上的 AWS Cognito Boto3 错误：给出的设备密钥无效

问题描述

1 个解决方案

解决方案1
0 2020-11-23 16:48:59

确认设备上的 AWS Cognito Boto3 错误：给出的设备密钥无效

问题描述

1 个解决方案

解决方案1 0 2020-11-23 16:48:59

解决方案1
0 2020-11-23 16:48:59