I have an mobile app with user pool (username & password). The app works fine with aws-amplify sdk. But, wanted to move the code out to Lambdas. So, I have written the following Lambda using Boto3.
Here is Lambda:
import boto3
def lambda_handler(event, context):
client = boto3.client('cognito-idp')
response = client.initiate_auth(
ClientId='xxxxxxxxxxxxxx',
AuthFlow='USER_PASSWORD_AUTH',
AuthParameters={
'USERNAME': 'xxxxxx',
'PASSWORD': 'xxxxxx'
}
)
return response
Tried admin_initiate_auth too.
import boto3
def lambda_handler(event, context):
client = boto3.client('cognito-idp')
response = client.initiate_auth(
UserPoolId='xxxxxxxxx',
ClientId='xxxxxxxxxxxxxx',
AuthFlow='USER_PASSWORD_AUTH',
AuthParameters={
'USERNAME': 'xxxxxx',
'PASSWORD': 'xxxxxx'
}
)
return response
Here is the error the I get.
An error occurred (InvalidParameterException) when calling the InitiateAuth operation: USER_PASSWORD_AUTH flow not enabled for this client: InvalidParameterException Traceback (most recent call last):
File "/var/task/lambda_function.py", line 12, in lambda_handler 'PASSWORD': 'xxxxx' File "/var/runtime/botocore/client.py", line 317, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 615, in _make_api_call raise error_class(parsed_response, operation_name) InvalidParameterException: An error occurred (InvalidParameterException) when calling the InitiateAuth operation: USER_PASSWORD_AUTH flow not enabled for this client
Any thoughts?
Figured it. I have goto user pool - > app clients - >show details -> Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH).
That fixed it.
Figured it. I have goto user pool - > app clients - >show details -> Enable username password auth for admin APIs for authentication (ALLOW_ADMIN_USER_PASSWORD_AUTH).
For me I found that my credentials needed a hmac here is the class in case it is useful to someone.
import boto3
import boto3.session
import hmac, base64, hashlib
from botocore.client import ClientMeta
class AwsAuth(object):
'''
classdocs
'''
def gettoken(self):
if self.token:
return self.token
else:
return False
def connect(self):
if not self.username:
self.username = raw_input("Username: ")
if not self.password:
self.password = raw_input("Password: ")
digest = self.gethmacdigest(self.username)
response = self.client.initiate_auth(
ClientId=self.clientid,
AuthFlow='USER_PASSWORD_AUTH',
AuthParameters={
'USERNAME': self.username,
'PASSWORD': self.password,
'SECRET_HASH': digest
},
ClientMetadata={
'UserPoolId': self.userpoolid
}
)
self.token = response
return response
def gethmacdigest(self, username):
message = username + self.clientid
dig = hmac.new(self.clientsecret, msg=message.encode('UTF-8'), digestmod=hashlib.sha256).digest()
return base64.b64encode(dig).decode()
def __init__(self, path, url, fileout, filein, userpoolid, clientid, clientsecret, region, username = None, password = None):
'''
Constructor
'''
#boto3.set_stream_logger('botocore', level="DEBUG")
self.path = path
self.url = url
self.fileout = fileout
self.filein = filein
self.userpoolid = userpoolid
self.clientid = clientid
self.clientsecret = clientsecret
self.region = region
self.token = ""
boto3.setup_default_session(region_name=region)
self.client = boto3.client('cognito-idp')
if username is not None:
self.username = username
else:
self.username = None
if password is not None:
self.password = password
else:
self.password = None
Figured it out after many attempts. Here is my solution
App Clients
option on the left panel. It will show you available clientsShow Details
for your desired app client. And then in the Auth Flows Configuration
section make sure Enable username password based authentication (ALLOW_USER_PASSWORD_AUTH)
is checked.For more details on the API refer to this link InitiateAuth
I figured it out.Inspite of AuthFlow pass ExplicitAuthFlows then it should work. `
import boto3
def lambda_handler(event, context):
client = boto3.client('cognito-idp')
response = client.initiate_auth(
UserPoolId='xxxxxxxxx',
ClientId='xxxxxxxxxxxxxx',
ExplicitAuthFlows='USER_PASSWORD_AUTH',
AuthParameters={
'USERNAME': 'xxxxxx',
'PASSWORD': 'xxxxxx'
}
)
return response
`
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.