I'm trying to get the session tokens of an user of a website using Cognito from a python script (boto3, warrant).
My code:
boto3.set_stream_logger('botocore', level='DEBUG')
aws = AWSSRP(username=USERNAME, password=PASSWORD, pool_id=POOL_ID,
client_id=CLIENT_ID, pool_region=POOL_REGION)
tokens = aws.authenticate_user()
Just as easy as that. I have the Pool ID and region, the client ID and the user/password combination. This output this error:
2019-12-22 22:31:11,958 botocore.endpoint [DEBUG] Setting cognito-idp timeout as (60, 60)
2019-12-22 22:31:11,960 botocore.loaders [DEBUG] Loading JSON file: X/lib/python3.7/site-packages/botocore/data/_retry.json
2019-12-22 22:31:11,961 botocore.client [DEBUG] Registering retry handlers for service: cognito-idp
<warrant.aws_srp.AWSSRP object at 0x109482438>
2019-12-22 22:31:11,985 botocore.hooks [DEBUG] Event before-parameter-build.cognito-identity-provider.InitiateAuth: calling handler <function generate_idempotent_uuid at 0x109ea9378>
2019-12-22 22:31:11,985 botocore.hooks [DEBUG] Event before-call.cognito-identity-provider.InitiateAuth: calling handler <function inject_api_version_header_if_needed at 0x109eacd08>
2019-12-22 22:31:11,985 botocore.endpoint [DEBUG] Making request for OperationModel(name=InitiateAuth) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'X-Amz-Target': 'AWSCognitoIdentityProviderService.InitiateAuth', 'Content-Type': 'application/x-amz-json-1.1', 'User-Agent': 'Boto3/1.10.44 Python/3.7.2 Darwin/18.2.0 Botocore/1.13.44'}, 'body': b'{"AuthFlow": "USER_SRP_AUTH", "AuthParameters": {"USERNAME": "X", "SRP_A": "Y"}, "ClientId": "Y"}', 'url': 'https://cognito-idp.eu-west-1.amazonaws.com/', 'context': {'client_region': 'eu-west-1', 'client_config': <botocore.config.Config object at 0x10b195a90>, 'has_streaming_input': False, 'auth_type': None}}
2019-12-22 22:31:11,985 botocore.hooks [DEBUG] Event request-created.cognito-identity-provider.InitiateAuth: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x10b195a58>>
2019-12-22 22:31:11,986 botocore.hooks [DEBUG] Event choose-signer.cognito-identity-provider.InitiateAuth: calling handler <function set_operation_specific_signer at 0x109ea9268>
Traceback (most recent call last):
File "/Users/alberto/PycharmProjects/TravelRadarB/test.py", line 34, in <module>
tokens = aws.authenticate_user()
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/warrant/aws_srp.py", line 206, in authenticate_user
ClientId=self.client_id
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/client.py", line 573, in _make_api_call
operation_model, request_dict, request_context)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/client.py", line 592, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/endpoint.py", line 102, in make_request
return self._send_request(request_dict, operation_model)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/endpoint.py", line 132, in _send_request
request = self.create_request(request_dict, operation_model)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/endpoint.py", line 116, in create_request
operation_name=operation_model.name)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/hooks.py", line 356, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/hooks.py", line 228, in emit
return self._emit(event_name, kwargs)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/hooks.py", line 211, in _emit
response = handler(**kwargs)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/signers.py", line 90, in handler
return self.sign(operation_name, request)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/signers.py", line 163, in sign
auth.add_auth(request)
File "/Users/alberto/VirtualEnvs/TravelRadar/lib/python3.7/site-packages/botocore/auth.py", line 357, in add_auth
.
.
.
raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials
The workaround I found was to use warrant (AWSSRP) to generate the SRP_A key and process the Cognito challenges without having to dive too deep in the code, and just used both making my own requests to Cognito API, trying to replicate the chrome-cognito requests. Is not a real solution to the problem but it do the work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.