如何在 WinUI 3 應用程序中獲取 AccessToken 或 Session 字符串以啟動 AWS Cognito MFA 的設置

Question

我正在構建 WinUI 3 桌面應用程序，它使用 AWS Cognito 進行用戶注冊/登錄，在創建用戶后嘗試實施 MFA 設置時遇到了問題。

根據 AWS 文檔，我需要使用AssociateSoftwareTokenRequest參數調用AssociateSoftwareToken並設置其“訪問令牌”或“會話字符串”屬性來授權請求​​：

https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/CognitoIdentityProvider/MCognitoIdentityProviderAssociateSoftwareTokenAsyncAssociateSoftwareTokenRequestCancellationToken.html

https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/CognitoIdentityProvider/TAssociateSoftwareTokenRequest.html

我的問題是 - 如何從我之前的登錄請求中獲取 AccessToken 或 Session 字符串，然后在 WinUi 3 桌面應用程序中授權AssociateSoftwareToken ？

我搜索並閱讀了 AWS 和 MS 文檔，但在這方面找不到任何有用的信息。

我的代碼片段：

1. 用戶登錄方式：

        try
        {
            AmazonCognitoIdentityProviderClient provider = new(new AnonymousAWSCredentials(), FallbackRegionFactory.GetRegionEndpoint())
            CognitoUserPool cognitoUserPool = new(poolID, clientID, provider);
            CognitoUser cognitoUser = new(username, clientID, cognitoUserPool, provider);
            InitiateSrpAuthRequest authRequest = new()
            {
                Password = password
            };
            AuthFlowResponse authFlowResponse = await cognitoUser.StartWithSrpAuthAsync(authRequest).ConfigureAwait(false);

            if (authFlowResponse.AuthenticationResult is null)
            {  
                if (authFlowResponse.ChallengeName == ChallengeNameType.MFA_SETUP)
                {
                   //At this point I need AccessToken or Session string to to call CognitoSetUpTOTPMFAAsync(string accessToken) to trigger MFA setup...
                }
                .
                //remaining implementation
                .
            }
            return ...
        }
        catch (Exception e)
        {
            return ...
        }

2. CognitoSetUpTOTPMFAAsync（字符串 accessToken 或字符串 sessionString）

        try
        {
            
            AmazonCognitoIdentityProviderClient provider = new(new AnonymousAWSCredentials(), FallbackRegionFactory.GetRegionEndpoint());
            AssociateSoftwareTokenRequest associateSoftwareTokenRequest = new()
            {
                AccessToken = accessToken,
                Session = sessionString               
            };
            AssociateSoftwareTokenResponse associateSoftwareTokenResponse = await provider.AssociateSoftwareTokenAsync(associateSoftwareTokenRequest);
            .
            //remaining implementation
            .
            return ...
        }
        catch (Exception)
        {
            return ...
        }

Answer 1

結果表明，在AuthFlowResponse對象中的初始登錄請求后，作為SessionID參數返回了所需的“會話字符串”。 它包含在 Cognito 的每個響應中，可用於提供連續請求。

將此添加到我的代碼中：

...
AuthFlowResponse authFlowResponse = await cognitoUser.StartWithSrpAuthAsync(authRequest);
var sessionId = authFlowResponse.SessionID;
...

然后將sessionId提供給 MFA 設置AssociateSoftwareTokenRequest請求：

...
AssociateSoftwareTokenRequest associateSoftwareTokenRequest = new()
   {
   Session = sessionId                
   };
AssociateSoftwareTokenResponse associateSoftwareTokenResponse = await provider.AssociateSoftwareTokenAsync(associateSoftwareTokenRequest);
...

然后associateSoftwareTokenResponse包含SecretCode值，用於向身份驗證器應用程序注冊。