AWS SDK を使用して Amazon Cognito によるトラッキング用の MFA デバイスを確認する - AWSSDK コードサンプル

AWSDocAWS SDKGitHub サンプルリポジトリには、さらに多くの SDK サンプルがあります


AWS SDK を使用して Amazon Cognito によるトラッキング用の MFA デバイスを確認する

次のコード例は、Amazon Cognito により追跡する MFA デバイスを確認する方法を示しています。


他にもありますGitHub。用例一覧を検索し、AWS コード例リポジトリでの設定と実行の方法を確認してください。

/// <summary> /// Initiates and confirms tracking of the device. /// </summary> /// <param name="accessToken">The user's access token.</param> /// <param name="deviceKey">The key of the device from Amazon Cognito.</param> /// <param name="deviceName">The device name.</param> /// <returns></returns> public async Task<bool> ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName) { var request = new ConfirmDeviceRequest { AccessToken = accessToken, DeviceKey = deviceKey, DeviceName = deviceName }; var response = await _cognitoService.ConfirmDeviceAsync(request); return response.UserConfirmationNecessary; }
  • API の詳細については、AWS SDK for .NETAPI ConfirmDeviceリファレンスのを参照してください

SDK for forJavaScript (v3)

他にもありますGitHub。用例一覧を検索し、AWS コード例リポジトリでの設定と実行の方法を確認してください。

const confirmDevice = async ({ deviceKey, accessToken, passwordVerifier, salt }) => { const client = createClientForDefaultRegion(CognitoIdentityProviderClient); const command = new ConfirmDeviceCommand({ DeviceKey: deviceKey, AccessToken: accessToken, DeviceSecretVerifierConfig: { PasswordVerifier: passwordVerifier, Salt: salt }, }); return client.send(command); };
  • API の詳細については、AWS SDK for JavaScriptAPI ConfirmDeviceリファレンスのを参照してください

SDK for Python (Boto3)

他にもありますGitHub。用例一覧を検索し、AWS コード例リポジトリでの設定と実行の方法を確認してください。

class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def confirm_mfa_device( self, user_name, device_key, device_group_key, device_password, access_token, aws_srp): """ Confirms an MFA device to be tracked by Amazon Cognito. When a device is tracked, its key and password can be used to sign in without requiring a new MFA code from the MFA application. :param user_name: The user that is associated with the device. :param device_key: The key of the device, returned by Amazon Cognito. :param device_group_key: The group key of the device, returned by Amazon Cognito. :param device_password: The password that is associated with the device. :param access_token: The user's access token. :param aws_srp: A class that helps with Secure Remote Password (SRP) calculations. The scenario associated with this example uses the warrant package. :return: True when the user must confirm the device. Otherwise, False. When False, the device is automatically confirmed and tracked. """ srp_helper = aws_srp.AWSSRP( username=user_name, password=device_password, pool_id='_', client_id=self.client_id, client_secret=None, client=self.cognito_idp_client) device_and_pw = f'{device_group_key}{device_key}:{device_password}' device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode('utf-8')) salt = aws_srp.pad_hex(aws_srp.get_random(16)) x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash)) verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n)) device_secret_verifier_config = { "PasswordVerifier": base64.standard_b64encode(bytearray.fromhex(verifier)).decode('utf-8'), "Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode('utf-8') } try: response = self.cognito_idp_client.confirm_device( AccessToken=access_token, DeviceKey=device_key, DeviceSecretVerifierConfig=device_secret_verifier_config) user_confirm = response['UserConfirmationNecessary'] except ClientError as err: logger.error( "Couldn't confirm mfa device %s. Here's why: %s: %s", device_key, err.response['Error']['Code'], err.response['Error']['Message']) raise else: return user_confirm
  • API の詳細については、「AWSSDK for Python (Boto3) API リファレンス」のを参照してくださいConfirmDevice