AWSDocAWS SDKGitHub サンプルリポジトリには、さらに多くの SDK サンプルがあります
翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS SDK を使用して Amazon Cognito SRP 認証チャレンジに応答する
次のコード例は、Amazon Cognito SRP 認証チャレンジに応答する方法を示しています。
- .NET
-
- AWS SDK for .NET
-
注記
他にもありますGitHub。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 /// <summary> /// Respond to an authentication challenge. /// </summary> /// <param name="userName">The name of the user.</param> /// <param name="clientId">The client Id.</param> /// <param name="mfaCode">The multi-factor authentication code.</param> /// <param name="session">The current application session.</param> /// <returns>An async Task.</returns> public async Task<AuthenticationResultType> RespondToAuthChallengeAsync(string userName, string clientId, string mfaCode, string session) { Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated"); var challengeResponses = new Dictionary<string, string>(); challengeResponses.Add("USERNAME", userName); challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode); var respondToAuthChallengeRequest = new RespondToAuthChallengeRequest { ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA, ClientId = clientId, ChallengeResponses = challengeResponses, Session = session }; var response = await _cognitoService.RespondToAuthChallengeAsync(respondToAuthChallengeRequest); Console.WriteLine($"Response to Authentication {response.AuthenticationResult}"); return response.AuthenticationResult; }-
API の詳細については、AWS SDK for .NETAPI RespondToAuthChallengeリファレンスのを参照してください。
-
- JavaScript
-
- SDK for forJavaScript (v3)
-
注記
他にもありますGitHub。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 const respondToAuthChallenge = async ({ clientId, username, session, userPoolId, code, }) => { const client = createClientForDefaultRegion(CognitoIdentityProviderClient); const command = new RespondToAuthChallengeCommand({ ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA, ChallengeResponses: { SOFTWARE_TOKEN_MFA_CODE: code, USERNAME: username, }, ClientId: clientId, UserPoolId: userPoolId, Session: session, }); return client.send(command); };-
API の詳細については、AWS SDK for JavaScriptAPI RespondToAuthChallengeリファレンスのを参照してください。
-
- Python
-
- SDK for Python (Boto3)
-
注記
他にもありますGitHub。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 追跡対象デバイスでサインインします。サインインを完了するには、クライアントはセキュアリモートパスワード (SRP) チャレンジに正しく応答する必要があります。
class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def sign_in_with_tracked_device( self, user_name, password, device_key, device_group_key, device_password, aws_srp): """ Signs in to Amazon Cognito as a user who has a tracked device. Signing in with a tracked device lets a user sign in without entering a new MFA code. Signing in with a tracked device requires that the client respond to the SRP protocol. The scenario associated with this example uses the warrant package to help with SRP calculations. For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol. :param user_name: The user that is associated with the device. :param password: The user's password. :param device_key: The key of a tracked device. :param device_group_key: The group key of a tracked device. :param device_password: The password that is associated with the device. :param aws_srp: A class that helps with SRP calculations. The scenario associated with this example uses the warrant package. :return: The result of the authentication. When successful, this contains an access token for the user. """ try: srp_helper = aws_srp.AWSSRP( username=user_name, password=device_password, pool_id='_', client_id=self.client_id, client_secret=None, client=self.cognito_idp_client) response_init = self.cognito_idp_client.initiate_auth( ClientId=self.client_id, AuthFlow='USER_PASSWORD_AUTH', AuthParameters={ 'USERNAME': user_name, 'PASSWORD': password, 'DEVICE_KEY': device_key}) if response_init['ChallengeName'] != 'DEVICE_SRP_AUTH': raise RuntimeError( f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}.") auth_params = srp_helper.get_auth_params() auth_params['DEVICE_KEY'] = device_key response_auth = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName='DEVICE_SRP_AUTH', ChallengeResponses=auth_params ) if response_auth['ChallengeName'] != 'DEVICE_PASSWORD_VERIFIER': raise RuntimeError( f"Expected DEVICE_PASSWORD_VERIFIER challenge but got " f"{response_init['ChallengeName']}.") challenge_params = response_auth['ChallengeParameters'] challenge_params['USER_ID_FOR_SRP'] = device_group_key + device_key cr = srp_helper.process_challenge(challenge_params, {'USERNAME': user_name}) cr['USERNAME'] = user_name cr['DEVICE_KEY'] = device_key response_verifier = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName='DEVICE_PASSWORD_VERIFIER', ChallengeResponses=cr) auth_tokens = response_verifier['AuthenticationResult'] except ClientError as err: logger.error( "Couldn't start client sign in for %s. Here's why: %s: %s", user_name, err.response['Error']['Code'], err.response['Error']['Message']) raise else: return auth_tokens-
API の詳細については、「AWSSDK for Python (Boto3) API リファレンス」のを参照してくださいRespondToAuthChallenge。
-
確認コードを再送信する
認証チャレンジに応答する