Mau*_*alc 1 authentication spring amazon-web-services amazon-cognito
我正在使用 AWS cognito 和 Spring Boot 制作一个应用程序。注册后,用户通过电子邮件或短信激活码确认其帐户。他们确认帐户后,我可以进行自动会话登录吗?我可以在没有密码的情况下仅在确认情况下启动会话吗?
Yur*_*y P 11
是的,您可以使用自定义身份验证流程为用户执行无需密码的登录。
您必须添加Lambda 触发器来处理您的自定义身份验证流程。在应用程序中,您必须使用AdminInitiateAuth API 调用。
下面是一些代码示例,可以帮助您理解总体思路:
public void auth(String username) {
AwsBasicCredentials awsCreds = AwsBasicCredentials.create(AWS_KEY,
AWS_SECRET);
CognitoIdentityProviderClient identityProviderClient =
CognitoIdentityProviderClient.builder()
.credentialsProvider(StaticCredentialsProvider.create(awsCreds))
.region(Region.of(REGION))
.build();
final Map<String, String> authParams = new HashMap<>();
authParams.put("USERNAME", username);
authParams.put("SECRET_HASH", calculateSecretHash(CLIENT_ID,
CLIENT_SECRET, username));
final AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.authFlow(AuthFlowType.CUSTOM_AUTH)
.clientId(CLIENT_ID)
.userPoolId(POOL_ID)
.authParameters(authParams)
.build();
AdminInitiateAuthResponse result = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println(result.authenticationResult().accessToken());
System.out.println(result.authenticationResult().idToken());
}
private String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
SecretKeySpec signingKey = new SecretKeySpec(
userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
HMAC_SHA256_ALGORITHM);
try {
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
mac.update(userName.getBytes(StandardCharsets.UTF_8));
byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(rawHmac);
} catch (Exception e) {
throw new RuntimeException("Error while calculating ");
}
}
Run Code Online (Sandbox Code Playgroud)
您还需要添加 AWS SDK 的依赖项:
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>aws-core</artifactId>
<version>2.13.57</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>cognitoidentityprovider</artifactId>
<version>2.13.57</version>
</dependency>
Run Code Online (Sandbox Code Playgroud)
并为您的用户池的“定义身份验证挑战”触发器添加 Lambda:
exports.handler = async (event) => {
// Don't do any checks just say that authentication is successfull
event.response.issueTokens = true;
event.response.failAuthentication = false;
return event;
};
Run Code Online (Sandbox Code Playgroud)
| 归档时间: |
|
| 查看次数: |
4123 次 |
| 最近记录: |