发表新帖
发表新帖

What is the REST (or CLI) API for logging in to Amazon Cognito user pools

后端 未结
关注
7 1900
离开以前
离开以前 2020-12-05 02:46

How do i make logins happen via Amazon Cognito REST APIs (for user pools) on platforms for which there is no official SDK? - Note that i am asking

7条回答
  • 星月不相逢
    星月不相逢 (楼主)
    2020-12-05 03:40

    Just to add to @andrewjj's answer. You might get back a challenge (NEW_PASSWORD_REQUIRED) as InitiateAuth response. It is when you are being asked to change passport on initial signin.

    You can use Postman or curl command. This example expects Postman being used.

    1. InitiateAuth - This step is same as @andrewjj

    Add this to Body as raw values

    {
    "AuthParameters": {
        "USERNAME": "youremail@example.com",
        "PASSWORD": "temporary-password",
    },
    "AuthFlow": "USER_PASSWORD_AUTH",
    "ClientId": "2s........................"
}

    Set headers

    X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
Content-Type: application/x-amz-json-1.1

    Send a request to https://cognito-idp.us-east-1.amazonaws.com/ You might have to change region.

    If you receive this response then your are ok, otherwise continue with step 2.

    {
    "AuthenticationResult": {
        "AccessToken": "eyJra........",
        "ExpiresIn": 3600,
        "IdToken": "eyJra........",
        "RefreshToken": "eyJjd........",
        "TokenType": "Bearer"
    },
    "ChallengeParameters": {}
}
    1. RespondToAuthChallenge - this is new step

    In case you receive Challenge back like this one:

    {
    "ChallengeName": "NEW_PASSWORD_REQUIRED",
    "ChallengeParameters": {
        "USER_ID_FOR_SRP": "1231-......",
        "requiredAttributes": "[]",
        "userAttributes": "{\"email_verified\":\"true\",\"email\":\"youremail@example.com\"}"
    },
    "Session": "Sfas......"
}

    You need to set new password. Add this to Body as raw values

    {
    "ChallengeName": "NEW_PASSWORD_REQUIRED",
    "ChallengeResponses": {
        "USERNAME": "youremail@example.com",
        "NEW_PASSWORD": "newpassword"
    },
    "ClientId": "2s........................",
    "Session": "Sfas......(use one from the InitiateAuth response)"
}

    Set headers

    X-Amz-Target: AWSCognitoIdentityProviderService.RespondToAuthChallenge
Content-Type: application/x-amz-json-1.1

    Send a request to https://cognito-idp.us-east-1.amazonaws.com/ You might have to change region.

    Do step 1 again to receive tokens.

    0 讨论(0)
 看不清?
提交回复
热议问题