Can users be migrated from my mongodb database to aws cognito user pool?

佐手、 提交于 2020-01-22 16:42:27

问题


For better security I would like to move all of my web application users to aws cognito. Is it possible to migrate the user data from mongodb to cognito in such a way that all my customers can login with their same old password ? Or is it mandated to change the password after migration ?

A rough user table is below:
name:
email:
hash_password:
salt:

The hash_password and salt are strings which may have to be exported to a csv and then uploaded to cognito. But I do not see any such options in cognito.

I have hundreds of Users and I do not want to force change password on all of them. I have checked the aws docs and they do not mention anything about migration from mongodb. Please let me if it is possible and if it is then how can it be achieved ?


回答1:


There are several ways to achieve this,

  1. You use prepare .CSV file and import it in aws cognito user pool. Import process sets all user attributes except password. User's status in cognito will be RESET_REQUIRED. Cognito force to reset password.

  2. Otherwise, you can write one script that will add all users from mongodb to cognito in following steps,

Use: AdminCreateUser

  1. Create a new user profile by using the AWS Management Console or by calling the AdminCreateUser API. Specify the temporary password(will be your user's password in mongodb) or allow Amazon Cognito to automatically generate one.

  2. Specify whether provided email addresses and phone numbers are marked as verified for new users. Specify custom SMS and email invitation messages for new users via the AWS Management Console.

  3. Specify whether invitation messages are sent via SMS, email, or both.

  4. After successful user creation,

    1. authenticate user using same user credentials Use: SDK calls InitiateAuth(Username, USER_SRP_AUTH)

    2. After success of initateAuth, amazon Cognito returns the PASSWORD_VERIFIER challenge with Salt & Secret block.

    3. Use RespondToAuthChallenge(Username, , PASSWORD_VERIFIER

    4. Amazon Cognito returns the NEW_PASSWORD_REQUIRED challenge along with the current and required attributes.

    5. The user is prompted and enters a new password and any missing values for required attributes.

    6. Call RespondToAuthChallenge(Username, , ).

    7. After successful password change user can be able to login using same credentials added in mongodb.

Note: but there is problem, if you are not able to decrypt user credentials from mongodb then 2nd solution will not work.

-  In that case, you can specify the temporary password
(will  allow Amazon Cognito to automatically generate one.).

- all user users will be forced to change their password only at first login.

Reference:

If you want to know how to write CSV and import it in cognito then check this link, https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool-csv-header.html




回答2:


Have you tried using the UserMigration Lambda trigger? It allows you to migrate users with their existing password during the authentication flow.

Check the blog post as well as the trigger documentation with an example



来源:https://stackoverflow.com/questions/55116599/can-users-be-migrated-from-my-mongodb-database-to-aws-cognito-user-pool

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!