AWS Cognito:自定义默认邀请消息

时间:2017-11-27 17:01:55

标签: python amazon-cognito aws-cognito

我们使用AWS Cognito进行身份验证。 当我们创建用户时,Cognito会发送以下电子邮件,其中包含以下消息:

Your username is {username} and temporary password is {####}.

我们知道,用户是使用FORCE_NEW_PASSWORD状态创建的。 是否有可能以某种方式向电子邮件正文添加访问令牌,以便形成指向用户可能更改其密码以激活帐户的页面的链接?

1 个答案:

答案 0 :(得分:0)

我在node jsangular2中使用了aws-cognito。 当您第一次尝试登录时,用户会注入临时凭证,此后OTP将被发送到手机或电子邮件(由用户池决定)。

以下是用于登录的功能:

var authenticationData = {
    Username: username, // req.body.username
    Password: password  // req.body.password
};

var poolData = {
            UserPoolId: upid,
            ClientId: cid,
            AuthFlow: 'ADMIN_NO_SRP_AUTH'
        };

var userPool = new AWS.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

var authenticationDetails   = new AWS.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);

var userData = {
            Username: username,
            Pool: userPool
        };

var cognitoUser = new AWS.CognitoIdentityServiceProvider.CognitoUser(userData);

cognitoUser.authenticateUser(authenticationDetails, {
   onSuccess: function (result) {
     // not for first time login case and user has permanent credentials
   },
   onFailure: function (err) {
     res.send(err); //login failure
   },
   newPasswordRequired: function (userAttributes, requiredAttributes) {
         response = {"ChallengeName": "NEW_PASSWORD_REQUIRED", "userAttributes": userAttributes};
         localStorage.setItem('userAttributes', JSON.stringify(userAttributes)); // I have used localStorage to save data temporarily
         res.send(response);
   }
 }

现在,正如您要求首次登录一样。 因此,您需要将旧密码和用户名,用户属性传递给下一个API调用以获取永久凭据。

我没有在电子邮件中发送令牌 并将其保留在localStorage中,以便当用户以这种方式返回浏览器时可以使用,您将获得ID令牌。

所以您可以使用代码更新密码,如下所示:

router.post('/updatepassword', function (req, res) {

 var username = req.body.username;
 var newPassword = req.body.newpassword;
 var userAttributes = req.body.userAttributes;
 var oldpassword = req.body.oldpassword;
 var userPool    = globalConfiguration(); // custom function to get pool data
 var userData = {
    Username: username, //req.body.username,
    Pool: userPool
 };
 var params = {
    UserPoolId: 'us-west-2_XxxxxXX', /* required */
    Username: username, //req.body.username,
 };
 var authenticationData = {
    Username: username, //req.body.username,
    Password: oldpassword, //req.body.password,
 };

 var authenticationDetails = new AWS.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
 // so only username and previous password are required.
 var cognitoUser = new AWS.CognitoIdentityServiceProvider.CognitoUser(userData);
 cognitoUser.authenticateUser(authenticationDetails, {
    onSuccess: function (result) { },
    onFailure: function (err) { },
    newPasswordRequired: function (userAttributes, requiredAttributes) {

        // the api doesn't accept this field back
        delete userAttributes.email_verified;
        delete userAttributes.phone_number_verified;

        cognitoUser.completeNewPasswordChallenge(newPassword, userAttributes, this);

        var success = {'success': 'success'};

        res.send(success);
    }
});
});

希望这会对你有帮助!

相关问题
最新问题