AWS用户池 - 在没有会话标识符的情况下调用defAuthChallenge

时间:2018-01-17 17:00:25

标签: amazon-web-services aws-cognito

我已将lambda函数添加到我的AWS用户池Define Auth Challenge

当我的iOS应用尝试在用户中签名时,会调用Define Auth Challenge lambda。但event.request.session参数是一个空列表[]

only one example(它是JavaScript lambda的一部分的屏幕截图),但是需要定义session

我需要在iOS应用中定义什么才能正确填充session

event = {
    u'userName': u'SET', 
    u'userPoolId': u'SET',
    u'callerContext': {
        u'awsSdkVersion': u'aws-sdk-ios-2.6.10', 
        u'clientId': u'SET'
    }, 
    u'region': u'SET', 
    u'request': {
        u'session': [], 
        u'userAttributes': {
            u'email_verified': u'true', 
            u'email': u'SET', 
            u'sub': u'SET', 
            u'cognito:user_status': u'CONFIRMED', 
            u'cognito:email_alias': u'SET'
        }
    }, 
    u'triggerSource': u'DefineAuthChallenge_Authentication', 
    u'version': u'1', 
    u'response': {
        u'issueTokens': None, 
        u'failAuthentication': None, 
        u'challengeName': None
    }
}

1 个答案:

答案 0 :(得分:0)

session中的event.request未由客户设置。

对于Define Auth Challenge Lambda函数的第一次调用,session是一个空列表。后续调用将填充session

使用Python,单步自定义流Define Auth Challenge可采用以下形式:

def handler(event, context):

    step = len(event['request']['session'])

    if step == 0:
        event['response']['challengeName'] = 'CUSTOM_CHALLENGE'
        event['response']['issueTokens'] = False
        event['response']['failAuthentication'] = False
    elif step == 1 and event['request']['session'][0]['challengeName'] == 'CUSTOM_CHALLENGE':
        event['response']['issueTokens'] = event['request']['session'][0]['challengeResult']
        event['response']['failAuthentication'] = False
    else:
        event['response']['issueTokens'] = False
        event['response']['failAuthentication'] = True

    return event