我正在尝试使用Amazon Cognito和lambda脚本实施自定义身份验证流程。触发了自定义身份验证,但是请求会话数组为空,而不是像使用javascript sdk一样触发SRP_a挑战。如果未发生SRP_a质询,则不会执行PASSWORD_VERIFIER质询,这对于用于验证用户名/密码是必需的。注意:身份验证的自定义部分在用户名/密码auth发生之后发生。
Cognito的文档说,可以在javascript,iOS和Android上实现此流程,但仅提供javascript中的示例。下面,我包括了进行身份验证的Android代码。
CognitoHelper cognitoHelper = CognitoHelper.getInstance(getApplicationContext());
username = loginView.getUsername();
//Must use toLowerCase to make the username not case sensitive
cognitoHelper.setUser(username.toLowerCase());
password = loginView.getPassword();
AuthFlowType authFlowType = AuthFlowType.fromValue(String.valueOf(AuthFlowType.CUSTOM_AUTH));
HashMap<String, String> authenticationParameters = new HashMap<>();
authenticationParameters.put(CognitoServiceConstants.AUTH_PARAM_PASSWORD,password);
authenticationParameters.put(CognitoServiceConstants.AUTH_PARAM_USERNAME, username);
SRP_aHelper srp_aHelper = new SRP_aHelper(cognitoHelper.getUserPoolID());
authenticationParameters.put(CognitoServiceConstants.AUTH_PARAM_SRP_A,srp_aHelper.getA().toString(16));
InitiateAuthRequest initiateAuthRequest = new InitiateAuthRequest();
initiateAuthRequest.setClientId(cognitoHelper.getClientID());
initiateAuthRequest.setAuthFlow(authFlowType);
initiateAuthRequest.setAuthParameters(authenticationParameters);
CognitoUser cognitoUser = cognitoHelper.getUserPool().getUser(username);
thisDevice = cognitoUser.thisDevice();
//getCIPClient returns a AmazonCognitoIdentityProviderClient
InitiateAuthResult initiateAuthResult = cognitoHelper.getCipClient().initiateAuth(initiateAuthRequest);