如何使用AWS Cognito TOTP MFA?

时间:2019-07-17 16:13:05

标签: javascript reactjs amazon-web-services amazon-cognito totp

我很难弄清楚如何使用此库: https://github.com/aws-amplify/amplify-js/tree/master/packages/amazon-cognito-identity-js

其中表示用例27。选择MFA方法并使用TOTP进行身份验证。

我已经成功完成了用户名和密码登录以及SMS代码,但是我无法获取associateSecretCode函数中提供的秘密令牌,无法使用google authenticator qr扫描仪进行扫描。不断给我一个无效的代码错误

这是我的代码:

cognitoUser.authenticateUser(authenticationDetails, {
  onSuccess: function(result) {
    const accessToken = result.getAccessToken().getJwtToken();
    cognitoUser.associateSoftwareToken(this);
  },

  onFailure: function(err) {
    alert(err.message || JSON.stringify(err));
  },

  mfaSetup: function(challengeName, challengeParameters) {
    console.log("MFA SETUP");
    cognitoUser.associateSoftwareToken(this);
  },

  associateSecretCode: async secretCode => {
    console.log("SECRET CODE: ", secretCode);
    await this.setState({ QRCode: secretCode, showQRCode: true });
    setTimeout(() => {
      const challengeAnswer = prompt("Please input the TOTP code.", "");
      cognitoUser.verifySoftwareToken(challengeAnswer, "My TOTP device", {
        onSuccess: session => console.log("SUCCESS TOTP: ", session),
        onFailure: err => console.error("ERROR TOTP: ", err)
      });
    }, 2000);
  },

  selectMFAType: function(challengeName, challengeParameters) {
    var mfaType = prompt("Please select the MFA method.", ""); // valid values for mfaType is "SMS_MFA", "SOFTWARE_TOKEN_MFA"
    cognitoUser.sendMFASelectionAnswer(mfaType, this);
  },

  totpRequired: function(secretCode) {
    var challengeAnswer = prompt("Please input the TOTP code.", "");
    cognitoUser.sendMFACode(challengeAnswer, this, "SOFTWARE_TOKEN_MFA");
  },

  mfaRequired: function(codeDeliveryDetails) {
    var verificationCode = prompt("Please input verification code", "");
    cognitoUser.sendMFACode(verificationCode, this);
  },
  newPasswordRequired: userAttributes => {
    this.setState({
      user: userAttributes,
      showNewPassword: true
    });
  }
});

会生成QR码,但在扫描时,谷歌身份验证器会给我这个错误: enter image description here

我在这里做什么错了?

1 个答案:

答案 0 :(得分:0)

您需要格式化Google Authenticator的二维码。看到这里:https://github.com/google/google-authenticator/wiki/Key-Uri-Format

尝试使用此npm库生成正确的格式:https://www.npmjs.com/package/otpauth

相关问题
最新问题