【问题标题】:How to configure AWS user cognito authentication flow for generating identity token,access token in Java sdk backend?如何配置 AWS 用户 cognito 身份验证流程以在 Java sdk 后端生成身份令牌、访问令牌?
【发布时间】:2021-01-03 19:56:47
【问题描述】:
  1. 我正在使用 AWS Cognito 身份验证进行签名机制。为了获取凭证(访问、秘密和会话令牌),我们需要获取身份令牌。
  2. 我有用户名、密码、clientId、userPoolId、identityPoolId 信息。但是,当我尝试使用 USER_PASSWORD_AUTH 作为身份验证流类型生成 id 令牌时,我收到以下错误 原因:com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException:缺少身份验证令牌(服务:AWSCognitoIdentityProvider;状态代码:400;错误代码:MissingAuthenticationTokenException;请求 ID:;代理:null)

下面是代码:

AnonymousAWSCredentials awsCreds = new AnonymousAWSCredentials();

    AWSCognitoIdentityProvider provider = AWSCognitoIdentityProviderClientBuilder.standard()
            .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
            .withRegion(//region)
            .build();
           

    AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
            .withAuthFlow(AuthFlowType.USER_PASSWORD_AUTH)
            .withClientId("")
            .withUserPoolId("")
            .withAuthParameters(map);
    Map<String,String> map = new HashMap<>();
    map.put("USERNAME","");
    map.put("PASSWORD","");

这里的地图会有用户名和密码。

有人可以帮助了解如何在 Java 中配置身份验证以生成 id 令牌和访问令牌吗?提前致谢!!

【问题讨论】:

    标签: java authentication amazon-cognito aws-userpools access-keys


    【解决方案1】:

    您的代码可能如下所示。请注意:

    1. 用于身份验证的 ADMIN_USER_PASSWORD_AUTH 流。请参见 AdminInitiateAuth

    2. 在 Cognito 中,在客户端设置中的“身份验证流程配置”部分下,应启用下一个选项“为管理员 API 启用用户名密码身份验证 (ALLOW_ADMIN_USER_PASSWORD_AUTH)”

       public static void auth(String username, String password) {
      
       AwsBasicCredentials awsCreds = AwsBasicCredentials.create(AWS_KEY,
               AWS_SECRET);
      
       CognitoIdentityProviderClient identityProviderClient =
               CognitoIdentityProviderClient.builder()
                       .credentialsProvider(StaticCredentialsProvider.create(awsCreds))
                       .region(Region.of(REGION))
                       .build();
      
       final Map<String, String> authParams = new HashMap<>();
       authParams.put("USERNAME", username);
       authParams.put("PASSWORD", password);
       authParams.put("SECRET_HASH", calculateSecretHash(CLIENT_ID,
               CLIENT_SECRET, username));
      
       final AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
               .authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
               .clientId(CLIENT_ID)
               .userPoolId(POOL_ID)
               .authParameters(authParams)
               .build();
      
       AdminInitiateAuthResponse result = identityProviderClient.adminInitiateAuth(authRequest);
      
       System.out.println(result.authenticationResult().accessToken());
       System.out.println(result.authenticationResult().idToken());
      

      }

    3. 方法 calculateSecretHash 取自 AWS 文档 Signing Up and Confirming User Accounts

       private static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
       final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
      
       SecretKeySpec signingKey = new SecretKeySpec(
               userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
               HMAC_SHA256_ALGORITHM);
       try {
           Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
           mac.init(signingKey);
           mac.update(userName.getBytes(StandardCharsets.UTF_8));
           byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
           return Base64.getEncoder().encodeToString(rawHmac);
       } catch (Exception e) {
           throw new RuntimeException("Error while calculating ");
       }}
      

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2020-08-30
      • 1970-01-01
      • 2016-04-11
      • 1970-01-01
      • 2018-04-18
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多