CODEWITHSUNDEEP
androidamazon-web-servicesaws-lambdaaws-sdkamazon-cognito
TheQ
TheQ

Reputation: 2019

How to get password from aws cognito - android?

so im working with aws cognito, and im a bit confused on how to get the password?

If a user enters a password into an edit text, how do i get the password the user had entered when they signed up so i can compare the password they're logged in with to the password the registered with?

Here is the code i had to register my user:

userPool.signUpInBackground(username_ET.getText().toString(), password_ET.getText().toString(), userAttributes, null, signupCallback);

And here is the code i used to log in:

 private AuthenticationHandler authenticationHandler = new AuthenticationHandler()
    {
        @Override
        public void onSuccess(CognitoUserSession userSession, CognitoDevice newDevice)
        {
            Log.d(COGNITO_LOGIN,"Login success I think?!");
            cognitoUser.getDetailsInBackground(getDetailsHandler);
            //Here i need to compare passwords before i can move on.
        }
        @Override
        public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId)
        {
            Log.d(COGNITO_LOGIN,passwordET.getText().toString());
            // The API needs user sign-in credentials to continue
            AuthenticationDetails authenticationDetails = new AuthenticationDetails(userId, passwordET.getText().toString(), null);

            // Pass the user sign-in credentials to the continuation
            authenticationContinuation.setAuthenticationDetails(authenticationDetails);

            // Allow the sign-in to continue
            authenticationContinuation.continueTask();
        }
        @Override
        public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) {
            // Multi-factor authentication is required; get the verification code from user
            multiFactorAuthenticationContinuation.setMfaCode("verificationCode");
            // Allow the sign-in process to continue
            multiFactorAuthenticationContinuation.continueTask();
        }
        @Override
        public void authenticationChallenge(ChallengeContinuation continuation) {
        }
        @Override
        public void onFailure(Exception exception)
        {
            // Sign-in failed, check exception for the cause
            Log.d(COGNITO_LOGIN,"Login failed!");
            Log.d(COGNITO_LOGIN,exception.getMessage());
            exceptionMessage(exception.getMessage());
        }
    };



cognitoUser.getSessionInBackground(authenticationHandler);

With the authentication handler, i only need to pass in the correct username (or userID) to make the onSuccess run. Password isnt even required. So i am confused, to where the user must enter also the correct password in order for them to log in.

Upvotes: 1

Views: 6085

Answers (1)

Ionut Trestian
Ionut Trestian

Reputation: 5751

You don't need to compare passwords. When you sign up, Cognito stores a salt and a verifier for the password you signed up with. Cognito doesn't store your password in the form you entered it in but only a salt and verifier. When you use the code below, Cognito uses the Secure Remote Password protocol to match the verifier stored internally. Since we use the password you provided for computations, you cannot retrieve it. Note that in the onSuccess callback you will get tokens if the call is successful as noted below.

// Callback handler for the sign-in process 
AuthenticationHandler authenticationHandler = new AuthenticationHandler() { 

    @Override 
    public void onSuccess(CognitoUserSession cognitoUserSession) { 
        // Sign-in was successful, cognitoUserSession will contain tokens for the user   
    }

    @Override
    public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { 
        // The API needs user sign-in credentials to continue
        AuthenticationDetails authenticationDetails = new AuthenticationDetails(userId, password, null);

        // Pass the user sign-in credentials to the continuation
        authenticationContinuation.setAuthenticationDetails(authenticationDetails);

        // Allow the sign-in to continue
        authenticationContinuation.continueTask();
    }

    @Override
    public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { 
        // Multi-factor authentication is required, get the verification code from user
        multiFactorAuthenticationContinuation.setMfaCode(mfaVerificationCode);
        // Allow the sign-in process to continue
        multiFactorAuthenticationContinuation.continueTask();
    }

    @Override
    public void onFailure(Exception exception) {
        // Sign-in failed, check exception for the cause
    } 
};

// Sign-in the user 
cognitoUser.getSessionInBackground(authenticationHandler);

Upvotes: 3

Related Questions