CODEWITHSUNDEEP
.netamazon-web-servicesasp.net-web-apiamazon-ec2amazon-cognito
Morphex
Morphex

Reputation: 306

Amazon Cognito AuthFlow

Somewhat of multiple question but,

How does one perform authentication with Amazon Cognito User Pools, in .NET. I am initiating the Auth with the following:

var response1 = client.InitiateAuth(new InitiateAuthRequest()
            {
                AuthFlow = AuthFlowType.USER_SRP_AUTH,
                AuthParameters = new Dictionary<string, string>()
                {
                    {"USERNAME","User" },
                    {"SRP_A"  ,  A }
                },
                ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
            });

Their documentation is really, really bad, and I can't seem to find what to pass when I want to respond to the challenge.

client.RespondToAuthChallenge(new RespondToAuthChallengeRequest()
        {
            ChallengeName = ChallengeNameType.PASSWORD_VERIFIER,
            ChallengeResponses = { /*WHAT am I supposed to add here, and where can I find any documnetation on what is expected?*/ },
            Session =  response1.Session,
            ClientId = "xxxxxxxxxxxxx"
        });

On a side note, I want to use Cognito Federated Identities to protected a custom .Net API, so my idea is to use a Token returned by Cognito to pass as the JWT to the webapi side, where I would then decode and validate the token. Is this a expected way to use Amazon Cognito for? (I don't want to use amazon API gateway, for now at least).

I am assuming its just configuring OWIN with a default JWT middleware, or should I expected something else?

Upvotes: 1

Views: 5031

Answers (2)

Adil H. Raza
Adil H. Raza

Reputation: 1711

Here's an example of using RespondToAuthChallengeAsync's ChallengeResponses

var RespondToAuthChallengeRequest = new RespondToAuthChallengeRequest
{
    ChallengeName = ChallengeNameType.PASSWORD_VERIFIER,
    ClientId = "appClientId",
    ChallengeResponses = new Dictionary<string, string>
       {
           { "USERNAME", username },
           { "NEW_PASSWORD", password }
       },
    Session = response1.Session
};

var respondToAuthChallengeResponse = await client
        .RespondToAuthChallengeAsync(respondToAuthChallengeRequest);

Upvotes: -1

Jeff Bailey
Jeff Bailey

Reputation: 5775

The developer guide touches on what needs to go into the request for both initiate auth and respond to auth challenge.

You will likely find it easier to offload the srp authentication to Cognito with the AdminInitiateAuth API (detailed in the same link), which will fill in these blanks for you.

The mobile SDKs have wrappers around SRP authentication for you, which help fill in these parameters, but other SDKs have no such features in place. You could use the code for the SDKs (all of which live in GitHub) to fill in things like SRP_A, but you'll likely find it far easier to just use AdminInitiateAuth.

Upvotes: 0

Related Questions