user26073892
Reputation: 1
cognito srp auth login
This is my code. I am pretty sure i have used correct clientId and userpool for configuration. the InitiateAuthCommand doesnot give me session key as mentioned in offical docs. But return all the other value and when moving on to the RespondToAuthChallengeCommand it is giving me following error. const exception = new NotAuthorizedException({ ^
NotAuthorizedException: Incorrect username or password.
.
import {
CognitoIdentityProviderClient,
InitiateAuthCommand,
AuthFlowType,
ChallengeNameType,
RespondToAuthChallengeCommand,
CognitoIdentityProvider,
} from "@aws-sdk/client-cognito-identity-provider";
import { SRPClient, calculateSignature } from "amazon-user-pool-srp-client";
import moment from "moment-timezone";
// import { CognitoIdentityServiceProvider } from "aws-sdk";
export const signIn = async ({ email, password }) => {
const client = new CognitoIdentityProviderClient({
region: process.env.AWS_REGION,
});
const service = new CognitoIdentityProvider({
region: process.env.AWS_REGION,
});
const userPoolId = process.env.AWS_USER_POOL;
const srp = new SRPClient(userPoolId);
const srpA = srp.calculateA();
const initiateAuthParams = {
AuthFlow: "USER_SRP_AUTH",
ClientId: process.env.AWS_CLIENT_ID,
AuthParameters: {
USERNAME: "[email protected]",
SRP_A: srpA,
},
ClientMetadata: {},
};
const command = new InitiateAuthCommand(initiateAuthParams);
const initiateAuthResponse = await client.send(command);
// return initiateAuthResponse;
const challengeParameters = initiateAuthResponse.ChallengeParameters;
const userIdForSrp = initiateAuthResponse.ChallengeParameters.USER_ID_FOR_SRP;
const srpB = initiateAuthResponse.ChallengeParameters.SRP_B;
const salt = initiateAuthResponse.ChallengeParameters.SALT;
const secretBlock = initiateAuthResponse.ChallengeParameters.SECRET_BLOCK;
const pin = password;
const clientId = process.env.AWS_CLIENT_ID;
const hkdf = srp.getPasswordAuthenticationKey(
userIdForSrp,
pin, // This is the user's password
srpB,
salt
);
// // return hkdf;
const dateNow = moment(new Date()).format("ddd MMM D HH:mm:ss UTC YYYY");
console.log(dateNow);
const signatureString = calculateSignature(
hkdf,
userPoolId,
userIdForSrp,
secretBlock,
dateNow
);
const respondToAuthParams = {
ClientId: clientId,
ChallengeName: ChallengeNameType.PASSWORD_VERIFIER,
ChallengeResponses: {
PASSWORD_CLAIM_SIGNATURE: signatureString,
PASSWORD_CLAIM_SECRET_BLOCK: secretBlock,
TIMESTAMP: dateNow,
USERNAME: userIdForSrp,
},
ClientMetadata: {},
};
console.log(respondToAuthParams);
const respondToAuthCommand = new RespondToAuthChallengeCommand(
respondToAuthParams
);
const respondToAuthResponse = await service.send(respondToAuthCommand);
return respondToAuthResponse;
};
I have tried login using hostedUI using same username and password and it is working. But throws exception of unauthorized when using @aws-sdk/client-cognito-identity-provider. Can you provide me any solutions or any alternatives to create api in nodejs to login, register in cognito with SRP auth and mfa settings
Upvotes: 0
Views: 171
Answers (0)
Related Questions
- implementing USER_SRP_AUTH with python boto3 for AWS Cognito
- How do I use InitiateAuth command (@aws-sdk/client-cognito-identity-provider) to trigger SRP Authentication followed by CUSTOM_CHALLANGE?
- AWS cognito user migration pool trigger not working on login flow
- Should I send login information directly to AWS cognito form a browser
- Continue with custom auth flow after NEW_PASSWORD_REQUIRED challenge is answered in AWS Cognito
- Cannot call AWS Cognito APIs from AWS lambda, but the same code runs fine in local node.js
- AWS Cognito Unable to authenticate : blank answer - JS SDK