How to enable authenticator MFA for cognitio user pool created using AWS Node js API?

huangapple go评论61阅读模式
英文:

How to enable authenticator MFA for cognitio user pool created using AWS Node js API?

问题

我正在尝试在Lambda函数中使用AWS Node.js SDK创建AWS Cognito用户池。我们的用例需要多因素身份验证,并启用用于MFA的认证器应用程序。看起来Cognito控制台UI提供了指定此选项的方法,但API不提供启用MFA的认证器应用程序的方式。

已尝试添加以下内容:

"SoftwareTokenMfaConfiguration": {
    "Enabled": true
}

cognitoIdentityServiceProvider.createUserPool API的参数中,但响应指示"创建用户池时出错:意外参数:在参数中找到意外键'SoftwareTokenMfaConfiguration'"。

因此,我的代码片段如下所示:

async function createCognitoUserPool(poolName) {
  const cognitoIdentityServiceProvider =
    new AWS.CognitoIdentityServiceProvider();

  // 定义创建用户池的参数
  const params = {
    PoolName: poolName,
    Policies: {
      PasswordPolicy: {
        MinimumLength: 8,
        RequireUppercase: true,
        RequireLowercase: true,
        RequireNumbers: true,
        RequireSymbols: true,
      },
    },
    MfaConfiguration: "ON",
    SoftwareTokenMfaConfiguration: {
      Enabled: true,
    },
    AutoVerifiedAttributes: ["phone_number"],
    SmsConfiguration: JSON.parse(
      process.env.COGNITO_USER_POOL_SMS_CONFIGURATION
    ),
  };

  try {
    // 调用createUserPool方法
    const response = await cognitoIdentityServiceProvider
      .createUserPool(params)
      .promise();

    console.log("User Pool created successfully:", response.UserPool.Id);
    return response.UserPool.Id;
  } catch (error) {
    console.error("Error creating User Pool:", error);
    throw error;
  }
}

期待找到解决方案。谢谢!

英文:

I am trying to create a AWS Cogntio user pool using AWS Node js SDK in a lambda function. Our use case requires multi factor authentication and enabling authenticator apps for MFA. Looks like the cognito console UI provides an option to specify this but the API does not provide a way to enable authenticator apps for MFA.

Screenshot of Cognito user pool console UI showing option to enable Authenticator apps for MFA

Tried adding

"SoftwareTokenMfaConfiguration": {
    "Enabled": true
  }

> field in the params to cognitoIdentityServiceProvider.createUserPool
> API but the response indicates "Error creating User Pool:
> UnexpectedParameter: Unexpected key 'SoftwareTokenMfaConfiguration'
> found in params"

So my code snippet looks like below:

async function createCognitoUserPool(poolName) {
  const cognitoIdentityServiceProvider =
    new AWS.CognitoIdentityServiceProvider();

  // Define the parameters for creating the user pool
  const params = {
    PoolName: poolName,
    Policies: {
      PasswordPolicy: {
        MinimumLength: 8,
        RequireUppercase: true,
        RequireLowercase: true,
        RequireNumbers: true,
        RequireSymbols: true,
      },
    },
    MfaConfiguration: "ON",
    SoftwareTokenMfaConfiguration: {
      Enabled: true,
    },
    AutoVerifiedAttributes: ["phone_number"],
    SmsConfiguration: JSON.parse(
      process.env.COGNITO_USER_POOL_SMS_CONFIGURATION
    ),
  };

  try {
    // Call the CreateUserPool method
    const response = await cognitoIdentityServiceProvider
      .createUserPool(params)
      .promise();

    console.log("User Pool created successfully:", response.UserPool.Id);
    return response.UserPool.Id;
  } catch (error) {
    console.error("Error creating User Pool:", error);
    throw error;
  }
}

Looking forward to find a solution for this. Thanks!

答案1

得分: 0

你可以在创建用户池之后使用 SetUserPoolMfaConfig 方法。

TOTP 软件令牌 MFA 页面。
> 您可以在Amazon Cognito控制台中激活用户池的TOTP MFA,也可以使用Amazon Cognito API操作。在用户池级别,您可以调用SetUserPoolMfaConfig来配置MFA并启用TOTP MFA。

以下是来自AWS文档的API参考链接。

英文:

You can use SetUserPoolMfaConfig method after creating the user pool.

From TOTP software token MFA page.
> You can activate TOTP MFA for your user pool in the Amazon Cognito console, or you can use Amazon Cognito API operations. At the user pool level, you can call SetUserPoolMfaConfig to configure MFA and enable TOTP MFA.

Here are the links of API references from AWS documentation.

huangapple
  • 本文由 发表于 2023年6月2日 14:44:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76387742.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定