AWS Cognito在Serverless中的IdToken未定义

huangapple
go评论74阅读模式
英文:

AWS Cognito on Serverless IdToken undefined

问题

I understand that you want a translation of the provided code and text, excluding the code itself. Here's the translated text:

我正在尝试使用ApiGateway、Lambda函数和Cognito构建登录系统。
我创建了一个登录API,成功验证后返回令牌ID。

当我尝试使用电子邮件和密码登录时,如果凭据无效,它会给我一个错误,如果它们有效,它只会返回"{}"。

我尝试返回response.AuthenticationResult?.Session,它有效,所以登录有效,但没有返回令牌。

这是完整的响应:
{
"response": {
"ChallengeName": "NEW_PASSWORD_REQUIRED",
"Session": "AYABeByFqBoMmIHRwn6oIZvHWUMAHQABAAdTZXJ2aWNlABBDb2duaXRvVXNlclBvb2xzAAEAB2F3cy1rbXMATmFybjphd3M6a21zOmV1LWNlbnRyYWwtMTo1OTA0OTA4MDk4NTg6a2V5LzRkMmU1YTdmLTFjZDctNDljOS04ZmFjLTJkOWRjYjVjZWY5ZgC4AQIBAHiT0WsoETjA-W2EH-EQMS-0VLOgD9a5TwyMTIsaW4GEgFrdbJMT7r-wJbAHBLfQj4IAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMgTyErKwdTA2j0_OgAgEQgDvrVyjLX7dExEs8JWLMQ4vSSsJnECrXYaPZL9HMa-utfreumVAVmGZJSXdshrrFkI7yyqSp4fxzHgyN3AIAAAAADAAAEAAAAAAAAAAAAAAAAADrUQD4xZFJjL5DX0QePNdc_____wAAAAEAAAAAAAAAAAAAAAEAAAC9fhhiRhbi2BWmcOCLfSCUx4CeDC9p-zLwuMsdtn_kofAuF4aLLINJ5eg8xjJGDJXjBgfUUVaD9-yx_hPIE2xs6A4bbKI81RoLeeprjxfgrJGHI8iZc_4D-fpwT4yC5grDZlsBUhQ_tKuamYOeV-IfIi6CYJ3W2doz6AEeELYJibyPGqnX4z6kFyrAoZj2V-7O_NJWTeYNLgNjzQEjkNmxdoANUpDVJJCTC9A4rv3r4WjknBa0SUy3-X-l6S9oGZLs2LWMSk7j7lpj1woVg",
"ChallengeParameters": {
"USER_ID_FOR_SRP": "MY_USERNAME",
"userAttributes": "{"email_verified":"true","nickname":"","email":"MY_EMAIL"}",
"requiredAttributes": "["userAttributes.nickname"]"
}
}
}

英文:

I'm trying to build a login system using ApiGateway, Lambda function and cognito.
I created a login API that returns the token id after a successful authentication

export async function login(
  event: APIGatewayEvent,
  context: Context
): Promise<APIGatewayProxyResult> {
  const body: LoginRequest = JSON.parse(event.body!);
  let { email, password } = body;

  const params = {
    AuthFlow: "ADMIN_NO_SRP_AUTH",
    UserPoolId: "MY_POOL_ID",
    ClientId: "MY_CLIENT_ID",
    AuthParameters: {
      USERNAME: email,
      PASSWORD: password,
    },
  };
  const response = await cognito.adminInitiateAuth(params).promise();
  return {
    statusCode: 200,
    headers: { "Access-Control-Allow-Origin": "*" },
    body: JSON.stringify({
      token: response.AuthenticationResult?.IdToken,
      expires: response.AuthenticationResult?.ExpiresIn,
    }),
  };
}

When I try to login with email and password it give me an error if credentials are not valid and just a "{}" if they are valid.

I tried to returns response.AuthenticationResult?.Session and it works, so login works, but don't give token

That's the entire response:

{
    "response": {
        "ChallengeName": "NEW_PASSWORD_REQUIRED",
        "Session": "AYABeByFqBoMmIHRwn6oIZvHWUMAHQABAAdTZXJ2aWNlABBDb2duaXRvVXNlclBvb2xzAAEAB2F3cy1rbXMATmFybjphd3M6a21zOmV1LWNlbnRyYWwtMTo1OTA0OTA4MDk4NTg6a2V5LzRkMmU1YTdmLTFjZDctNDljOS04ZmFjLTJkOWRjYjVjZWY5ZgC4AQIBAHiT0WsoETjA-_W2EH-EQMS-0VLOgD9a5TwyMTIsaW4GEgFrdbJMT7r-wJbAHBLfQj4IAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMgTyErKwdTA2j0_OgAgEQgDvrVyjLX7dExEs8JWLMQ4vSSsJnECrXYaPZL9HMa-utfreumVAVmGZJSXdshrrFkI7yyqSp4fxzHgyN3AIAAAAADAAAEAAAAAAAAAAAAAAAAADrUQD4xZFJjL5DX0QePNdc_____wAAAAEAAAAAAAAAAAAAAAEAAAC9fhhiRhbi2BWmcOCLfSCUx4CeDC9p-zLwuMsdtn_kofAuF4aLLINJ5eg8xjJGDJXjBgfUUVaD9-yx_hPIE2xs6A4bbKI81RoLeeprjxfgrJGHI8iZc_4D-fpwT4yC5grDZlsBUhQ_tKuamYOeV-IfIi6CYJ3W2doz6AEeELYJibyPGqnX4z6kFyrAoZj2V-7O_NJWTeYNLgNjzQEjkNmxdoANUpDVJJCTC9A4rv3r4WjknBa0SUy3_-X-l6S9oGZLs2LWMSk7j7lpj1woVg",
        "ChallengeParameters": {
            "USER_ID_FOR_SRP": "MY_USERNAME",
            "userAttributes": "{\"email_verified\":\"true\",\"nickname\":\"\",\"email\":\"MY_EMAIL\"}",
            "requiredAttributes": "[\"userAttributes.nickname\"]"
        }
    }
}

答案1

得分: 0

最初的挑战要求您首先设置新密码,然后用户才能登录。这就是为什么响应中会显示:“ChallengeName”: “NEW_PASSWORD_REQUIRED”。

根据文档:

[AuthenticationResult]` 仅在调用方不需要通过其他挑战时返回。如果调用方在获取令牌之前需要通过其他挑战,将返回ChallengeName、ChallengeParameters和Session。

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminInitiateAuth-property

您可以使用adminRespondToAuthChallenge操作来设置新密码:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminRespondToAuthChallenge-property

英文:

The initial challenge requires you to first set a new password, before the user is logged in. That's why the response says: "ChallengeName": "NEW_PASSWORD_REQUIRED".

From the docs:

[AuthenticationResult] is only returned if the caller doesn’t need to pass another challenge. If the caller does need to pass another challenge before it gets tokens, ChallengeName, ChallengeParameters, and Session are returned.

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminInitiateAuth-property

You can use the adminRespondToAuthChallenge-operation to set a new password:
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminRespondToAuthChallenge-property

huangapple
  • 本文由 发表于 2023年6月13日 18:00:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/76463745.html
  • amazon-cognito
  • node.js
  • serverless-framework
  • typescript
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定