README
¶
cognito-srp
This is almost a direct port of capless/warrant
All crypto functions are tested against equivalent values produced by warrant
Usage
package main
import (
"fmt"
"time"
"github.com/alexrudd/cognito-srp"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/endpoints"
"github.com/aws/aws-sdk-go-v2/aws/external"
cip "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
)
func main() {
// configure cognito srp
csrp, _ := cognitosrp.NewCognitoSRP("user", "pa55w0rd", "eu-west-1_myPoolId", "client", nil)
// configure cognito identity provider
cfg, _ := external.LoadDefaultAWSConfig()
cfg.Region = endpoints.EuWest1RegionID
cfg.Credentials = aws.AnonymousCredentials
svc := cip.New(cfg)
// initiate auth
req := svc.InitiateAuthRequest(&cip.InitiateAuthInput{
AuthFlow: cip.AuthFlowTypeUserSrpAuth,
ClientId: aws.String(csrp.GetClientId()),
AuthParameters: csrp.GetAuthParams(),
})
resp, _ := req.Send()
// respond to password verifier challenge
if resp.ChallengeName == cip.ChallengeNameTypePasswordVerifier {
challengeInput, _ := csrp.PasswordVerifierChallenge(resp.ChallengeParameters, time.Now())
chal := svc.RespondToAuthChallengeRequest(challengeInput)
resp, _ := chal.Send()
// print the tokens
fmt.Println(resp.AuthenticationResult)
} else {
// other challenges await...
}
}
Documentation
¶
Index ¶
- type CognitoSRP
- func (csrp *CognitoSRP) GetAuthParams() map[string]string
- func (csrp *CognitoSRP) GetClientId() string
- func (csrp *CognitoSRP) GetSecretHash(username string) (string, error)
- func (csrp *CognitoSRP) GetUserPoolId() string
- func (csrp *CognitoSRP) GetUserPoolName() string
- func (csrp *CognitoSRP) GetUsername() string
- func (csrp *CognitoSRP) PasswordVerifierChallenge(challengeParms map[string]string, ts time.Time) (*cip.RespondToAuthChallengeInput, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CognitoSRP ¶
type CognitoSRP struct {
// contains filtered or unexported fields
}
CognitoSRP handles SRP authentication with AWS Cognito
func NewCognitoSRP ¶
func NewCognitoSRP(username, password, poolId, clientId string, clientSecret *string) (*CognitoSRP, error)
NewCognitoSRP creates a CognitoSRP object
func (*CognitoSRP) GetAuthParams ¶
func (csrp *CognitoSRP) GetAuthParams() map[string]string
GetAuthParams returns the AuthParms map of values required for make InitiateAuth requests
func (*CognitoSRP) GetClientId ¶
func (csrp *CognitoSRP) GetClientId() string
GetClientId returns the configured Cognito Cient ID
func (*CognitoSRP) GetSecretHash ¶
func (csrp *CognitoSRP) GetSecretHash(username string) (string, error)
GetSecretHash returns the secret hash string required to make certain Cognito Identity Provider API calls (if client is configured with a secret)
func (*CognitoSRP) GetUserPoolId ¶
func (csrp *CognitoSRP) GetUserPoolId() string
GetUserPoolId returns the configured Cognito User Pool ID
func (*CognitoSRP) GetUserPoolName ¶
func (csrp *CognitoSRP) GetUserPoolName() string
GetUserPoolName returns the configured Cognito User Pool Name
func (*CognitoSRP) GetUsername ¶
func (csrp *CognitoSRP) GetUsername() string
GetUsername returns the configured Cognito user username
func (*CognitoSRP) PasswordVerifierChallenge ¶
func (csrp *CognitoSRP) PasswordVerifierChallenge(challengeParms map[string]string, ts time.Time) (*cip.RespondToAuthChallengeInput, error)
PasswordVerifierChallenge returns a github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider.RespondToAuthChallengeInput object which can be used to fulfil a PASSWORD_VERIFIER Cognito challenge
Source Files