Documentation ¶
Overview ¶
Package cognitoclientgo implements authentication against AWS Cognito the same way as the client browser does.
Use it if you want to write app or cli that has the same access as the regular registered user to your AWS Cognito User pool. I needed it to obtain the JWT token to authorize API calls to API Gateway that with Cognito Authorizer.
You don't need the AWS IAM credentials. Currently it doesn't support federated identities.
Credentials ¶
You'll need to specify:
UserPoolID: <string> ClientID: <string> SecretHash: [OPTIONAL if configured with you client app] string UserName: <string> Password: <string>
You can get all these params from AWS web console.
Example usage
c, err := cognitoclientgo.NewClient(auth.Input{ UserPoolID: os.Getenv("COGNITO_USER_POOL_ID"), ClientID: os.Getenv("COGNITO_CLIENT_ID"), SecretHash: os.Getenv("COGNITO_SECRET_HASH"), UserName: os.Getenv("COGNITO_USERNAME"), Password: os.Getenv("COGNITO_PASSWORD"), }) if err != nil { ... } // jwtToken can be used in Authorization header sent to API GW jwtToken, err := c.Auth() if err != nil { ... } // once authorized you can call getUser to get info about user from Cognito user, err := c.GetUser() if err != nil { ... }
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the main struct that enables auth
func (*Client) Auth ¶
Auth returns the JWTToken and if needed it will start authorization flow
Example ¶
package main import ( "encoding/json" "fmt" "log" "os" // "github.com/dacz/cognitoclientgo" "github.com/joho/godotenv" ) func printAndExit(err error) { fmt.Printf("message: %s\ntype: %T\nvalue: %#v\n", err.Error(), err, err) os.Exit(1) } func main() { err := godotenv.Load() if err != nil { log.Fatal("Error loading .env file") } c, err := NewClient(Input{ UserPoolID: os.Getenv("COGNITO_USER_POOL_ID"), ClientID: os.Getenv("COGNITO_CLIENT_ID"), SecretHash: os.Getenv("COGNITO_SECRET_HASH"), UserName: os.Getenv("COGNITO_USERNAME"), Password: os.Getenv("COGNITO_PASSWORD"), }) if err != nil { printAndExit(err) } jwtToken, err := c.Auth() if err != nil { printAndExit(err) } fmt.Printf("Token to use as JWT token is:\n%s\n", jwtToken) user, err := c.GetUser() if err != nil { printAndExit(err) } upretty, err := json.MarshalIndent(user, "", " ") if err != nil { fmt.Printf("User data:\n%#v\n", *user) } else { fmt.Println(string(upretty)) } fmt.Printf("%#v\n", c.Tokens()) // should go from cache next time // user, err = c.GetUser() // if err != nil { // printAndExit(err) // } // should force to obtain fresh user data from Cognito no matter the cache // user, err = c.GetUser(true) // if err != nil { // printAndExit(err) // } }
Output:
func (*Client) GetUser ¶
GetUser asks for Cognito user data if send an argument 'true', it will force download data even if they are cached (pointer is not used because we don't want allow any modifications)
Directories ¶
Path | Synopsis |
---|---|
Package srp calculates the responses to cognito srp challenges to authenticate client and get tokens This is de facto utility package for main Auth package Is is de facto copy-paste from https://github.com/AlexRudd/cognito-srp (which is based on capless warrant: https://github.com/capless/warrant) The only changed thing is that I removed the dependency to aws sdk and aws cognitoidentityprovider because for this package they are not needed.
|
Package srp calculates the responses to cognito srp challenges to authenticate client and get tokens This is de facto utility package for main Auth package Is is de facto copy-paste from https://github.com/AlexRudd/cognito-srp (which is based on capless warrant: https://github.com/capless/warrant) The only changed thing is that I removed the dependency to aws sdk and aws cognitoidentityprovider because for this package they are not needed. |