亚马逊Cognito AuthFlow [英] Amazon Cognito AuthFlow

问题描述

多少个问题，

在.NET中，一个人如何使用Amazon Cognito用户池执行身份验证。
我正在使用以下命令启动Auth：

How does one perform authentication with Amazon Cognito User Pools, in .NET. I am initiating the Auth with the following:

var response1 = client.InitiateAuth(new InitiateAuthRequest()
            {
                AuthFlow = AuthFlowType.USER_SRP_AUTH,
                AuthParameters = new Dictionary<string, string>()
                {
                    {"USERNAME","User" },
                    {"SRP_A"  ,  A }
                },
                ClientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"
            });

他们的文档确实非常糟糕，我似乎找不到通过的内容想要回应挑战。

Their documentation is really, really bad, and I can't seem to find what to pass when I want to respond to the challenge.

client.RespondToAuthChallenge(new RespondToAuthChallengeRequest()
        {
            ChallengeName = ChallengeNameType.PASSWORD_VERIFIER,
            ChallengeResponses = { /*WHAT am I supposed to add here, and where can I find any documnetation on what is expected?*/ },
            Session =  response1.Session,
            ClientId = "xxxxxxxxxxxxx"
        });

另一方面，我想使用Cognito联合身份来保护自定义.Net API，因此我的想法是使用Cognito返回的令牌作为JWT传递到webapi端，然后在此处对令牌进行解码和验证。这是使用Amazon Cognito的预期方式吗？ （至少到目前为止，我不想使用Amazon API网关）。

On a side note, I want to use Cognito Federated Identities to protected a custom .Net API, so my idea is to use a Token returned by Cognito to pass as the JWT to the webapi side, where I would then decode and validate the token. Is this a expected way to use Amazon Cognito for? (I don't want to use amazon API gateway, for now at least).

我假设它只是使用默认的JWT中间件配置OWIN，还是我应该期待其他东西？

I am assuming its just configuring OWIN with a default JWT middleware, or should I expected something else?

推荐答案

开发人员指南讨论了启动身份验证和响应身份验证请求的需求。

The developer guide touches on what needs to go into the request for both initiate auth and respond to auth challenge.

您很可能会找到它使用AdminInitiateAuth API（在同一链接中详细介绍），可以更轻松地将srp身份验证卸载到Cognito，这将为您填补这些空白。

You will likely find it easier to offload the srp authentication to Cognito with the AdminInitiateAuth API (detailed in the same link), which will fill in these blanks for you.

移动SDK为您提供了围绕SRP身份验证的包装程序，可帮助填写这些参数，但其他SDK则没有此类功能。您可以使用SDK的代码（所有这些代码都存在于GitHub中）来填充SRP_A之类的内容，但是您可能会发现，仅使用AdminInitiateAuth就容易得多。

The mobile SDKs have wrappers around SRP authentication for you, which help fill in these parameters, but other SDKs have no such features in place. You could use the code for the SDKs (all of which live in GitHub) to fill in things like SRP_A, but you'll likely find it far easier to just use AdminInitiateAuth.

这篇关于亚马逊Cognito AuthFlow的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！