没有密码的AWS Cognito用户池 [英] AWS Cognito User Pool without a password
问题描述
我想使用电话号码作为我的应用程序的用户名,并且我希望能够简化注册过程,只需在每次登录时都需要验证电话号码即可-无需记住任何麻烦的密码即可。
如何使用AWS Cognito用户池执行此操作,要求我强制为每个用户配置密码。
<我想到了为每个用户使用虚拟密码并配置强制用户验证。每次用户注销时,我都可以取消验证用户,以便下次自动要求他们验证电话号码。另外,如果用户通过验证,我会将我的应用程序连接为仅登录。
请告诉我这是否是最好的方法:(我是AWS新手,在这种情况下我找不到任何帖子。
谢谢!!
由于AWS Cognito当前不支持无密码身份验证,因此您需要实施具有外部存储的随机密码的解决方法。您可以按照以下步骤实施身份验证流程。
- 用户注册后(还要求提供手机号码和将其设置为必填项),还将手机号码,用户名和密码也存储在Dynamodb中,并用 AWS KMS 加密
- 您可以将MFA与手机号码一起使用以进行身份验证质询,以便在用户输入手机号码并按login(在前端)后,在后端中您可以自动输入用户名密码匹配(直通)并触发MFA为用户的移动设备发送代码,并使用AWS Cognit进行验证o SDK(不实施自定义移动消息和挑战)。
- 如果您打算手动实施流程(不使用MFA)以发送SMS和验证,您可以为此目的使用AWS SNS。
检查以下代码示例以了解MFA的见解并参考此链接
var userData = {
用户名:用户名,
池:userPool
};
cognitoUser =新的AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
var authenticationData = {
用户名:用户名,
密码:密码,
};
var authenticationDetails =新的AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
cognitoUser.authenticateUser(authenticationDetails,{
onSuccess:函数(结果){
alert('authentication success!')
},
onFailure:function(err){
alert(err);
},
mfaRequired:function(codeDeliveryDetails){
var VerificationCode =提示('Please输入验证码','');
cognitoUser.sendMFACode(verificationCode,this);
}
});
注意:此处带有手机号码的MFA并非用于MFA,而是一种解决方法满足您的要求。
I want to use a phone number as the username for my app and i want to be able to make it simple to sign up by just having to verify the phone number each time they want to login - no messy password remembering business.
How to do this with AWS Cognito User Pool as its asking me to mandatorily configure a password for each user.
I thought of using a dummy password for each user and configure mandatory user verification. Everytime the user sign out i can "Unverify" the user so that next time they would automatically be asked to verify the phone number. Also i would wire up my app to only "login" if the user is verified.
Please let me know if the is the best approach :( I'm new to AWS and i could't find any posts for this scenario.
Thanks !!
Since AWS Cognito is not currently supporting passwordless authentication you need to implement a workaround with random password stored externally. You can implement the authentication flow as follows.
- After user Signup (Also ask for mobile number and make it mandatory), store the Mobile number, Username and Password also in Dynamodb encrypted with AWS KMS (For additional security).
- You can use MFA with mobile number for authentication challenge so that after the user enters mobile number and press login(In frontend), in the backend you can automatically do username password matching(Passthrough) and trigger the MFA to send a code for user's mobile and verify that using the AWS Cognito SDK (Without implementing custom mobile message and challenge).
- If you plan to implement the flow manually(Without MFA) to send the SMS & validation, you can use AWS SNS for the purpose.
Check the following code sample to understand the insight of MFA and refer this link for more details.
var userData = {
Username : 'username',
Pool : userPool
};
cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
var authenticationData = {
Username : 'username',
Password : 'password',
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
alert('authentication successful!')
},
onFailure: function(err) {
alert(err);
},
mfaRequired: function(codeDeliveryDetails) {
var verificationCode = prompt('Please input verification code' ,'');
cognitoUser.sendMFACode(verificationCode, this);
}
});
Note: Here the MFA with mobile number is not used for the purpose of MFA but as a workaround to meet your requirement.
这篇关于没有密码的AWS Cognito用户池的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
