具有多个登录选项的AWS Cognito池 [英] aws cognito pool with multiple sign in options
问题描述
我有一个移动应用程序,想要使用AWS Cognito池进行用户管理(注册和登录)。我想提供以下3种选项供用户登录我的应用程序
I have a mobile application and wanted to use AWS Cognito pool for user management (sign up & sign in). I wanted to provide below 3 options for users to log in to my app
- 用户名,密码
- 具有OTP登录名的电话号码-在登录屏幕上,用户输入其电话号码,Cognito应该发送OTP代码,并且在验证时,应允许登录
- Google connect登录
在注册期间,用户将设置用户名,密码并添加已验证的电话号码,并且可以选择将google连接添加到他们的配置文件。
during sign up, the user will set up username, password and adds verified phone number and optionally they can add their google connect to their profile.
如何针对这种情况设置Cognito池,以便用户可以选择上述3个选项中的任何一个来登录应用程序?
How to setup Cognito pool for this scenario that user can choose any of the above 3 options to log in to the app?
推荐答案
我找到了一种方法来设置Cognito以允许多个登录选项。
设置Cognito如下
1.选择使用电话号码作为用户名
2.使其具有强制性和可验证性。
3.这将使phone_number成为登录的别名。
I found a way to setup Cognito to allow multiple login options. setup Cognito like below 1. select use phone number as username 2. make it mandatory and verifiable. 3. this will make phone_number as alias for login.
使用CUSTOM_CHALLENGE选项配置使用OTP的电话号码登录。
use CUSTOM_CHALLENGE option to configure login with phone number with OTP.
基本上,我们需要在Cognito中配置3个触发器以将OTP发送到用户注册号码。
1.登录定义身份验证质询触发器-定义CUSTOM_CHALLENGE
2.登录创建身份验证质询触发器-创建逻辑来生成OTP并使用SNS服务
发送SMS 3.登录-in验证身份验证质询触发器-验证收到的OTP,生成的OTP将在上下文中可用,因此无需保存在任何数据库中。
basically, we need to configure 3 triggers in Cognito to send OTP to user registered number. 1. sign-in define auth challenge trigger -- define CUSTOM_CHALLENGE 2. sign-in create auth challenge trigger -- create logic to generate OTP and send SMS using SNS service 3. sign-in verify auth challenge trigger -- validate received OTP, generated OTP will be available in context so no need to save in any database.
Trigger#1-定义身份验证挑战
exports.handler = (event, context, callback) => {
if (event.request.session.length == 0){
event.response.issueTokens = false;
event.response.failAuthentication = false;
event.response.challengeName = 'CUSTOM_CHALLENGE';
} else if(event.request.session.length == 1
&& event.request.session[0].challengeName == 'CUSTOM_CHALLENGE'
&& event.request.session[0].challengeResult == true){
event.response.issueTokens = true;
event.response.failAuthentication = false;
} else {
event.response.issueTokens = false;
event.response.failAuthentication = true;
}
// Return to Amazon Cognito
callback(null, event);
}
触发器#2-创建身份验证挑战,确保此Lambda具有SNS角色
Trigger#2 - create auth challenge make sure this lambda have SNS role
var AWS = require("aws-sdk");
exports.handler = (event, context, callback) => {
if (event.request.session.length == 0 && event.request.challengeName == 'CUSTOM_CHALLENGE') {
//create the code
var answer = Math.random().toString(10).substr(2,6);
//send the code via Amazon SNS Global SMS
var sns = new AWS.SNS();
sns.publish({
Message: 'your verification code is '+answer,
PhoneNumber: event.request.userAttributes.phone_number
}, function(err, data) {
if (err){
console.log(err, err.stack); // an error occurred
return;
}
console.log('SMS Sent'); // successful response
});
//set the return parameters **including the correct answer**
event.response.publicChallengeParameters = {};
event.response.privateChallengeParameters = {};
event.response.privateChallengeParameters.answer = answer;
event.response.challengeMetadata = 'PASSWORDLESS_CHALLENGE';
}
//Return to Amazon Cognito
callback(null, event);
}
触发#3-验证身份验证质询响应
exports.handler = (event, context, callback) => {
if (event.request.privateChallengeParameters.answer == event.request.challengeAnswer) {
event.response.answerCorrect = true;
} else {
event.response.answerCorrect = false;
}
// Return to Amazon Cognito
callback(null, event);
}
这篇关于具有多个登录选项的AWS Cognito池的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
