如何使用AWS Cognito Ruby SDK注册新用户? [英] How to register a new user using AWS Cognito Ruby SDK?

问题描述

我想知道如何使用AWS Cognito Ruby SDK注册新用户.

I would like to know how to register a new user using AWS Cognito Ruby SDK.

到目前为止，我已经尝试过:

So far I tried:

输入

AWS_KEY = "MY_AWS_KEY"
AWS_SECRET = "MY_AWS_SECRET"

client = Aws::CognitoIdentityProvider::Client.new(
  access_key_id: AWS_KEY,
  secret_access_key: AWS_SECRET,
  region: 'us-east-1',
)

resp = client.sign_up({
  client_id: "4d2c7274mc1bk4e9fr******", # required
  username: "test@test.com", # required
  password: "Password23sing", # required
  user_attributes: [
    {
      name: "app", # required
      value: "my app name",
    },
  ],
  validation_data: [
    {
      name: "username", # required
      value: "true",
    },
  ]
})

输出

Aws::CognitoIdentityProvider::Errors::NotAuthorizedException (Unable to verify secret hash for client 4d2c7274mc1bk4e9fr*****)

参考

https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Client.html#sign_up-instance_method

预先感谢

推荐答案

如果您的应用程序客户端配置了客户端密码，则大多数客户端请求都要求您在请求的选项参数中包含秘密哈希".认知文档这样描述了秘密哈希:

If your app client is configured with a client secret, most of the client requests require you to include a 'secret hash' in the options parameters of the request. The Cognito docs describe the secret hash thusly:

SecretHash值是Base 64编码的键哈希消息使用用户的密钥计算出的验证码(HMAC)池中的客户端和用户名以及消息中的客户端ID.以下伪代码显示了如何计算此值.

The SecretHash value is a Base 64-encoded keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message. The following pseudocode shows how this value is calculated.

Base64(HMAC_SHA256(客户端密钥"，用户名" +客户端ID"))

Base64 ( HMAC_SHA256 ( "Client Secret Key", "Username" + "Client Id" ) )

文档还通过一组示例Java明确表明，您应该自己滚动.经过一些试验，我可以使用以下命令成功完成 sign_up 调用(我的测试池已设置为需要电子邮件和名称属性):

The docs also make it clear via a glob of sample Java that you are expected to roll your own. After a bit of experimenting I was able to successfully complete a sign_up call with the following (my test pool was set up to require email and name attributes):

def secret_hash(client_secret, username, client_id)
  Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', CLIENT_SECRET, username + CLIENT_ID))
end

client = Aws::CognitoIdentityProvider::Client.new(
  access_key_id: AWS_KEY,
  secret_access_key: AWS_SECRET,
  region: REGION)

username = 'bob.scum@example.com'
resp = client.sign_up({
         client_id: CLIENT_ID,
         username: username,
         password: 'Password23sing!',
         secret_hash: secret_hash(CLIENT_SECRET, username, CLIENT_ID),
         user_attributes: [{ name: 'email', value: username },
                           { name: 'name', value: 'Bob' }],
         validation_data: [{ name: 'username', value: 'true' },
                           { name: 'email', value: 'true' }]
       })

CLIENT_SECRET 是应用客户端密码，可以在常规设置>下找到.应用客户端.

CLIENT_SECRET is the app client secret that can be found under General Settings > App Clients.

结果:

#<struct Aws::CognitoIdentityProvider::Types::SignUpResponse
 user_confirmed=false,
 code_delivery_details=nil,
 user_sub="c87c2ac8-1480-4d15-a28d-6998d9260e73">

这篇关于如何使用AWS Cognito Ruby SDK注册新用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！