何时执行身份验证质询触发器? [英] When Is Authentication Challenge Trigger executed?
问题描述
作为我的用户池的 Auth Challenge ,我定义了一个Lambda函数.此功能向Authy发送请求以请求一键式身份验证.
As Auth Challenge for my User Pool I defined a Lambda Function. This function sends a request to Authy to requiere One Touch Authentication.
我想通过此设置将Authy Multi-Factor身份验证添加到Cognito登录过程.
I would like to have this setup to add Authy Multi-Factor Authentication to the Cognito Login Process.
但是,当我进行身份验证时,使用用户名登录Cognito用户并密码不会触发此lambda函数!
我怎么了?Lambda触发器是否仅针对注册过程定义?谢谢
What do I wrong? Are the Lambda Triggers only for defined for the Register Process? Thanks
---------------------更新:------------------------------------------------
---------------------Update:------------------------------------------------
我的登录代码,需要用户名和密码:
My login code, that requires username and password:
authenticate(userName, userPassword) {
var userData = {Username: userName, Pool : CognitoUserPool}
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
var authenticationData = {Username : userName, Password : userPassword};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (session) {
AWSInitialize(cognitoUser, session);
face.showHome();
}.bind(this),
mfaRequired: function(session){
new MFAConfirmation(cognitoUser, 'login');
},
onFailure: function(err) {
alert(err);
}
});
};
定义触发器的位置
推荐答案
Define Auth Challenge lambda仅在CUSTOM_AUTH流的上下文中起作用,因此在身份验证时必须将CUSTOM_AUTH作为AuthFlow传递.在Javascript中,您可以执行以下操作:
The Define Auth Challenge lambda works only in the context of the CUSTOM_AUTH flow so you would have to pass CUSTOM_AUTH as the AuthFlow when authenticating. In Javascript you can do:
cognitoUser.setAuthenticationFlowType('CUSTOM_AUTH');
《 Cognito使用AWS Lambda触发器》开发人员指南中的示例实际上就是这样做的.通过用户名和密码进行身份验证后,他们可以让您定义另一个挑战.
The examples in the Cognito Working with AWS Lambda Triggers developer guide actually do that. They let you define another challenge after authenticating with username and password.
定义身份验证挑战"示例使您可以在使用用户名和密码进行身份验证之后设置另一个挑战.当您将CUSTOM_CHALLENGE指定为质询时,它将调用创建身份验证质询lambda触发器.
The Define Auth Challenge example lets you setup another challenge after authenticating with username and password. It invokes the Create Auth Challenge lambda trigger when you specify CUSTOM_CHALLENGE as the challenge.
exports.handler = function(event, context) {
if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
event.response.issueTokens = false;
event.response.failAuthentication = false;
event.response.challengeName = 'PASSWORD_VERIFIER';
} else if (event.request.session.length == 2 && event.request.session[1].challengeName == 'PASSWORD_VERIFIER' && event.request.session[1].challengeResult == true) {
event.response.issueTokens = false;
event.response.failAuthentication = false;
event.response.challengeName = 'CUSTOM_CHALLENGE';
} else if (event.request.session.length == 3 && event.request.session[2].challengeName == 'CUSTOM_CHALLENGE' && event.request.session[2].challengeResult == true) {
event.response.issueTokens = true;
event.response.failAuthentication = false;
} else {
event.response.issueTokens = false;
event.response.failAuthentication = true;
}
context.done(null, event);
}
这篇关于何时执行身份验证质询触发器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
