如何在 Java 中为 AWS Cognito 用户池中的登录用户以编程方式启用或禁用 MFA? [英] How to programmatically enable or disable MFA for a logged user in AWS Cognito user pool in Java?
问题描述
我正在使用以下代码,但它不会更改 AWS 中的任何内容,尽管它没有返回文档中所述的任何内容.
更新-0:在应用程序级别,它工作正常.当我启用 MFA 时,我得到了代码,而当我禁用它时,我没有得到代码.我的问题是 Cognito Amazon Console 的 UI 中的 MFA 状态没有改变,如上图所示.
admin-set-user-mfa-preference 和 set-user-mfa-preference 有什么区别?
set-user-mfa-preference 需要令牌强制,如下图所示.但是在代码中,我使用了 admin-set-user-mfa-preference
这有什么区别吗?
实际上,是否启用/禁用 SMS MFA 状态都没有关系.它根据应用程序级别发送的状态工作.
但我担心的是 ->UI 的操作不工作是否正常?
有一些事情可能会出错.我的猜测是您没有 phone_number,因此不会发生 MFA.但您可能会发现以下任何一项:
- Lambda/应用程序无权更改 MFA
- 用户没有
phone_number - 未将用户池 MFA 设置为选择加入"或必需"
- 角色用户池需要为未设置的 MFA 消息访问 SNS
- SNS 短信预算未超过默认值 1 美元
- 缺少 phone_number_verified 或 email_verified(您似乎有电子邮件)
您可能是 1-3 人之一,其他人只是我在使用 Cognito 时发现的其他东西.
I am using the following code, but it doesn't change anything in the AWS, although it returns nothing as stated in the documentation. https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html
public boolean changeMfaStatus(String username, Boolean status) {
final SMSMfaSettingsType smsMfaSettings = SMSMfaSettingsType.builder()
.preferredMfa(true)
.enabled(true)
.build();
final AdminSetUserMfaPreferenceRequest setUserMFAPreferenceRequest = AdminSetUserMfaPreferenceRequest.builder()
.userPoolId(userPoolID)
.smsMfaSettings(smsMfaSettings)
.username(username)
.build();
LOG.warn(setUserMFAPreferenceRequest);
try {
cognitoClient.adminSetUserMFAPreference(setUserMFAPreferenceRequest);
} catch (Exception e) {
LOG.warn(e);
return false;
}
return true;
}
Update: Actually, this code changes the SMS MFA Status, but the changes cannot be seen in the UI of the Cognito user pool.
As the same thing from aws-cli also changes the status, but not in UI.
Update-0: At the application level, it works fine. When I enable MFA, I got the code, and when I disable it, I don't get the code. My problem is MFA Status doesn't change in the UI of Cognito Amazon Console, as shown in the above picture.
What is the difference between admin-set-user-mfa-preference and set-user-mfa-preference?
set-user-mfa-preference requires token compulsory as shown in the picture below.
But in the code, I have used admin-set-user-mfa-preference
Does that make any differences?
Actually, whether you enable/disable SMS MFA status, it doesn't matter. It works according to the status sent from the application level.
But my concern is -> Is this okay that UI's operation not working?
There are a couple of things which can go wrong with this. My guess would be is that you don't have a phone_number, so no MFA can happen. But you may find any of the following:
- Lambda/Application doesn't have permissions to change MFA
- User has no
phone_number - User Pool MFA not set to Opt-In or Required
- Role Userpool needs for accessing SNS for MFA messages not setup
- SNS SMS budget hasn't been increased past default of 1 USD
- Missing phone_number_verified or email_verified (seems you have email)
You will probably be one of 1-3, the others are just other stuff I have found when working with Cognito.
这篇关于如何在 Java 中为 AWS Cognito 用户池中的登录用户以编程方式启用或禁用 MFA?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
