没有密码的 AWS Cognito 用户池 [英] AWS Cognito User Pool without a password

问题描述

我想使用电话号码作为我的应用程序的用户名，并且我希望能够通过每次登录时验证电话号码来简化注册 - 没有乱七八糟的密码记住业务.

I want to use a phone number as the username for my app and i want to be able to make it simple to sign up by just having to verify the phone number each time they want to login - no messy password remembering business.

如何使用 AWS Cognito 用户池执行此操作，因为它要求我为每个用户强制配置密码.

How to do this with AWS Cognito User Pool as its asking me to mandatorily configure a password for each user.

我想过为每个用户使用一个虚拟密码并配置强制用户验证.每次用户退出时，我都可以取消验证"用户，以便下次自动要求他们验证电话号码.此外，如果用户通过验证，我会将我的应用程序连接到仅登录".

I thought of using a dummy password for each user and configure mandatory user verification. Everytime the user sign out i can "Unverify" the user so that next time they would automatically be asked to verify the phone number. Also i would wire up my app to only "login" if the user is verified.

如果这是最好的方法，请告诉我:(我是 AWS 的新手，我找不到有关此场景的任何帖子.

Please let me know if the is the best approach :( I'm new to AWS and i could't find any posts for this scenario.

谢谢！！

推荐答案

由于 AWS Cognito 当前不支持无密码身份验证，您需要实施一种使用外部存储的随机密码的解决方法.您可以按如下方式实现身份验证流程.

Since AWS Cognito is not currently supporting passwordless authentication you need to implement a workaround with random password stored externally. You can implement the authentication flow as follows.

• 在用户注册后(同时要求提供手机号码并强制填写)，将手机号码、用户名和密码也存储在 Dynamodb 中并使用 AWS KMS(为了提高安全性).
• 您可以使用带有手机号码的MFA进行身份验证挑战，以便在用户输入手机号码并按登录后(在前端)，在后端您可以自动进行用户名密码匹配(Passthrough)并触发MFA发送代码适用于用户的移动设备并使用 AWS Cognito SDK 进行验证(不实施自定义移动消息和质询).
• 如果您计划手动实施流程(无 MFA)以发送 SMS 和验证，您可以为此使用 AWS SNS.

查看以下代码示例以了解 MFA 的见解并参考 此链接 了解更多详情.

Check the following code sample to understand the insight of MFA and refer this link for more details.

    var userData = { 
        Username : 'username',
        Pool : userPool
    };

    cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);

    var authenticationData = {
        Username : 'username',
        Password : 'password',
    };

    var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);

    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
            alert('authentication successful!')
        },

        onFailure: function(err) {
            alert(err);
        },

        mfaRequired: function(codeDeliveryDetails) {
            var verificationCode = prompt('Please input verification code' ,'');
            cognitoUser.sendMFACode(verificationCode, this);
        }

    });

注意:此处带有手机号码的 MFA 不是用于 MFA 的目的，而是作为满足您要求的一种变通方法.

Note: Here the MFA with mobile number is not used for the purpose of MFA but as a workaround to meet your requirement.

这篇关于没有密码的 AWS Cognito 用户池的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！