没有密码的 AWS Cognito 用户池 [英] AWS Cognito User Pool without a password
问题描述
我想使用电话号码作为我的应用程序的用户名,并且我希望能够通过每次登录时验证电话号码来简化注册 - 没有乱七八糟的密码记住业务.
I want to use a phone number as the username for my app and i want to be able to make it simple to sign up by just having to verify the phone number each time they want to login - no messy password remembering business.
如何使用 AWS Cognito 用户池执行此操作,因为它要求我为每个用户强制配置密码.
How to do this with AWS Cognito User Pool as its asking me to mandatorily configure a password for each user.
我想过为每个用户使用一个虚拟密码并配置强制用户验证.每次用户退出时,我都可以取消验证"用户,以便下次自动要求他们验证电话号码.此外,如果用户通过验证,我会将我的应用程序连接到仅登录".
I thought of using a dummy password for each user and configure mandatory user verification. Everytime the user sign out i can "Unverify" the user so that next time they would automatically be asked to verify the phone number. Also i would wire up my app to only "login" if the user is verified.
如果这是最好的方法,请告诉我:(我是 AWS 的新手,我找不到有关此场景的任何帖子.
Please let me know if the is the best approach :( I'm new to AWS and i could't find any posts for this scenario.
谢谢!!
推荐答案
由于 AWS Cognito 当前不支持无密码身份验证,您需要实施一种使用外部存储的随机密码的解决方法.您可以按如下方式实现身份验证流程.
Since AWS Cognito is not currently supporting passwordless authentication you need to implement a workaround with random password stored externally. You can implement the authentication flow as follows.
- 在用户注册后(同时要求提供手机号码并强制填写),将手机号码、用户名和密码也存储在 Dynamodb 中并使用 AWS KMS(为了提高安全性).
- 您可以使用带有手机号码的MFA进行身份验证挑战,以便在用户输入手机号码并按登录后(在前端),在后端您可以自动进行用户名密码匹配(Passthrough)并触发MFA发送代码适用于用户的移动设备并使用 AWS Cognito SDK 进行验证(不实施自定义移动消息和质询).
- 如果您计划手动实施流程(无 MFA)以发送 SMS 和验证,您可以为此使用 AWS SNS.
查看以下代码示例以了解 MFA 的见解并参考 此链接 了解更多详情.
Check the following code sample to understand the insight of MFA and refer this link for more details.
var userData = {
Username : 'username',
Pool : userPool
};
cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
var authenticationData = {
Username : 'username',
Password : 'password',
};
var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);
cognitoUser.authenticateUser(authenticationDetails, {
onSuccess: function (result) {
alert('authentication successful!')
},
onFailure: function(err) {
alert(err);
},
mfaRequired: function(codeDeliveryDetails) {
var verificationCode = prompt('Please input verification code' ,'');
cognitoUser.sendMFACode(verificationCode, this);
}
});
注意:此处带有手机号码的 MFA 不是用于 MFA 的目的,而是作为满足您要求的一种变通方法.
Note: Here the MFA with mobile number is not used for the purpose of MFA but as a workaround to meet your requirement.
这篇关于没有密码的 AWS Cognito 用户池的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!