aws-doc-sdk-examples icon indicating copy to clipboard operation
aws-doc-sdk-examples copied to clipboard

Published 20 hours ago verified publisher icon awsdocs

[Epic] Cognito MVP

Open Laren-AWS opened this issue 2 years ago • 0 comments

Implement the scenario and service action calls to create examples for each SDK.

Service actions

Service actions can either be pulled out as individual functions or can be incorporated into the scenario, but each service action must be included as an excerpt in the SOS output.

ConfirmSignUp ConfirmDevice AssociateSoftwareToken AdminGetUser ListUsers ResendConfirmationCode RespondToAuthChallenge AdminRespondToAuthChallenge SignUp InitiateAuth AdminInitiateAuth VerifySoftwareToken

Scenario

A scenario runs at a command prompt and prints output to the user on the result of each service action. A scenario can run in one of two ways: straight through, printing out progress as it goes, or as an interactive question/answer script.

Scaffolding

CDK/CFN script to set up user pool is provided in resources/cdk/cognito_scenario_user_pool_with_mfa.

The script creates a user pool configured with:

  • self-sign up enabled
  • auto verify email
  • email required
  • sign in case insensitive
  • MFA required
  • MFA second factor OTP:true, SMS: false

And a client app added to the pool with two auth flows enabled:

  • ADMIN_USER_PASSWORD_AUTH
  • USER_PASSWORD_AUTH

Sign up users with MFA

  1. Sign up: SignUp
  2. [Optional] AdminGetUser to get user confirmation status if user exists.
  3. [Optional] ResendConfirmationCode if user needs another code.
  4. Confirm signup: ConfirmSignUp
  5. Sign in, get prompted to set up TOTP (Time-based one-time password) MFA: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “MFA_SETUP”)
  6. Generate a TOTP MFA private key: AssociateSoftwareToken, Generate a QR code from response and display to user.
  7. Verify the TOTP and register for MFA: VerifySoftwareToken
  8. Sign in again, get prompted to submit TOTP: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”)
  9. Provide TOTP, get tokens: AdminRespondToAuthChallenge

[Bonus]

  1. Register user’s device: ConfirmDevice
  2. Sign in with device: InitiateAuth with USER_PASSWORD_AUTH (include DEVICE_KEY). Challenge response DEVICE_SRP_AUTH.
  3. RespondToAuthChallenge with DEVICE_SRP_AUTH, get DEVICE_PASSWORD_VERIFIER challenge.
  4. RespondToAuthChallenge with DEVICE_PASSWORD_VERIFIER (requires SRP calculations), get access tokens without the need to generate a new MFA code.

SDKs

  • [ ] #3317
  • [ ] C++ <Service> MVP
  • [ ] Go <Service> MVP
  • [x] #3315
  • [ ] JavaScript <Service> MVP
  • [x] #3316
  • [x] #3191
  • [ ] PHP <Service> MVP
  • [ ] Ruby <Service> MVP
  • [ ] Rust <Service> MVP
  • [ ] Swift <Service> MVP

Exit criteria:

  • [ ] Runnable scenario code.
  • [ ] Service action code (may be same as scenario code).
  • [ ] Integration or unit tests.
  • [ ] Scenario and API examples tagged for SOS.
  • [ ] README

Laren-AWS avatar Jun 30 '22 17:06 Laren-AWS