amazon cognito - 개발자 안내서 · amazon cognito 개발자 안내서 amazon cognito란...
TRANSCRIPT
-
Amazon Cognito
-
Amazon Cognito
Amazon Cognito: Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored byAmazon.
-
Amazon Cognito
Table of ContentsAmazon Cognito ? ............................................................................................................ 1
Amazon Cognito .............................................................................................................. 2Amazon Cognito ........................................................................................................... 2Amazon Cognito ................................................................................................................. 3Amazon Cognito .......................................................................................................... 3 ................................................................................................................. 4
Amazon Cognito ................................................................................................................... 5 Amazon Cognito ...................................................................................................... 6
................................................................................................................. 6 ................................................................................................................. 6API Lambda ............................................................................... 7 AWS ............................................................ 8 AWS ........................................................... 8Amazon Cognito AWS AppSync .................................................................. 9
............................................................................................................................................. 10 ......................................................................................................................... 10
...................................................................................................................... 10 ..................................................................................................................... 10
...................................................................................................................... 11SDK ................................................................................................................... 11AWS ..................................................................................................................... 12
Amazon Cognito ................................................................................................................ 13 ................................................................................................................... 14
: AWS ................................................................................................. 14 1. .................................................................. 14 2. UI ........................................................................... 15 3. () .......................................................................... 17 4. SAML () ...................................... 20 5. Amazon Cognito SDK ....................................................................... 22 ......................................................................................................................... 23
.............................................................................................................. 23JavaScript ............................................................................................................ 23Android ................................................................................................................ 39iOS ..................................................................................................................... 59
................................................................................................................... 73 (AWS Management ) ....................................................................... 73 .................................................................................................... 75 ...................................................................................................................... 77 ................................................................................................. 82 .............................................................................................................. 85
............................................................................................................ 87 ................................................................................................ 88SAML ............................................................................................................ 91OIDC ............................................................................................................. 98 ................................................................................................................ 104
............................................................................................................................... 106 (MFA) ................................................................................................ 106 ........................................................................................................ 109
Lambda ................................................................................................................ 117Lambda ........................................................................................................ 118 Lambda ...................................................................................... 118 Lambda ............................................................................ 119Lambda ........................................................................................................ 119 Lambda ................................................................................................ 121
iii
-
Amazon Cognito
Lambda ................................................................................................ 126 Lambda ................................................................................................ 129 Lambda ................................................................................................ 131 Lambda ........................................................................................................ 134 Lambda ......................................................................................... 142 Lambda ................................................................................. 145 Lambda ................................................................................... 148
Amazon Pinpoint ...................................................................................................... 153Amazon Pinpoint .............................................................................................. 153Amazon Pinpoint (AWS CLI AWS API) ....................................................... 154
............................................................................................................................ 154 ................................................................................................. 154 ...................................................................................................... 158 ..................................................................................................... 161 ........................................................................................................ 163 ............................................................................................ 166
...................................................................................................................................... 176 ........................................................................................................ 178 ....................................................................................................................... 181
.......................................................................................................... 188 ......................................................................................................... 6API Lambda ............................................................. 189 AWS ...................................................................... 190
................................................................................................................ 192 .............................................................................................................................. 194 ................................................................................................................ 194 .............................................................................................................................. 194 .............................................................................................................................. 199 ........................................................................................................ 200 ......................................................................................................... 201Tags .............................................................................................................................. 204 ........................................................................................................................ 204 ................................................................................................................. 205 ........................................................................................................................... 206 .............................................................................................................................. 206 .............................................................................................................................. 206 ......................................................................................................... 207 .................................................................................................................... 208UI ................................................................................................................ 208 .................................................................................................................... 209 ............................................................................................................. 209 ....................................................................................................................... 212
Amazon Cognito ........................................................................................................... 214 ............................................................................................................. 214
AWS ............................................................................................................ 215Amazon Cognito .......................................................................... 215Mobile JavaScript SDK ...................................................................................... 215 ..................................................................................................... 216 ................................................................................................................ 216
................................................................................................................... 216 IAM ............................................................................................................. 217 ...................................................................... 217 .............................................................................. 217 .................................................................................... 217 ........................................................................................... 218 ........................................................................................................... 218 ....................................................................................... 218
iv
-
Amazon Cognito
............................................................................................................. 219 ...................................................................................................... 219 ......................................................................................................... 220Amazon Cognito ............................................................................................ 220Amazon Cognito ............................................................................................ 220
................................................................................................................... 220 .................................................................................................... 221IAM ........................................................................................................................ 225 ........................................................................................................... 228
............................................................................................................. 229 ........................................................................................... 229 ........................................................................................................ 230 ............................................................................... 230 ................................................................. 231 ................................................................................. 231 ............................................................................. 232
........................................................................................................................ 232Android .......................................................................................................................... 232iOS - Objective-C ............................................................................................................ 233iOS - Swift ..................................................................................................................... 234JavaScript ...................................................................................................................... 235Unity ............................................................................................................................. 236Xamarin ......................................................................................................................... 237
AWS .................................................................................................................... 237Android .......................................................................................................................... 238iOS - Objective-C ............................................................................................................ 238iOS - Swift ..................................................................................................................... 238JavaScript ...................................................................................................................... 238Unity ............................................................................................................................. 238Xamarin ......................................................................................................................... 239
........................................................................................... 239Facebook ....................................................................................................................... 239Login with Amazon .......................................................................................................... 244Google ........................................................................................................................... 247OpenID Connect ................................................................................................... 253SAML ................................................................................................... 255
............................................................................................................. 257 ................................................................................................................ 257 .................................................... 257 ..................................................................................................... 257 (Android iOS ) ........................................................................... 263 ( ) .................................................................................................... 263 .............................................................................................. 264 ........................................................................................................ 265
........................................................................................................................ 267Android .......................................................................................................................... 267iOS - Objective-C ............................................................................................................ 268iOS - Swift ..................................................................................................................... 268JavaScript ...................................................................................................................... 268Unity ............................................................................................................................. 268Xamarin ......................................................................................................................... 269
Amazon Cognito Sync ..................................................................................................................... 270Amazon Cognito Sync ................................................................................................ 270
AWS ............................................................................................................ 270Amazon Cognito ............................................................................. 271 ..................................................................................................... 271
......................................................................................................................... 271
v
-
Amazon Cognito
Amazon Cognito Sync ........................................................................... 271 ............................................................................................................. 273 .................................................................................... 274 Sync ................................................................................. 276
............................................................................................................................... 278Android .......................................................................................................................... 278iOS - Objective-C ............................................................................................................ 280iOS - Swift ..................................................................................................................... 282JavaScript ...................................................................................................................... 284Unity ............................................................................................................................. 286Xamarin ......................................................................................................................... 288
............................................................................................................................ 290Amazon Simple Notification Service(Amazon SNS) .................................................... 290Amazon Cognito console ................................................................ 290 : Android ...................................................................................... 290 : iOS - Objective-C ........................................................................ 292 : iOS - Swift ................................................................................. 294
Amazon Cognito ........................................................................................................... 296Amazon Cognito ........................................................................................................... 297
.............................................................................................................................................. 301 ....................................................................................................................................... 304
AWS CloudTrail Amazon Cognito API ............................................................. 304CloudTrail Amazon Cognito .................................................................................... 304Amazon Cognito ................................................................................ 305
API ........................................................................................................................................ 307 API ................................................................................................................. 307 Auth API .......................................................................................................... 307
...................................................................................................... 307 .............................................................................................................. 311USERINFO .................................................................................................... 315 ........................................................................................................... 316 ........................................................................................................ 317
API ................................................................................................................. 318Cognito API .......................................................................................................... 318
.................................................................................................................................... 319Amazon (ARN) ....................................................................................................... 319 ............................................................................................................................... 319 ............................................................................................................................ 320 API API ........................................................................................ 321
....................................................................................................................................... 322AWS Glossary ................................................................................................................................ 325
vi
-
Amazon Cognito
Amazon Cognito ?Amazon Cognito , . Facebook, Amazon, Google .
Amazon Cognito . . .
Amazon Cognito
Amazon Cognito . AWS .
1. .2. AWS .3. AWS Amazon S3 DynamoDB AWS
.
Amazon Cognito (p. 6) .
Amazon Cognito SOC 1-3, PCI DSS, ISO 27001 , HIPAA-BAA . AWS . (p. 4) .
Amazon Cognito (p. 2) Amazon Cognito (p. 2)
1
http://aws.amazon.com/compliance/services-in-scope/
-
Amazon Cognito Amazon Cognito
Amazon Cognito (p. 3) Amazon Cognito (p. 3) (p. 4)
Amazon Cognito
Amazon Cognito . Amazon Cognito , (IdP) . ,SDK .
:
. UI Facebook, Google, Login with Amazon SAML OIDC
. . (MFA), , , . AWS Lambda .
(p. 14) Amazon Cognito API .
AWS Amazon S3 DynamoDB AWS . .
Amazon Cognito Facebook, Google, Login with Amazon OpenID Connect(OIDC) SAML
.
Amazon Cognito ( ) (p. 214) Amazon Cognito API .
Amazon Cognito Amazon Cognito (p. 5) .
, , Amazon Cognito .
2
http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/https://aws.amazon.com/cognito/dev-resources/
-
Amazon Cognito Amazon Cognito
Amazon Cognito AWS . Amazon Cognito (p. 3) .
Amazon Cognito Amazon Cognito Amazon Cognito .
Amazon Cognito Amazon Cognito .
Amazon Cognito
1. Amazon Cognito AWS .2. Amazon Cognito . AWS .3. [Manage your User Pools] .
(p. 14) .4. [Manage Federated Identities] .
Amazon Cognito ( ) (p. 214) .
Amazon Cognito AWS Management . AWS Management .
3
https://aws.amazon.com/cognito/pricing/https://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/cognito/latest/developerguide/aws-cognito-sign-up-aws-account.htmlhttps://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/getting-started.html
-
Amazon Cognito
Amazon Cognito AWS , . AWS .
Amazon Cognito [email protected] () .
Amazon Cognito Amazon Simple Email Service(Amazon SES) Amazon SES AWS .
Amazon Cognito SMS Amazon SNS SMS AWS .
Amazon Cognito Amazon Pinpoint ( ) .
4
-
Amazon Cognito
Amazon Cognito Amazon Cognito . Amazon Cognito AmazonCognito ? (p. 1) .
Amazon Cognito . . AWS AWS . .
1. 2. UI 3. 4. SAML (IdP) .5. OpenID Connect(OIDC) IdP .6. SDK 7. UI 8. 9. Lambda 10. Amazon Pinpoint
Amazon Cognito
API Lambda AWS AWS AWS AppSync
5
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-configuring-app-integration.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-idp.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sdk-links.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-ui-customization.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/managing-security.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/how-to-create-user-accounts.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-import-users.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-basic-user-poolhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-backendhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-api-gatewayhttp://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-identity-poolhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-appsync
-
Amazon Cognito
Amazon Cognito Amazon Cognito 6 .
Amazon Cognito . . AWS AWS .
Amazon Cognito . (IdP) . Facebook, Google Amazon OpenID Connect(OIDC) SAML IdP . , SDK .
AWS Amazon S3 DynamoDB AWS . IdP .
(p. 6) (p. 6) API Lambda (p. 7) AWS (p. 8) AWS (p. 8) Amazon Cognito AWS AppSync (p. 9)
. (IdP) . Facebook, Google Amazon OpenID Connect(OIDC) SAML IdP .
Amazon Cognito . AWS AWS . Amazon API Gateway .
(p. 178) (p. 181) .
Amazon Cognito . .
6
-
Amazon Cognito API Lambda
. (p. 161) .
Amazon Cognito UI . OAuth 2.0 . (p. 85) .
(p. 178) (p. 181) .
API Lambda
API API . API , Lambda API .
IAM API . ID . (p. 161) .
Amazon Cognito Lambda API . API Amazon Cognito API .
7
http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.htmlhttp://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
-
Amazon Cognito AWS
AWS
Amazon Cognito . AWS . AWS (p. 190) Amazon Cognito ( ) (p. 214) .
AWS
AWS . IdP ( ). AWS , AWS . Amazon Cognito ( ) (p. 214) .
8
-
Amazon Cognito Amazon Cognito AWS AppSync
Amazon Cognito AWS AppSync
Amazon Cognito AWSAppSync . AWS AppSync .
9
http://docs.aws.amazon.com/appsync/latest/devguide/security.htmlhttp://docs.aws.amazon.com/appsync/latest/devguide/security.html
-
Amazon Cognito
Amazon Cognito Amazon Cognito . . AWS AWS .
(p. 10) (p. 10) SDK (p. 11) AWS (p. 12)
Amazon Cognito .
1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. [Create a User Pool] .4. [Review Defaults] .5. [Review] [Create pool] .
Amazon Cognito (p. 13) .
(p. 178) (p. 181) .
AWS Amazon S3 DynamoDB AWS .
1. Amazon Cognito . AWS .2. [Manage Federated Identities] .3. [Create new identity pool] .4. .5. [Unauthenticated identities] [Enable
access to unauthenticated identities] .6. [Create Pool] .7. AWS .
10
https://console.aws.amazon.com/cognito/homehttps://console.aws.amazon.com/cognito/home
-
Amazon Cognito
[Allow] 2( 1, 1) . Amazon Cognito Sync . IAM .
8. ID . Amazon Simple StorageService DynamoDB AWS .
Amazon Cognito ( ) (p. 214) .
S3 Uploading Photos to Amazon S3 from a Browser .
SDK Amazon Cognito JavaScript SDK signUp . JavaScript, Android iOS .
: JavaScript (p. 24) : Android (p. 40) : iOS (p. 60)
var data = { UserPoolId: 'us-east-1_aBcD9efgh', // Insert your user pool id ClientId: '12abcdef3gh4i5j67klmn890p1' // Insert your app client id }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(data); Cognito Sign Up User Demo User name:
Password:
Sign Up User var attributeList = []; document.getElementById('signupUser').addEventListener('click', function () { userPool.signUp(document.getElementById('username').value, document.getElementById('password').value, attributeList, null,11
http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html
-
Amazon Cognito AWS
function (err, result) { if (err) { alert(err); return; } document.getElementById('signupUserResults').innerHTML = "Results: " + JSON.stringify( result.user, null, 2); cognitoUser = result.user; console.log(cognitoUser); }); });
-
Amazon Cognito
Amazon Cognito Amazon Cognito . Amazon Cognito . Facebook Amazon , SAML . , SDK .
:
. UI Facebook, Google, Login with Amazon SAML
. . (MFA), , , . AWS Lambda .
Amazon Cognito JSON (JWT) , API AWS .
Amazon Cognito JavaScript, Android iOS Amazon Cognito Identity SDK . (p. 14) (p. 181) .
Amazon Cognito . AWS AWS . AWS AWS . AWS (p. 190) AmazonCognito ( ) (p. 214) .
(p. 14) Amazon Cognito (p. 23) (p. 73) (p. 87) Amazon Cognito (p. 106) Lambda (p. 117) Amazon Cognito Amazon Pinpoint (p. 153) (p. 154) (p. 176)
13
-
Amazon Cognito
(p. 188) () (p. 192)
Amazon Cognito . Amazon Cognito Amazon Cognito (p. 5) .
: AWS (p. 14) 1. (p. 14) 2. UI (p. 15) 3. () (p. 17) 4. SAML () (p. 20) 5. Amazon Cognito SDK (p. 22) (p. 23)
: AWS Amazon Cognito AWS . .
AWS .
1. https://aws.amazon.com/ [Create an AWS Account] .
Note
AWS Management . [Sign in to a different account] , [Create a newAWS account] .
2. .
PIN .
1. (p. 14)
1. Amazon Cognito .
1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. [Create a User Pool] .
14
https://console.aws.amazon.com/cognito/homehttps://aws.amazon.com/https://console.aws.amazon.com/cognito/home
-
Amazon Cognito 2. UI
4. [Review Defaults] .5. [Attributes] [Email address or phone number] [Allow email addresses] .6. [Next Step] .7. [Review] .8. [Review] [Create pool] .
2. UI (p. 15)
2. UI .
1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. .4. [General settings] [App clients] .5. [Add an app client] .6. .7. . JavaScript
URL . .
8. [Create app client] .9. [App client ID] .10. [Return to pool details] .11. .
a. [App client settings] .b. [Enabled Identity Providers] [Cognito User Pool] .
Note
Facebook, Amazon Google (IdP) OpenIDConnect(OIDC) SAML IdP , .
c. Amazon Cognito URL . URL https:// (: https://www.example.com).
iOS Android myapp:// URL .d. [Authorization code grant] .
. . Proof Key for Code Exchange (PKCE) .
[Allowed OAuth Flows] [Implicit grant] Amazon Cognito JSON (JWT) . . .
15
https://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.htmlhttps://tools.ietf.org/html/rfc7636
-
Amazon Cognito 2. UI
[Authorization code grant] [Implicit code grant] .
[Allowed OAuth scopes] .
Note
[Clientcredentials] .
e. [Save changes] .12. .
a. [Domain name] .b. .c. [Save changes] .
URL UI . response_type . response_type=code .
https://your_domain/login?response_type=code&client_id=your_app_client_id&redirect_uri=your_callback_url
URL UI . response_type=token . Amazon Cognito .
https://your_domain/login?response_type=token&client_id=your_app_client_id&redirect_uri=your_callback_url
#idtoken= JSON (JWT) .
. .
https://www.example.com/#id_token=123456789tokens123456789&expires_in=3600&token_type=Bearer
AWS Lambda . AWS GitHub Decode and verify Amazon Cognito JWT tokens .
Amazon Cognito RS256 .
.
[Domain name] . [App client settings] ID URL .
3. () (p. 17)
16
https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt
-
Amazon Cognito 3. ()
3. () Facebook, Google Login with Amazon (IdP) . . .
1: IdP Amazon Cognito IdP IdP ID .
Facebook
1. Facebook .2. Facebook .3. My Apps( ) Create New App( ) .4. Facebook Create App ID( ID ) .5. .6. App ID( ID) . .7. + Add Platform( ) .8. .9. /oauth2/idpresponse Site URL( URL)
.
https:///oauth2/idpresponse
10. [Save changes] .11. App Domains( ) .
https://
12. [Save changes] .13. Facebook Set up() .14. Facebook .
Valid OAuth Redirect URIs( OAuth URI) URL . /oauth2/idpresponse .
https:///oauth2/idpresponse
15. [Save changes] .
Amazon
1. Amazon .2. Amazon .3. Amazon Amazon ID .
17
https://developers.facebook.com/docs/facebook-loginhttps://developers.facebook.com/https://developer.amazon.com/login-with-amazonhttps://developer.amazon.com/lwa/sp/overview.html
-
Amazon Cognito 3. ()
Apps and Services( ) Amazon .
4. Create a Security Profile( ) .5. Security Profile Name( ), Security Profile Description( ) Consent
Privacy Notice URL( URL ) .6. [Save] .7. ID ID .
.8. Web Settings( ) .9. [Allowed Origins] .
https://
10. /oauth2/idpresponse Allowed Return URLs( URL).
https:///oauth2/idpresponse
11. .
Google
1. Google .2. Google .3. CONFIGURE A PROJECT( ) .4. .5. .6. Web browser( ) ( Where are you calling from? ).7. [Authorized JavaScript origins] .
https://
8. . ID .9. [DONE] .10. Google .11. [Credentials] .12. OAuth client ID(OAuth ID) OAuth 2.0
.13. [Web application] .14. [Authorized JavaScript origins] .
https://
15. /oauth2/idpresponse Authorized Redirect URIs( URI)] .
18
https://developers.google.com/identityhttps://developers.google.com/identity/sign-in/web/sign-inhttps://console.developers.google.com
-
Amazon Cognito 3. ()
https:///oauth2/idpresponse
16. [Create] .17. [OAuth client ID] [client secret] . .18. .
2: IdP ID IdP .
AWS Management
1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. .4. .5. [Facebook], [Google], [Login with Amazon] .6. ID .7. . (: name
email) . Facebook . Google Login with Amazon .
Facebook public_profile, email
Google profile email openid
Login with Amazon profile postal_code
. Google, Facebook Login with Amazon .
8. [Enable] .9. [App client settings] .10. .11. [Callback URL(s)] URL .
URL.
https://www.example.com
12. [Save changes] .13. [Attribute mapping] ( email)
.
a. Facebook, Google Amazon . Amazon Cognito .
b. .c. [Save changes] .d. [Go to summary] .
19
https://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.html
-
Amazon Cognito 4. SAML
()
3: IdP URL . IdP .
https://your_user_pool_domain/login?response_type=code&client_id=your_client_id&redirect_uri=https://www.example.com
[Domain name] . client_id [App clientsettings] . redirect_uri URL . URL .
4. SAML () (p. 20)
4. SAML () SAML (IdP) . . SAML .
SAML . SAML 2.0 SAML .
SAML . SAML 2.0 POST SAML .
https://.auth..amazoncognito.com/saml2/idpresponse
Amazon Cognito [Domain name] .
SAML SP urn / URI / SP ID .
urn:amazon:cognito:sp:
Amazon Cognito [App client settings] ID .
SAML . email . SAML SAML email () .
Amazon Cognito SAML 2.0 . SAML SAML .
SAML 2.0
1. Amazon Cognito . AWS .
20
https://console.aws.amazon.com/cognito/homehttps://console.aws.amazon.com/cognito/homehttps://console.aws.amazon.com/cognito/home
-
Amazon Cognito 4. SAML
()
2. [Manage your User Pools] .3. .4. .5. SAML SAML .6. SAML IdP .
URL . SAML Amazon Cognito (p. 97) .
Note
Amazon Cognito URL . 6 .
7. SAML [Provider name] . SAML SAML (p. 93) .
8. SAML [Identifiers]() .9. Amazon Cognito SAML IdP [Enable IdP sign
out flow] .
(p. 317) SAML IdP .
IdP . .
https://.auth..amazoncognito.com/saml2/logout
Note
SAML SAML IdP Amazon Cognito .SAML IdP Amazon Cognito .
10. [Create provider] .11. [Attribute mapping] ( email)
.
a. SAML SAML . SAML . email .
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
b. .12. [Save changes] .13. [Go to summary] .
SAML (p. 91) .
5. Amazon Cognito SDK (p. 22)
21
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.html
-
Amazon Cognito 5. Amazon Cognito SDK
5. Amazon Cognito SDK Amazon Cognito SDK .
Amazon Cognito Identity SDK . Amazon Cognito API .
Amazon Cognito Auth SDK UI . , , , (MFA) .
JavaScript
SDK Documentation
JavaScript Identity SDK. Identity SDK
AWS Mobile React
Amazon Cognito JavaScript (p. 23)
AWS Amplify
JavaScript Auth SDK Auth SDK Amazon Cognito AuthAPI (p. 307)
Android
SDK Documentation
Android Identity SDK. Identity SDK
Android Mobile SDK
Amazon Cognito Android (p. 39)
Android Mobile SDK
Android Auth SDK. Auth SDK Amazon Cognito AuthAPI (p. 307)
iOS
SDK Documentation
iOS Identity SDK. Identity SDK
Mobile SDK for iOS
Amazon Cognito iOS (p. 59)
AWS Mobile SDK for iOS
iOS Auth SDK .
Mobile SDK for iOS.
Auth SDK Amazon Cognito AuthAPI (p. 307)
AWS SDK SDK AWS SDK .
22
https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.htmlhttps://github.com/awslabs/aws-mobile-react-samplehttps://aws.github.io/aws-amplify/https://github.com/aws/amazon-cognito-auth-jshttps://github.com/aws/amazon-cognito-auth-js/tree/master/sample/https://github.com/aws/aws-sdk-android/tree/master/aws-android-sdk-cognitoidentityproviderhttp://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.htmlhttps://github.com/awslabs/aws-sdk-android-sampleshttps://aws.amazon.com/documentation/sdk-for-android/https://github.com/aws/aws-sdk-android/tree/master/aws-android-sdk-cognitoauthhttps://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemohttps://github.com/aws/aws-sdk-ios/tree/master/AWSCognitoIdentityProviderhttp://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-ios-sdk.htmlhttps://github.com/awslabs/aws-sdk-ios-sampleshttps://aws.amazon.com/documentation/sdk-for-ios/http://docs.aws.amazon.com/aws-mobile/latest/developerguide/cognito-getting-started.htmlhttps://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoAuth-Samplehttps://aws.amazon.com/tools/#sdk
-
Amazon Cognito
SDK . .
JavaScript, Android iOS Amazon Cognito .
Amazon Cognito JavaScript (p. 23) Amazon Cognito Android (p. 39) Amazon Cognito iOS (p. 59)
:
(p. 82) (MFA) (p. 106) (p. 109) Lambda (p. 117) Amazon Cognito Amazon Pinpoint (p. 153)
Amazon Cognito Amazon Cognito (p. 6) .
AWS AWS (p. 190) .
AWS Management SDK AWS Command LineInterface .
Amazon Cognito
Amazon Cognito . .
Amazon Cognito JavaScript, Android iOS Identity SDK . Amazon Cognito JSON (JWT) . (p. 181) .
Amazon Cognito JavaScript (p. 23) Amazon Cognito Android (p. 39) Amazon Cognito iOS (p. 59)
Amazon Cognito JavaScript Amazon Cognito . . Amazon Cognito .
23
http://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.htmlhttp://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.htmlhttps://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/
-
Amazon Cognito JavaScript
Amazon Cognito AWS Amplify JavaScript . AWS Amplify . AWS Amplify Library .
Note
JavaScript Amazon Cognito Identity SDK AWS Amplify Library .
: JavaScript (p. 24) : JavaScript SDK (p. 27) : SDK for JavaScript AdminCreateUser API
(p. 37) : Lambda JavaScript (p. 38)
: JavaScript JavaScript Amazon Cognito SDK .
1: JavaScript (p. 24) 2: (p. 25) 3: (p. 25) 4: (p. 26) 5: (p. 26) 6: (p. 27) 7: AWS (p. 27) (p. 27)
1: JavaScript . ID ID . () (p. 192) .
1. Amazon Cognito .2. [Manage your User Pools] .3. [Create a User Pool] .4. [Pool name] [Review defaults] .
.5. [Attributes] .
.
a. email [Required] [Alias] .b. phone number [Required] [Alias] .c. given name [Required] .d. [Save changes] .
6. [Policies] . .
24
https://github.com/aws/aws-amplify#web-development/https://aws.github.io/aws-amplify/media/authentication_guide.htmlhttps://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/https://github.com/aws/aws-amplifyhttps://console.aws.amazon.com/cognito/home
-
Amazon Cognito JavaScript
7. [Verifications] . . .
8. [Apps] [Add an app] . .
9. [App name] . [Generate client secret] [Set attribute read and write permissions] . . .
Note
Amazon Cognito JavaScript SDK . SDK .
10. [Create app] [Save changes] .11. [Review] [Create pool] .12. ID ID . [Apps] ID
.
2:
1 ID ID . CognitoUserPool . JavaScript SDK . SDK .
var poolData = { UserPoolId : '...', // your user pool id here ClientId : '...' // your app client id here};var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);var userData = { Username : '...', // your username here Pool : userPool};
3:
. UI signUp CognitoUserAttribute .
var attributeList = []; var dataEmail = { Name : 'email', Value : '...' // your email here};var dataPhoneNumber = { Name : 'phone_number', Value : '...' // your phone number here with +country code and no delimiters in front};var attributeEmail = new AmazonCognitoIdentity.CognitoUserAttribute(dataEmail);var attributePhoneNumber = new AmazonCognitoIdentity.CognitoUserAttribute(dataPhoneNumber); attributeList.push(attributeEmail);attributeList.push(attributePhoneNumber);
25
-
Amazon Cognito JavaScript
var cognitoUser;userPool.signUp('username', 'password', attributeList, null, function(err, result){ if (err) { alert(err); return; } cognitoUser = result.user; console.log('user name is ' + cognitoUser.getUsername());});
4: SMS . PreSignUp AWS Lambda . ( '123456') .
cognitoUser.confirmRegistration('123456', true, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result);});
cognitoUser resendConfirmationCode . , ID .
5: . ID . (p. 181) . onSuccess . onFailure . MFA mfaRequired cognitoUser sendMFACode . .
var authenticationData = { Username : '...', // your username here Password : '...', // your password here }; var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData); var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { var accessToken = result.getAccessToken().getJwtToken()); }, onFailure: function(err) { alert(err); }, mfaRequired: function(codeDeliveryDetails) { var verificationCode = prompt('Please input verification code' ,''); cognitoUser.sendMFACode(verificationCode, this); } });
26
-
Amazon Cognito JavaScript
6: , (: ), , , , . MFA MFA . .
. . . cognitoUser forgotPassword .
cognitoUser.forgotPassword({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); }, inputVerificationCode() { var verificationCode = prompt('Please input verification code ' ,''); var newPassword = prompt('Enter new password ' ,''); cognitoUser.confirmPassword(verificationCode, newPassword, this); }});
7: AWS AWS Amazon Cognito (p. 216) . ID ID ( ) AWS . IdentityPoolId Logins ID .
AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', Logins: { 'cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXXXXXXX': result.getIdToken().getJwtToken() }}); AWS.config.credentials.get(function(err){ if (err) { alert(err); }});
Amazon Cognito JavaScript GitHub .
: JavaScript SDK UserPoolId ClientId , , CognitoUserPool .
27
https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/
-
Amazon Cognito JavaScript
var poolData = { UserPoolId : 'us-east-1_TcoKGbf7n', ClientId : '4pe2usejqcdmhi0a25jp4b5sh3' }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
var attributeList = []; var dataEmail = { Name : 'email', Value : '[email protected]' }; var dataPhoneNumber = { Name : 'phone_number', Value : '+15555555555' }; var attributeEmail = new AmazonCognitoIdentity.CognitoUserAttribute(dataEmail); var attributePhoneNumber = new AmazonCognitoIdentity.CognitoUserAttribute(dataPhoneNumber);
attributeList.push(attributeEmail); attributeList.push(attributePhoneNumber);
userPool.signUp('username', 'password', attributeList, null, function(err, result){ if (err) { alert(err); return; } cognitoUser = result.user; console.log('user name is ' + cognitoUser.getUsername()); });
cognitoUser.deleteUser(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
var data = { UserPoolId : 'us-east-1_Iqc12345', ClientId : '12345du353sm7khjj1q' }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(data); var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) { cognitoUser.getSession(function(err, session) { if (err) { alert(err); return; } console.log('session validity: ' + session.isValid()); }); }
Amazon Cognito .
28
-
Amazon Cognito JavaScript
Note
JavaScript :Android Mobile SDK AdminCreateUser API (p. 56) (p. 158) .
var authenticationData = { Username : 'username', Password : 'password', }; var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData); var poolData = { UserPoolId : 'us-east-1_TcoKGbf7n', ClientId : '4pe2usejqcdmhi0a25jp4b5sh3' }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); var userData = { Username : 'username', Pool : userPool }; var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { var accessToken = result.getAccessToken().getJwtToken(); /* Use the idToken for Logins Map when Federating User Pools with identity pools or when passing through an Authorization Header to an API Gateway Authorizer*/ var idToken = result.idToken.jwtToken; },
onFailure: function(err) { alert(err); },
});
MFA
MFA ( ) MFA( ) .
cognitoUser.enableMFA(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
MFA
MFA ( ) MFA( ) .
cognitoUser.disableMFA(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result);
29
-
Amazon Cognito JavaScript
});
var data = { UserPoolId : 'us-east-1_q2Y6U8uuY', ClientId : '224kjog47ojnt9ov773erj7qn9' };
var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
var attribute = { Name : 'email', Value : '[email protected]' };
var attributeEmail = new AmazonCognitoIdentity.CognitoUserAttribute(attribute); var attributeList = []; attributeList.push(attributeEmail); var cognitoUser;
userPool.signUp('username', 'password', attributeList, null, function(err, result) { if (err) { alert(err); return; } cognitoUser = result.user; });
MFA
var userData = { Username : 'username', Pool : userPool };
cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
var authenticationData = { Username : 'username', Password : 'password', };
var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { alert('authentication successful!') },
onFailure: function(err) { alert(err); },
mfaRequired: function(codeDeliveryDetails) { var verificationCode = prompt('Please input verification code' ,''); cognitoUser.sendMFACode(verificationCode, this);
30
-
Amazon Cognito JavaScript
}
});
.
var attributeList = []; var attribute = { Name : 'nickname', Value : 'joe' }; var attribute = new AmazonCognitoIdentity.CognitoUserAttribute(attribute); attributeList.push(attribute);
cognitoUser.updateAttributes(attributeList, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
.
var attributeList = []; attributeList.push('nickname');
cognitoUser.deleteAttributes(attributeList, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
.
cognitoUser.getAttributeVerificationCode('email', { onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); }, inputVerificationCode: function() { var verificationCode = prompt('Please input verification code: ' ,''); cognitoUser.verifyAttribute('email', verificationCode, this); } });
.
31
-
Amazon Cognito JavaScript
cognitoUser.getUserAttributes(function(err, result) { if (err) { alert(err); return; } for (i = 0; i < result.length; i++) { console.log('attribute ' + result[i].getName() + ' has value ' + result[i].getValue()); } });
SMS .
cognitoUser.resendConfirmationCode(function(err, result) { if (err) { alert(err); return; } alert(result); });
cognitoUser.confirmRegistration('123456', true, function(err, result) { if (err) { alert(err); return; } alert(result); });
.
cognitoUser.changePassword('oldPassword', 'newPassword', function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
.
cognitoUser.forgotPassword({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); }, inputVerificationCode() { var verificationCode = prompt('Please input verification code ' ,''); var newPassword = prompt('Enter new password ' ,'');
32
-
Amazon Cognito JavaScript
cognitoUser.confirmPassword(verificationCode, newPassword, this); } });
.
cognitoUser.deleteUser(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
.
if (cognitoUser != null) { cognitoUser.signOut(); }
.
cognitoUser.globalSignOut();
.
var data = { UserPoolId : '...', // Your user pool id here ClientId : '...' // Your client id here }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(data); var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) { cognitoUser.getSession(function(err, session) { if (err) { alert(err); return; } console.log('session validity: ' + session.isValid());
AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId : '...' // your identity pool id here Logins : { // Change the key below according to the specific region your user pool is in. 'cognito-idp..amazonaws.com/' : session.getIdToken().getJwtToken() } });
33
-
Amazon Cognito JavaScript
// Instantiate aws sdk service objects now that the credentials have been updated. // example: var s3 = new AWS.S3();
}); }
.
var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) { cognitoUser.getSession(function(err, result) { if (result) { console.log('You are now logged in.');
// Add the User's Id Token to the Cognito credentials login map. AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'YOUR_IDENTITY_POOL_ID', Logins: { 'cognito-idp..amazonaws.com/': result.getIdToken().getJwtToken() } }); } }); } //call refresh method in order to authenticate user and get new temp credentials AWS.config.credentials.refresh((error) => { if (error) { console.error(error); } else { console.log('Successfully logged!'); } });
. . null . .
cognitoUser.listDevices(limit, paginationToken, { onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });
.
cognitoUser.listDevices(limit, paginationToken, { onSuccess: function (result) { console.log('call result: ' + result);
34
-
Amazon Cognito JavaScript
}, onFailure: function(err) { alert(err); } });
.
cognitoUser.setDeviceStatusRemembered({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });
.
cognitoUser.setDeviceStatusNotRemembered({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });
.
cognitoUser.forgetDevice({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });
SMS .
var poolData = { UserPoolId : 'us-east-1_TcoKGbf7n', ClientId : '4pe2usejqcdmhi0a25jp4b5sh3' };
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); var userData = { Username : 'username', Pool : userPool };
35
-
Amazon Cognito JavaScript
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData); cognitoUser.confirmRegistration('123456', true, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });
TOTP MFA MFA
TOTP MFA .
var authenticationData = { Username : 'username', Password : 'password', }; var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData); var poolData = { UserPoolId : '...', // Your user pool id here ClientId : '...' // Your client id here }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); var userData = { Username : 'username', Pool : userPool }; var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { var accessToken + ' + result.getAccessToken().getJwtToken()); }, onFailure: function(err) { alert(err); },
mfaSetup: function(challengeName, challengeParameters) { cognitoUser.associateSoftwareToken(this); },
associateSecretCode : function(secretCode) { var challengeAnswer = prompt('Please input the TOTP code.' ,''); cognitoUser.verifySoftwareToken(challengeAnswer, 'My TOTP device', this); },
selectMFAType : function(challengeName, challengeParameters) { var mfaType = prompt('Please select the MFA method.', ''); cognitoUser.sendMFASelectionAnswer(mfaType, this); },
totpRequired : function(secretCode) { var challengeAnswer = prompt('Please input the TOTP code.' ,''); cognitoUser.sendMFACode(challengeAnswer, this, 'SOFTWARE_TOKEN_MFA'); } });
SMS MFA MFA
SMS MFA MFA .
36
-
Amazon Cognito JavaScript
smsMfaSettings = { PreferredMfa : true, Enabled : true }; cognitoUser.setUserMfaPreference(smsMfaSettings, null, function(err, result) { if (err) { alert(err); } console.log('call result ' + result) });
TOTP MFA MFA
TOTP MFA MFA .
totpMfaSettings = { PreferredMfa : true, Enabled : true }; cognitoUser.setUserMfaPreference(null, totpMfaSettings, function(err, result) { if (err) { alert(err); } console.log('call result ' + result) });
: SDK for JavaScript AdminCreateUser API (AdminCreateUser API ) newPasswordRequired . SDK newPasswordRequired . completeNewPasswordChallenge . CognitoUser .
newPasswordRequired userAttributes requiredAttributes .
cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { // User authentication was successful },
onFailure: function(err) { // User authentication was not successful },
mfaRequired: function(codeDeliveryDetails) { // MFA is required to complete user authentication. // Get the code from user and call cognitoUser.sendMFACode(mfaCode, this) },
newPasswordRequired: function(userAttributes, requiredAttributes) { // User was signed up by an admin and must provide new // password and required attributes, if any, to complete
37
-
Amazon Cognito JavaScript
// authentication.
// userAttributes: object, which is the user's current profile. It will list all attributes that are associated with the user. // Required attributes according to schema, which dont have any values yet, will have blank values. // requiredAttributes: list of attributes that must be set by the user along with new password to complete the sign-in.
// Get these details and call // newPassword: password that user has given // attributesData: object with key as attribute name and value that the user has given. cognitoUser.completeNewPasswordChallenge(newPassword, attributesData, this) } });
: Lambda JavaScript Lambda .
Lambda
JavaScript Lambda .
Lambda Lambda (p. 117) .
Lambda Lambda (p. 166) .
JavaScript
AWSCognitoIdentityProvider JavaScript SDK 2.0.2 .
. .
SDK (SRP) . USER_PASSWORD_AUTH SSL . SRP .
USER_PASSWORD_AUTH .
cognitoUser.setAuthenticationFlowType('USER_PASSWORD_AUTH');
cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function(result) { // User authentication was successful }, onFailure: function(err) { // User authentication was not successful }, mfaRequired: function (codeDeliveryDetails) { // MFA is required to complete user authentication.
38
https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js
-
Amazon Cognito Android
// Get the code from user and call cognitoUser.sendMFACode(verificationCode, this); } });
Amazon Cognito Android Amazon Cognito . . Amazon Cognito . Android Studio Android .
Android AWS Mobile SDK Android Mobile SDK .
React Native Amazon Cognito React Native AWS Amplify React Native . React NativeAWS Amplify . AWS Amplify Library .
Gradle Gradle .
AWS Android Core SDK(aws-android-sdk-core-x.x.x.jar): AWS Android Core aws-android-sdk-core-2.2.8.jar Gradle .
AWS Cognito Android SDK(aws-android-sdk-cognitoidentityprovider:2.3.8.jar): Gradle Cognito Android SDK .
AWS Cognito .
.
Android Mobile SDK (p. 39) : Android (p. 40) Android Mobile SDK (p. 49) : Android Mobile SDK AdminCreateUser API (p. 56) : Lambda Android (p. 57)
Android Mobile SDK Android Mobile SDK Amazon Cognito . SDK (), , API .
39
https://github.com/aws/aws-sdk-android/tree/master/aws-android-sdk-cognitoidentityprovider/http://docs.aws.amazon.com/aws-mobile/latest/developerguide/how-to-android-sdk-setup.htmlhttps://aws.amazon.com/documentation/sdk-for-android/https://github.com/aws/aws-amplify#react-native-development/https://github.com/aws/aws-amplify#react-native-development/https://aws.github.io/aws-amplify/media/authentication_guide.html
-
Amazon Cognito Android
Amazon Cognito API . (: signUp()) , (InBackground , : signUpInBackground()) InBackground .
Android Mobile SDK SharedPreferences . SDK .
ID
ID( ID ) ( ) Amazon Cognito . ID Android Mobile SDK . . ID SDK ID .
CognitoUserPool
. CognitoUser .
CognitoUser
. (), . CognitoUserPool .
CognitoUserSession
Amazon Cognito (ID, ) ID .
CognitoUserDetails
CognitoUserAttributes CognitoUserSettings .CognitoUserAttributes
. (p. 194) .
CognitoUserSettings
.
: Android Amazon Cognito Android . GitHub Amazon Cognito .
1: (p. 41) 2: (p. 41) 3: (p. 42) 4: (p. 43)
40
https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoYourUserPoolsDemo
-
Amazon Cognito Android
5: (p. 43) 6: (p. 44) 7: (p. 44) 8: AWS (p. 45) 9: AWS IAM (p. 45) 10: (p. 46)
1:
. ID, ID . () (p. 192) .
1. Amazon Cognito .2. [Manage your User Pools] .3. [Create a User Pool] .4. [Pool name] [Review defaults] .
.5. [Attributes] .
.
a. email [Required] [Alias] .b. phone number [Required] [Alias] .c. given name [Required] .d. [Save changes] .
6. [Policies] . .
7. [Verifications] . . .
8. [Apps] [Add an app] . .
9. [App name] . [Generate app client secret] [Set attributeread and write permissions] . . .
10. [Create app] [Save changes] .11. [Review] [Create pool] .12. [Pool ID], [Pool ARN], [App client ID] [App client secret] . [Apps]
ID . [Show details] .
2:
ID, ID, AWS . CognitoUserPool . . userPoolAppHelper.java .
41
https://console.aws.amazon.com/cognito/home
-
Amazon Cognito Android
Android Mobile SDK enum AWS .
/* Create a CognitoUserPool instance */CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret, cognitoRegion);
3:
.
1. .
ID: . : . : (, ).
2. .
// Create a CognitoUserAttributes object and add user attributesCognitoUserAttributes userAttributes = new CognitoUserAttributes();
// Add the user attributes. Attributes are added as key-value pairs // Adding user's given name.// Note that the key is "given_name" which is the OIDC claim for given name userAttributes.addAttribute("given_name", userGivenName);
// Adding user's phone number userAttributes.addAttribute("phone_number", phoneNumber);
// Adding user's email address userAttributes.addAttribute("email", emailAddress);
3. . onSuccess .
SignUpHandler signupCallback = new SignUpHandler() {
@Override public void onSuccess(CognitoUser cognitoUser, boolean userConfirmed, CognitoUserCodeDeliveryDetails cognitoUserCodeDeliveryDetails) { // Sign-up was successful
// Check if this user (cognitoUser) needs to be confirmed if(!userConfirmed) { // This user must be confirmed and a confirmation code was sent to the user // cognitoUserCodeDeliveryDetails will indicate where the confirmation code was sent // Get the confirmation code from user } else { // The user has already been confirmed } }
@Override public void onFailure(Exception exception) { // Sign-up failed, check exception for the cause }};
4. API .
42
http://docs.aws.amazon.com/AWSAndroidSDK/latest/javadoc/com/amazonaws/regions/Regions.html
-
Amazon Cognito Android
userPool.signUpInBackground(userId, password, userAttributes, null, signupCallback);
4:
. . . Lambda .
. cognitoUserCodeDeliveryDetails . .
.
1. . API SDK .
// Callback handler for confirmSignUp API GenericHandler confirmationCallback = new GenericHandler() {
@Override public void onSuccess() { // User was successfully confirmed }
@Override public void onFailure(Exception exception) { // User confirmation failed. Check exception for the cause. } };
2. ( ) . ( ) .
5:
. . .
forcedAliasCreation false . . . .
// This will cause confirmation to fail if the user attribute has been verified for another user in the same pool boolean forcedAliasCreation = false;
// Call API to confirm this user cognitoUser.confirmSignUpInBackground(confirmationCode, forcedAliasCreation, confirmationCallback);
43
-
Amazon Cognito Android
forcedAliasCreation true ( ) . .
. ID . CognitoUserSession .
6:
. SDK .
// Callback handler for the sign-in process AuthenticationHandler authenticationHandler = new AuthenticationHandler() {
@Override public void onSuccess(CognitoUserSession cognitoUserSession) { // Sign-in was successful, cognitoUserSession will contain tokens for the user }
@Override public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { // The API needs user sign-in credentials to continue AuthenticationDetails authenticationDetails = new AuthenticationDetails(userId, password, null);
// Pass the user sign-in credentials to the continuation authenticationContinuation.setAuthenticationDetails(authenticationDetails);
// Allow the sign-in to continue authenticationContinuation.continueTask(); }
@Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // Multi-factor authentication is required; get the verification code from user multiFactorAuthenticationContinuation.setMfaCode(mfaVerificationCode); // Allow the sign-in process to continue multiFactorAuthenticationContinuation.continueTask(); }
@Override public void onFailure(Exception exception) { // Sign-in failed, check exception for the cause } };
// Sign in the user cognitoUser.getSessionInBackground(authenticationHandler);
7:
.
// Implement callback handler for getting details GetDetailsHandler getDetailsHandler = new GetDetailsHandler() {
44
-
Amazon Cognito Android
@Override public void onSuccess(CognitoUserDetails cognitoUserDetails) { // The user detail are in cognitoUserDetails }
@Override public void onFailure(Exception exception) { // Fetch user details failed, check exception for the cause }};
// Fetch the user details cognitoUser.getDetailsInBackground(getDetailsHandler);
8: AWS
AWS .
AWS AWS
1. Amazon Cognito .2. [Manage Federated Identities] .3. [Create new identity pool] . [Identity pool name] .4. [Authentication providers] . [Cognito] [User Pool ID]
[App Client ID] .5. [Create Pool] .6. ID .
// Get id token from CognitoUserSession. String idToken = cognitoUserSession.getIdToken().getJWTToken();
// Create a credentials provider, or use the existing provider. CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(context, IDENTITY_POOL_ID, REGION);
// Set up as a credentials provider. Map logins = new HashMap(); logins.put("cognito-idp.us-east-1.amazonaws.com/us-east-1_123456678", cognitoUserSession.getIdToken().getJWTToken()); credentialsProvider.setLogins(logins);
7. Amazon DynamoDB AWS .
AmazonDynamoDBClient ddbClient = new AmazonDynamoDBClient(credentialsProvider);
9: AWS IAM
Amazon Cognito 2 IAM CognitoAuth_Role CognitoUnauth_Role . Amazon Cognito Amazon Cognito Sync . Amazon DynamoDB AWS . , DynamoDB AmazonDynamoDBFullAccess .
45
https://console.aws.amazon.com/cognito/home
-
Amazon Cognito Android
AWS IAM
1. AWS Management https://console.aws.amazon.com/iam/ IAM .
2. [Attach Policy] .3. (: AmazonDynamoDBFullAccess) [Attach Policy]
.
DynamoDB , , , .
10:
Amazon Cognito SDK 2.6.8 MFA .Amazon Cognito [MFA and verifications] MFA .
MFA .
(TOTP) MFA
Amazon Cognito (TOTP) (MFA) .
TOTP .
1. : TOTP MFA Amazon Cognito . TOTP MFA . , MFA TOTP .
2. : TOTP MFA . Amazon Cognito SDK VerifyMfaContinuation .
// Create a callback handler. RegisterMfaHandler registerMFAHandler = new RegisterMfaHandler() { @Override public void onSuccess(final String sessionToken) { // Success, new MFA setup is complete. }
@Override public void onVerify(VerifyMfaContinuation continuation) { // Get the secret key from Continuation. String secretKey = continuation.getParameters().get("secretKey");
// Store the secret key in a TOTP code generator and verify using // the generated TOTP code. String verificationCode = storeAndGetTotpVerificationCode(secretKey);
// Set a user friendly name to remember the TOTP generator. String friendlyName = "the best TOTP generator";
// Complete the registration by verifying the TOTP code. continuation.setVerificationResponse(verificationCode, friendlyName); continuation.continueTask(); }
@Override
46
https://console.aws.amazon.com/iam/
-
Amazon Cognito Android
public void onFailure(Exception exception) { closeWaitDialog(); showDialogMessage("TOTP MFA registration failed", AppHelper.formatException(exception), false); } }; // Use the CognitoUser to register a new Software Token MFA. associateSoftwareTokenInBackground(sessionToken, registerMFAHandler);
Note
TOTP MFA . MFA .TOTP MFA . TOTP MFA ,Amazon Cognito sessionToken TOTP MFA .
MFA
Amazon Cognito MFA . Amazon Cognito MFA . MFA [Optional] [Required] .
MFA [Optional] MFA .
MFA [Required] MFA . MFA MFA MFA_SETUP . MFA .
MFA Amazon Cognito . SDK MFA . MFA .
MFA_SETUP
MFA_SETUP MFA . Amazon Cognito SDKRegisterMFAContinuation . MFA .
AuthenticationHandler authHandler = new AuthenticationHandler() {
@Override public void onSuccess(CognitoUserSession cognitoUserSession) { // ... }
@Override public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { // ... }
@Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // ... }
47
-
Amazon Cognito Android
@Override public void authenticationChallenge(ChallengeContinuation continuation) { // This challenge is invoked for MFA_SETUP Challenge RegisterMFAContinuation regMFAContinuation = (RegisterMFAContinuation) continuation;
// Register the new MFA. registerMfa(regMFAContinuation); } @Override public void onFailure(Exception exception) { // Sign-in failed, check exception for the cause } };
// Register a new MFA. public void registerMfa(RegisterMFAContinuation regMFAContinuation) { // Get the list of MFA's to setup. List mfaOptions = continuation.getMfaOptions();
// Get the session token to register an MFA. final String sessionToken = continuation.getSessionToken();
// ...
// Use the sessionToken to register MFA. associateSoftwareTokenInBackground(sessionToken, registerMFAHandler); }
RegisterMfaHandler registerMFAHandler = new RegisterMfaHandler() { @Override public void onSuccess(final String sessionToken) { // Success, new MFA setup is complete. // Use the sessionToken to continue to authenticate. regMFAContinuation.setSessionToken(sessionToken); }
@Override public void onVerify(VerifyMfaContinuation continuation) { // ... }
@Override public void onFailure(Exception exception) { // ... } };
MFA
API setUserMfaSettings MFA MFA .
GenericHandler updatesMFASettingsHandler = new GenericHandler() { @Override public void onSuccess() { // Update complete. }
@Override public void onFailure(Exception exception) { // Failed update, check exception for details.
48
-
Amazon Cognito Android
} };
// Enable SMS MFA and set preferred state void enableSmsMfa(boolean preferred) { CognitoMfaSettings smsMfaSettings = new CognitoMfaSettings(CognitoMfaSettings.SMS_MFA); smsMfaSettings.setEnabled(true); smsMfaSettings.setPreferred(preferred); List settings = new ArrayList(); settings.add(smsMfaSettings); cognitoUser.setUserMfaSettingsInBackground(settings, updateSettingHandler); }
MFA
MFA Amazon CognitoSELECT_MFA_TYPE , MFA .
AuthenticationHandler authHandler = new AuthenticationHandler() {
@Override public void onSuccess(CognitoUserSession cognitoUserSession) { // ... }
@Override public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { // ... }
@Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // ... }
@Override public void authenticationChallenge(ChallengeContinuation continuation) { ChooseMfaContinuation mfaOptionsContinuation = (ChooseMfaContinuation) continuation; // Get the list of MFA's to choose from List mfaOptions = mfaOptionsContinuation.getMfaOptions();
// ...
// Set the MFA option and continue to authenticate. mfaOptionsContinuation.setMfaOption(option); mfaOptionsContinuation.continueTask(); } @Override public void onFailure(Exception exception) { // Sign-in failed, check exception for the cause } };
Android Mobile SDK Android Mobile SDK . SDK API .
49
-
Amazon Cognito Android
CognitoUserPool
CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret);
// user pool can also be created with client app configuration:CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret, clientConfiguration);
// create a handler for registration SignUpHandler handler = new SignUpHandler() { @Override public void onSuccess(CognitoUser user, CognitoUserCodeDeliveryDetails codeDeliveryDetails) { // If the sign up was successful, "user" is a CognitoUser object of the user who was signed up. // "codeDeliveryDetails" will contain details about where the confirmation codes will be delivered.}
@Override public void onFailure(Exception exception) { // Sign up failed, code check the exception for cause and perform remedial actions. }}
CognitoUser user = userPool.getCurrentUser();
ID
CognitoUser user = userPool.getUser(userId);
// create a callback handler for confirmGenericHandler handler = new GenericHandler() { @Override public void onSuccess() { // User was successfully confirmed! } @Override public void onFailure(Exception exception) { // Confirmation failed, probe exception for details }}
user.confirmSignUp(code, handler);
// create a callback handler for the confirmation code request
50
-
Amazon Cognito Android
GenericHandler handler = new GenericHandler() {
@Override public void onSuccess() { /