问题描述

我正在尝试使用 Cognito 对 Java 应用程序进行身份验证.我在 python 中使用了运行良好的保证库.但我现在想在 Java 中做同样的事情.

Iam trying to authenticate a Java app with Cognito.I have used for python the warrant library that worked very good. But i want to do the same in java now.

我用于通过 warrant 库进行身份验证的 Python 函数

My Python function i used for authentication with the warrant library

def SRPauthentication(organizationAdmin,
                     password,
                     pool_id,
                     client_id,
                     client):
    aws = AWSSRP(username=organizationAdmin,
                 password=password,
                 pool_id=pool_id,
                 client_id=client_id,
                 client=client)
    tokens = aws.authenticate_user()
    authorization_token= tokens['AuthenticationResult']['IdToken']
    return authorization_token

有了这个，我可以轻松访问一些安全的 API.现在我想用 Java 做同样的事情，但我有问题.

with this i could easily acces some secured APIs.Now i want to do the same with Java but i have problems.

到目前为止，这是我的解决方案:

This is my solution so far is this method:

  public static void GetCreds()
      {

          AWSCognitoIdentityProvider identityProvider = AWSCognitoIdentityProviderClientBuilder.defaultClient();
          AdminInitiateAuthRequest adminInitiateAuthRequest = new AdminInitiateAuthRequest().
                  withAuthFlow(AuthFlowType.USER_SRP_AUTH).
                  withClientId("234234234234").withUserPoolId("eu-central-1_sdfsdfdsf")
                  .addAuthParametersEntry("USERNAME", "UserK").
                   addAuthParametersEntry("PASSWORD","#######);

          adminInitiateAuthRequest.getAuthFlow();
          AdminInitiateAuthResult adminInitiateAuth = identityProvider.adminInitiateAuth(adminInitiateAuthRequest);
            System.out.println(adminInitiateAuth.getAuthenticationResult().getIdToken());
      }

当我运行这个时，我得到一个异常:

When i run this i get an Exception:

Exception in thread "main" `com.amazonaws.services.cognitoidp.model.AWSCognitoIdentityProviderException: User: arn:aws:iam::XXXXXXXXXXXXXXXXX:user/khan is not authorized to perform: cognito-idp:AdminInitiateAuth on resource: arn:aws:cognito-idp:eu-central-1:XXXXXXXX:userpool/eu-central-1_XXXXXXX with an explicit deny (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: AccessDeniedException; Request ID: 21be0b8e-adec-11e8-ad45-234234234)`

它说我无权执行此类指令.所以我想我在做一些普遍错误的事情.因为它与我的 python 代码一起工作，并且在 Java 中它可以从凭据中识别我的用户名.Cognito 调用实际上应该独立于我的 aws 凭据/用户帐户，对吗?

It says iam not authorized to perform this kind of instruction. So i guess iam doing something generally wrong. Because its working with my python code and in Java it recognizes my username from the credentials. The Cognito call should actually be independent from my aws credentials/useraccount right?

如何使用 Java 对 Cognito 进行身份验证以获取令牌以访问安全的 aws 服务?

How to authenticate with Cognito using Java to get an Token to access secured aws services?

  AWSCognitoIdentityProvider identityProvider = AWSCognitoIdentityProviderClientBuilder.standard()
              .build();
      InitiateAuthRequest adminInitiateAuthRequest = new InitiateAuthRequest()
              .withAuthFlow(AuthFlowType.USER_SRP_AUTH)
              .withClientId("XXXXXXXXXXXXXXXXX")
              .addAuthParametersEntry("USERNAME", "user").
               addAuthParametersEntry("PASSWORD","za$Lwn")
              .addAuthParametersEntry("SRP_A",new AuthenticationHelper("eu-central-1XXXXXXXXX").getA().toString(16));

      adminInitiateAuthRequest.getAuthFlow();
      InitiateAuthResult adminInitiateAuth = identityProvider.initiateAuth(adminInitiateAuthRequest);
      System.out.println(adminInitiateAuth);

我将 AdminInitateAuthRequest 更改为 InitateAuthRequest.在那之后，我有错误丢失 SRP_A 参数，我以某种方式修复了一个类似的问题 这里现在我收到了:

I changed the AdminInitateAuthRequest to InitateAuthRequest. After that i had the Error missing SRP_A parameter that i somehow fixed with a similiar question hereAnd now i recive this :

{ChallengeName:PASSWORD_VERIFIER，ChallengeParameters:{SALT = 877734234324234ed68300f39bc5b，SECRET_BLOCK = lrkwejrlewrjlewkjrewlrkjwerlewkjrewlrkjewrlkewjrlewkrjZ + Q ==，USER_ID_FOR_SRP =用户名，用户名=用户，SRP_B = 43ecc1lwkerjwelrkjewlrjewrlkewjrpoipweoriwe9r873jr34h9r834hr3455f7d079d71e5012f1623ed54dd10b832792dafa3438cca3f59c0f462cbaee255d5b7c2werwerwerkjweorkjwerwerewrf5020e4f8b5452f3b89caef4a797456743602b80b5259261f90e52374adc06b456521a9026cce9c1cbe8b9ffd6040e8c1589d35546861422110ac7e38c1c93389b802a03e3e2e4a50e75d088275195f836f66e25f1a431dd56bb2}，}

我已经用所有的键缩短了结果，但是接下来要做什么?

I have shorten the result with all the keys, but what to do next ?

推荐答案

最后我可以用 this 代码类.SRP 身份验证涉及多个挑战.InitiateAuthRequest 是必要的第一个请求.

Finally i could solve it with this code class.There are multiple challenges involved in SRP authentication. The InitiateAuthRequest is one first request that is necessary.

这个类似的问题对我有帮助:stackoverflowstackoverfow

This similiar question helped me : stackoverflowstackoverfow

String PerformSRPAuthentication(String username, String password) {
    String authresult = null;

    InitiateAuthRequest initiateAuthRequest = initiateUserSrpAuthRequest(username);
    try {
        AnonymousAWSCredentials awsCreds = new AnonymousAWSCredentials();
        AWSCognitoIdentityProvider cognitoIdentityProvider = AWSCognitoIdentityProviderClientBuilder
                .standard()
                .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                .withRegion(Regions.fromName(this.region))
                .build();
        InitiateAuthResult initiateAuthResult = cognitoIdentityProvider.initiateAuth(initiateAuthRequest);
        if (ChallengeNameType.PASSWORD_VERIFIER.toString().equals(initiateAuthResult.getChallengeName())) {
            RespondToAuthChallengeRequest challengeRequest = userSrpAuthRequest(initiateAuthResult, password);
            RespondToAuthChallengeResult result = cognitoIdentityProvider.respondToAuthChallenge(challengeRequest);
            //System.out.println(result);
            System.out.println(CognitoJWTParser.getPayload(result.getAuthenticationResult().getIdToken()));
            authresult = result.getAuthenticationResult().getIdToken();
        }
    } catch (final Exception ex) {
        System.out.println("Exception" + ex);

    }
    return authresult;
}


 private InitiateAuthRequest initiateUserSrpAuthRequest(String username) {

    InitiateAuthRequest initiateAuthRequest = new InitiateAuthRequest();
    initiateAuthRequest.setAuthFlow(AuthFlowType.USER_SRP_AUTH);
    initiateAuthRequest.setClientId(this.clientId);
    //Only to be used if the pool contains the secret key.
    //initiateAuthRequest.addAuthParametersEntry("SECRET_HASH", this.calculateSecretHash(this.clientId,this.secretKey,username));
    initiateAuthRequest.addAuthParametersEntry("USERNAME", username);
    initiateAuthRequest.addAuthParametersEntry("SRP_A", this.getA().toString(16));
    return initiateAuthRequest;
}

这篇关于Cognito SRP 身份验证 JAVA SDK的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！