aws cognito pool with multiple sign in options

2019-04-10 13:37发布

站内问答 / 前端开发
1465 1 5

I have a mobile application and wanted to use AWS Cognito pool for user management (sign up & sign in). I wanted to provide below 3 options for users to log in to my app

  1. username, password
  2. phone number with OTP login - on the sign in screen, the user enters his phone number, and Cognito should send OTP code, and on verification, it should allow to login
  3. Google connect login

during sign up, the user will set up username, password and adds verified phone number and optionally they can add their google connect to their profile.

How to setup Cognito pool for this scenario that user can choose any of the above 3 options to log in to the app?

1条回答
等我变得足够好
2楼-- · 2019-04-10 14:16

I found a way to setup Cognito to allow multiple login options. setup Cognito like below 1. select use phone number as username 2. make it mandatory and verifiable. 3. this will make phone_number as alias for login.

use CUSTOM_CHALLENGE option to configure login with phone number with OTP.

basically, we need to configure 3 triggers in Cognito to send OTP to user registered number. 1. sign-in define auth challenge trigger -- define CUSTOM_CHALLENGE 2. sign-in create auth challenge trigger -- create logic to generate OTP and send SMS using SNS service 3. sign-in verify auth challenge trigger -- validate received OTP, generated OTP will be available in context so no need to save in any database.

Trigger#1 - define auth challenge

exports.handler = (event, context, callback) => {

    if (event.request.session.length == 0){

        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'CUSTOM_CHALLENGE';

    } else if(event.request.session.length == 1 
        && event.request.session[0].challengeName == 'CUSTOM_CHALLENGE' 
        && event.request.session[0].challengeResult == true){

        event.response.issueTokens = true;
        event.response.failAuthentication = false;

    } else {

        event.response.issueTokens = false;
        event.response.failAuthentication = true;
    }

     // Return to Amazon Cognito
    callback(null, event);
}

Trigger#2 - create auth challenge make sure this lambda have SNS role

var AWS = require("aws-sdk");
exports.handler = (event, context, callback) => {
    if (event.request.session.length == 0 && event.request.challengeName == 'CUSTOM_CHALLENGE') {

        //create the code 
        var answer = Math.random().toString(10).substr(2,6);

        //send the code via Amazon SNS Global SMS
        var sns = new AWS.SNS();
        sns.publish({
              Message: 'your verification code is '+answer,
              PhoneNumber: event.request.userAttributes.phone_number
            }, function(err, data) {
                if (err){ 

                    console.log(err, err.stack); // an error occurred
                    return;
                }
                console.log('SMS Sent');           // successful response
        });

        //set the return parameters **including the correct answer**

        event.response.publicChallengeParameters = {};
        event.response.privateChallengeParameters = {};
        event.response.privateChallengeParameters.answer = answer;
        event.response.challengeMetadata = 'PASSWORDLESS_CHALLENGE';
    }
    //Return to Amazon Cognito
    callback(null, event);

}

Trigger#3 - verify auth challenge response

exports.handler = (event, context, callback) => {
    if (event.request.privateChallengeParameters.answer == event.request.challengeAnswer) {
        event.response.answerCorrect = true;
    } else {
        event.response.answerCorrect = false;
    }
    // Return to Amazon Cognito
    callback(null, event);
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)