I am writing a console POC to demo AWS cognito authentication - App Pool not federated identity, as our API gateway authentication mechanism (not hosted in AWS). This is being written in C#.
I have successfully created a user, confirmed them; but now I need to authenticate to retrieve a JWT that an I can pass around and validate downstream.
The following code
using (var client = new AmazonCognitoIdentityProviderClient())
{
var initAuthRequest = new InitiateAuthRequest();
initAuthRequest.AuthParameters.Add("USERNAME", username);
initAuthRequest.AuthParameters.Add("PASSWORD", password);
initAuthRequest.ClientId = clientId;
initAuthRequest.AuthFlow = AuthFlowType.USER_SRP_AUTH;
var response = client.InitiateAuth(initAuthRequest);
WriteLine("auth ok");
}
Yields this exception:
An unhandled exception of type 'Amazon.CognitoIdentityProvider.Model.InvalidParameterException' occurred in AWSSDK.Core.dll
Additional information: Missing required parameter SRP_A
I cannot find a way in the dotnet sdk of generating an SRP header, can anyone help?
Thanks KH
There is actually a new extension class, helping with exactly that. Just search for this NuGet package:
The GitHub repository can be found here.
Some examples can be found here. The very first code example shows you how to do the SRP-flow.
As already stated by Chetan, SRP authentication is not supported by the .NET SDK. However, it should be possible by using some 3rd party implementation of the SRP procedure which can be found here.
According to some comments on Github, this code should work (but unfortunately the custom SRP authentication implementation did not work for me but maybe it works for you).
Cognito User Pools does not support SRP authentication from .NET SDK. You will not be able to use
AuthFlowType.USER_SRP_AUTH
with theInitiateAuth
API call.If you want to sign-in using a USERNAME and PASSWORD directly, you can look at the Admin Authentication flow which uses the AdminInitiateAuth API and ADMIN_NO_SRP_AUTH flow.
I want to preface that am not familiar with the AWS .NET SDK; however, the following may provide helpful insight.
AWS provides a Cognito Identity helper library in JavaScript amazon-cognito-identity-js you can review the source code specifically the AuthenticationHelper.js file as it contains logic used to calculate SRP. Furthermore, there is a method to calculate SRP_A which is the parameter required for invoking the "initiateAuth" API method. Hopefully this helps you move forward in the correct direction.
As a side note, you may notice that the amazon-cognito-identity-js library has dependency on a big integer library to handle loss of significance issues intrinsic to the JavaScript Number data type that effects accuracy of precision. Primarily, I mention this as I am not familiar whether or not this arithmetic issue is relevant in the context of .NET as it relates to SRP calculations.