/// <summary>
/// Initiates the asynchronous refresh token authentication flow
/// </summary>
/// <param name="refreshTokenRequest">InitiateRefreshTokenAuthRequest object containing the necessary
/// parameters to initiate the refresh token authentication flow</param>
/// <returns>Returns the AuthFlowResponse object that can be used to respond to the next challenge,
/// if one exists</returns>
public virtual async Task <AuthFlowResponse> StartWithRefreshTokenAuthAsync(InitiateRefreshTokenAuthRequest refreshTokenRequest)
{
InitiateAuthRequest initiateAuthRequest = CreateRefreshTokenAuthRequest(refreshTokenRequest.AuthFlowType);
InitiateAuthResponse initiateResponse =
await Provider.InitiateAuthAsync(initiateAuthRequest).ConfigureAwait(false);
// Service does not return the refresh token. Hence, set it to the old refresh token that was used.
if (string.IsNullOrEmpty(initiateResponse.ChallengeName) && string.IsNullOrEmpty(initiateResponse.AuthenticationResult.RefreshToken))
{
initiateResponse.AuthenticationResult.RefreshToken = initiateAuthRequest.AuthParameters[CognitoConstants.ChlgParamRefreshToken];
}
UpdateSessionIfAuthenticationComplete(initiateResponse.ChallengeName, initiateResponse.AuthenticationResult);
return(new AuthFlowResponse(initiateResponse.Session,
initiateResponse.AuthenticationResult,
initiateResponse.ChallengeName,
initiateResponse.ChallengeParameters,
new Dictionary <string, string>(initiateResponse.ResponseMetadata.Metadata)));
}
/// <summary>
/// Initiates the asynchronous custom authentication flow
/// </summary>
/// <param name="customRequest">InitiateCustomAuthRequest object containing the necessary parameters to
/// create an InitiateAuthAsync API call for custom authentication</param>
/// <returns>Returns the AuthFlowResponse object that can be used to respond to the next challenge,
/// if one exists</returns>
public async Task <AuthFlowResponse> StartWithCustomAuthAsync(InitiateCustomAuthRequest customRequest)
{
InitiateAuthRequest authRequest = new InitiateAuthRequest()
{
AuthFlow = AuthFlowType.CUSTOM_AUTH,
AuthParameters = new Dictionary <string, string>(customRequest.AuthParameters),
ClientId = ClientID,
ClientMetadata = new Dictionary <string, string>(customRequest.ClientMetadata)
};
InitiateAuthResponse initiateResponse = await Provider.InitiateAuthAsync(authRequest).ConfigureAwait(false);
UpdateUsernameAndSecretHash(initiateResponse.ChallengeParameters);
UpdateSessionIfAuthenticationComplete(initiateResponse.ChallengeName, initiateResponse.AuthenticationResult);
return(new AuthFlowResponse(initiateResponse.Session,
initiateResponse.AuthenticationResult,
initiateResponse.ChallengeName,
initiateResponse.ChallengeParameters,
new Dictionary <string, string>(initiateResponse.ResponseMetadata.Metadata)));
}
public async Task <LoginResponse> LoginAsync(string username, string password)
{
LoginResponse loginResponse;
InitiateAuthRequest auth = new InitiateAuthRequest()
{
ClientId = CLIENT_ID,
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
};
auth.AuthParameters.Add("USERNAME", username);
auth.AuthParameters.Add("PASSWORD", password);
InitiateAuthResponse response = await _loginClient.InitiateAuthAsync(auth);
if (response.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken jsonToken = handler.ReadToken(response.AuthenticationResult.IdToken) as JwtSecurityToken;
loginResponse = new LoginResponse()
{
Email = jsonToken.Claims.Single(c => c.Type == "email").Value,
EmailVerified = bool.Parse(jsonToken.Claims.Single(c => c.Type == "email_verified").Value),
FamilyName = jsonToken.Claims.Single(c => c.Type == "family_name").Value,
GivenName = jsonToken.Claims.Single(c => c.Type == "given_name").Value,
HomeStudioId = jsonToken.Claims.Single(c => c.Type == "custom:home_studio_id").Value,
IsMigration = bool.Parse(jsonToken.Claims.Single(c => c.Type == "custom:isMigration").Value),
Locale = jsonToken.Claims.Single(c => c.Type == "locale").Value,
MemberId = jsonToken.Claims.Single(c => c.Type == "cognito:username").Value,
JwtToken = response.AuthenticationResult.IdToken,
Expiration = jsonToken.ValidTo,
IssuedOn = jsonToken.ValidFrom,
};
}
else
{
loginResponse = null;
}
return(loginResponse);
}
/// <summary>
/// Initiates the asynchronous SRP authentication flow
/// </summary>
/// <param name="srpRequest">InitiateSrpAuthRequest object containing the necessary parameters to
/// create an InitiateAuthAsync API call for SRP authentication</param>
/// <returns>Returns the AuthFlowResponse object that can be used to respond to the next challenge,
/// if one exists</returns>
public async Task <AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAuthRequest srpRequest)
{
if (srpRequest == null || string.IsNullOrEmpty(srpRequest.Password))
{
throw new ArgumentNullException("Password required for authentication.", "srpRequest");
}
Tuple <BigInteger, BigInteger> tupleAa = AuthenticationHelper.CreateAaTuple();
InitiateAuthRequest initiateRequest = CreateSrpAuthRequest(tupleAa);
InitiateAuthResponse initiateResponse = await Provider.InitiateAuthAsync(initiateRequest);
UpdateUsernameAndSecretHash(initiateResponse.ChallengeParameters);
RespondToAuthChallengeRequest challengeRequest =
CreateSrpPasswordVerifierAuthRequest(initiateResponse, srpRequest.Password, tupleAa);
bool challengeResponsesValid = challengeRequest != null && challengeRequest.ChallengeResponses != null;
bool deviceKeyValid = Device != null && !string.IsNullOrEmpty(Device.DeviceKey);
if (challengeResponsesValid && deviceKeyValid)
{
challengeRequest.ChallengeResponses.Add(CognitoConstants.ChlgParamDeviceKey, Device.DeviceKey);
}
RespondToAuthChallengeResponse verifierResponse =
await Provider.RespondToAuthChallengeAsync(challengeRequest).ConfigureAwait(false);
UpdateSessionIfAuthenticationComplete(verifierResponse.ChallengeName, verifierResponse.AuthenticationResult);
return(new AuthFlowResponse()
{
SessionID = verifierResponse.Session,
ChallengeName = verifierResponse.ChallengeName,
AuthenticationResult = verifierResponse.AuthenticationResult,
ChallengeParameters = verifierResponse.ChallengeParameters,
ClientMetadata = new Dictionary <string, string>(verifierResponse.ResponseMetadata.Metadata)
});
}
/// <summary>
/// Initiates the asynchronous SRP authentication flow
/// </summary>
/// <param name="srpRequest">InitiateSrpAuthRequest object containing the necessary parameters to
/// create an InitiateAuthAsync API call for SRP authentication</param>
/// <returns>Returns the AuthFlowResponse object that can be used to respond to the next challenge,
/// if one exists</returns>
public async Task <AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAuthRequest srpRequest)
{
if (srpRequest == null || string.IsNullOrEmpty(srpRequest.Password))
{
throw new ArgumentNullException("Password required for authentication.", "srpRequest");
}
Tuple <BigInteger, BigInteger> tupleAa = AuthenticationHelper.CreateAaTuple();
InitiateAuthRequest initiateRequest = CreateSrpAuthRequest(tupleAa);
InitiateAuthResponse initiateResponse = await Provider.InitiateAuthAsync(initiateRequest).ConfigureAwait(false);
UpdateUsernameAndSecretHash(initiateResponse.ChallengeParameters);
RespondToAuthChallengeRequest challengeRequest =
CreateSrpPasswordVerifierAuthRequest(initiateResponse, srpRequest.Password, tupleAa);
RespondToAuthChallengeResponse verifierResponse =
await Provider.RespondToAuthChallengeAsync(challengeRequest).ConfigureAwait(false);
if (verifierResponse.ChallengeName == ChallengeNameType.DEVICE_SRP_AUTH)
{
verifierResponse = await HandleDeviceSrpAuthResponseAsync(verifierResponse, tupleAa).ConfigureAwait(false);
}
UpdateSessionIfAuthenticationComplete(verifierResponse.ChallengeName, verifierResponse.AuthenticationResult);
return(new AuthFlowResponse()
{
SessionID = verifierResponse.Session,
ChallengeName = verifierResponse.ChallengeName,
AuthenticationResult = verifierResponse.AuthenticationResult,
ChallengeParameters = verifierResponse.ChallengeParameters,
ClientMetadata = new Dictionary <string, string>(verifierResponse.ResponseMetadata.Metadata)
});
}
/// <summary>
/// Try to sign in with email and password
/// </summary>
public void TrySignInRequest(string username, string password,
Action OnFailureF = null, Action <string> OnSuccessF = null)
{
//Get the SRP variables A and a
var TupleAa = AuthenticationHelper.CreateAaTuple();
InitiateAuthRequest authRequest = new InitiateAuthRequest()
{
ClientId = AppClientID,
AuthFlow = AuthFlowType.USER_SRP_AUTH,
AuthParameters = new Dictionary <string, string>()
{
{ "USERNAME", username },
{ "SRP_A", TupleAa.Item1.ToString(16) }
}
};
//
// This is a nested request / response / request. First we send the
// InitiateAuthRequest, with some crypto things. AWS sends back
// some of its own crypto things, in the authResponse object (this is the "challenge").
// We combine that with the actual password, using math, and send it back (the "challenge response").
// If AWS is happy with our answer, then it is convinced we know the password,
// and it sends us some tokens!
CognitoIDPClient.InitiateAuthAsync(authRequest, (authResponse) => {
if (authResponse.Exception != null)
{
Debug.Log("[TrySignInRequest] exception : " + authResponse.Exception.ToString());
if (OnFailureF != null)
{
OnFailureF();
}
return;
}
//The timestamp format returned to AWS _needs_ to be in US Culture
DateTime timestamp = TimeZoneInfo.ConvertTimeToUtc(DateTime.Now);
CultureInfo usCulture = new CultureInfo("en-US");
String timeStr = timestamp.ToString("ddd MMM d HH:mm:ss \"UTC\" yyyy", usCulture);
//Do the hard work to generate the claim we return to AWS
var challegeParams = authResponse.Response.ChallengeParameters;
byte[] claim = AuthenticationHelper.authenticateUser(
challegeParams["USERNAME"],
password, UserPoolName, TupleAa,
challegeParams["SALT"], challegeParams["SRP_B"],
challegeParams["SECRET_BLOCK"], timeStr);
String claimBase64 = System.Convert.ToBase64String(claim);
// construct the second request
RespondToAuthChallengeRequest respondRequest = new RespondToAuthChallengeRequest()
{
ChallengeName = authResponse.Response.ChallengeName,
ClientId = AppClientID,
ChallengeResponses = new Dictionary <string, string>()
{
{ "PASSWORD_CLAIM_SECRET_BLOCK", challegeParams["SECRET_BLOCK"] },
{ "PASSWORD_CLAIM_SIGNATURE", claimBase64 },
{ "USERNAME", username },
{ "TIMESTAMP", timeStr }
}
};
// send the second request
CognitoIDPClient.RespondToAuthChallengeAsync(respondRequest, (finalResponse) => {
if (finalResponse.Exception != null)
{
// Note: if you have the wrong username/password, you will get an exception.
// It's up to you to differentiate that from other errors / etc.
Debug.Log("[TrySignInRequest] exception : " + finalResponse.Exception.ToString());
if (OnFailureF != null)
{
OnFailureF();
}
return;
}
// Ok, if we got here, we logged in, and here are some tokens
AuthenticationResultType authResult = finalResponse.Response.AuthenticationResult;
string idToken = authResult.IdToken;
string accessToken = authResult.AccessToken;
string refreshToken = authResult.RefreshToken;
Debug.Log("[TrySignInRequest] success!");
if (OnSuccessF != null)
{
OnSuccessF(idToken);
}
});
}); // end of CognitoIDPClient.InitiateAuthAsync
}
/// <summary>
/// Initiates the asynchronous SRP authentication flow
/// </summary>
/// <param name="srpRequest">InitiateSrpAuthRequest object containing the necessary parameters to
/// create an InitiateAuthAsync API call for SRP authentication</param>
/// <returns>Returns the AuthFlowResponse object that can be used to respond to the next challenge,
/// if one exists</returns>
public virtual async Task <AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAuthRequest srpRequest)
{
if (srpRequest == null || string.IsNullOrEmpty(srpRequest.Password))
{
throw new ArgumentNullException("Password required for authentication.", "srpRequest");
}
Tuple <BigInteger, BigInteger> tupleAa = AuthenticationHelper.CreateAaTuple();
InitiateAuthRequest initiateRequest = CreateSrpAuthRequest(tupleAa);
InitiateAuthResponse initiateResponse = await Provider.InitiateAuthAsync(initiateRequest).ConfigureAwait(false);
UpdateUsernameAndSecretHash(initiateResponse.ChallengeParameters);
RespondToAuthChallengeRequest challengeRequest =
CreateSrpPasswordVerifierAuthRequest(initiateResponse, srpRequest.Password, tupleAa);
bool challengeResponsesValid = challengeRequest != null && challengeRequest.ChallengeResponses != null;
bool deviceKeyValid = Device != null && !string.IsNullOrEmpty(Device.DeviceKey);
if (challengeResponsesValid && deviceKeyValid)
{
challengeRequest.ChallengeResponses[CognitoConstants.ChlgParamDeviceKey] = Device.DeviceKey;
}
RespondToAuthChallengeResponse verifierResponse =
await Provider.RespondToAuthChallengeAsync(challengeRequest).ConfigureAwait(false);
var isDeviceAuthRequest = verifierResponse.AuthenticationResult == null && (!string.IsNullOrEmpty(srpRequest.DeviceGroupKey) ||
!string.IsNullOrEmpty(srpRequest.DevicePass));
#region Device-level authentication
if (isDeviceAuthRequest)
{
if (string.IsNullOrEmpty(srpRequest.DeviceGroupKey) || string.IsNullOrEmpty(srpRequest.DevicePass))
{
throw new ArgumentNullException("Device Group Key and Device Pass required for authentication.", "srpRequest");
}
#region Device SRP Auth
var deviceAuthRequest = CreateDeviceSrpAuthRequest(verifierResponse, tupleAa);
var deviceAuthResponse = await Provider.RespondToAuthChallengeAsync(deviceAuthRequest).ConfigureAwait(false);
#endregion
#region Device Password Verifier
var devicePasswordChallengeRequest = CreateDevicePasswordVerifierAuthRequest(deviceAuthResponse, srpRequest.DeviceGroupKey, srpRequest.DevicePass, tupleAa);
verifierResponse = await Provider.RespondToAuthChallengeAsync(devicePasswordChallengeRequest).ConfigureAwait(false);
#endregion
}
#endregion
UpdateSessionIfAuthenticationComplete(verifierResponse.ChallengeName, verifierResponse.AuthenticationResult);
return(new AuthFlowResponse(verifierResponse.Session,
verifierResponse.AuthenticationResult,
verifierResponse.ChallengeName,
verifierResponse.ChallengeParameters,
new Dictionary <string, string>(verifierResponse.ResponseMetadata.Metadata)));
}
public void InitiateAuthAsync(InitiateAuthRequest request, AmazonServiceCallback <InitiateAuthRequest, InitiateAuthResponse> callback, AsyncOptions options = null)
{
throw new System.NotImplementedException();
}
private async Task <SignInResponse> SignIn(AuthFlowType type, SignInRequestBase request,
Dictionary <string, string> authParameters = null, CancellationToken cancellationToken = default)
{
Check.NotNull(request, nameof(request));
var authRequest = new InitiateAuthRequest()
{
ClientId = clientId,
AuthFlow = type,
UserContextData = new UserContextDataType
{
EncodedData =
$"IP:{request.IpAddress};ServerPath:{request.ServerPath};ServerName:{request.ServerName}"
}
};
authRequest.AuthParameters.Add("USERNAME", request.UserName.ToLower());
if (authParameters != null)
{
foreach (var(key, value) in authParameters)
{
authRequest.AuthParameters.Add(key, value);
}
}
try
{
var response = await base.CreateDefaultRetryAsyncPolicy().ExecuteAsync(async() =>
await CognitoidentityProvider.InitiateAuthAsync(authRequest, cancellationToken));
if (response.AuthenticationResult != null)
{
return new SignInResponse
{
IdToken = response.AuthenticationResult.IdToken,
AccessToken = response.AuthenticationResult.AccessToken,
ExpiresIn = response.AuthenticationResult.ExpiresIn,
TokenType = response.AuthenticationResult.TokenType,
RefreshToken = response.AuthenticationResult.RefreshToken,
SignInType = "USER_PASSWORD_AUTH"
}
}
;
return(new SignInResponse
{
Session = response.Session,
ChallengeName = response.ChallengeName.Value,
ChallengeParameters = response.ChallengeParameters
});
}
catch (NotAuthorizedException)
{
throw new BusinessException(ErrorCode.NotAuthorized);
}
catch (Exception ex)
{
throw CatchException(ex);
}
}
