/// <summary>
/// The resulting refresh token will be null and cognito expects the current refresh token to
/// be utilized until it expires. When it expires, user needs to be authenticated
/// https://github.com/aws/aws-aspnet-cognito-identity-provider/issues/76
/// </summary>
/// <param name="refreshToken"></param>
/// <returns></returns>
public async Task <string> GetRenewedTokenAsync(string refreshToken)
{
var authParam = new Dictionary <string, string>();
authParam.Add("REFRESH_TOKEN", refreshToken);
var req = new AdminInitiateAuthRequest()
{
AuthParameters = authParam,
UserPoolId = _userPool.PoolID,
AuthFlow = AuthFlowType.REFRESH_TOKEN,
ClientId = _userPool.ClientID
};
try
{
var result = await _provider.AdminInitiateAuthAsync(req);
var idToken = result.AuthenticationResult.IdToken;
return(idToken);
}
catch (NotAuthorizedException)
{
throw new CcsSsoException("INVALID_REFRESH_TOKEN");
}
}
static void Main(string[] args)
{
string CLIENT_ID = "";
string USERPOOL_ID = "";
string USERNAME = "";
string PASSWORD = "";
string SECRET = "";
AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(FallbackRegionFactory.GetRegionEndpoint());
var request = new AdminInitiateAuthRequest()
{
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
ClientId = CLIENT_ID,
UserPoolId = USERPOOL_ID,
};
//aws cognito-idp admin-set-user-password --user-pool-id us-east-1_GKvnPcxax --username awshero --password Pass@word1234 --permanent
request.AuthParameters.Add("USERNAME", USERNAME);
request.AuthParameters.Add("PASSWORD", PASSWORD);
request.AuthParameters.Add("SECRET_HASH", GenerateSecretHash(USERNAME, CLIENT_ID, SECRET));
var response = provider.AdminInitiateAuthAsync(request).Result;
Console.WriteLine(response.AuthenticationResult.AccessToken);
Console.ReadLine();
}
public async Task <bool> CheckPasswordAsync(string userName, string password)
{
var userName1 = "*****@*****.**";
var passwrod1 = "MytestPass141!asdfasdf";
try
{
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = "us-east-1_0lir0CGDl",
ClientId = "6aaambb1i02abdkokr2n4ohojl",
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", userName);
authReq.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse authResp = await _client.AdminInitiateAuthAsync(authReq);
return(true);
}
catch
{
return(false);
}
}
public async Task <object> CognitoSignIn(UserRequest creds)
{
string accessKey = Environment.GetEnvironmentVariable("ACCESS");
string secretKey = Environment.GetEnvironmentVariable("SECRET");
// string provider = Environment.GetEnvironmentVariable("PROVIDER");
string poolId = Environment.GetEnvironmentVariable("POOL");
string client = Environment.GetEnvironmentVariable("CLIENT");
try{
using var AmazonCognitoP = new AmazonCognitoIdentityProviderClient(
awsAccessKeyId: accessKey,
awsSecretAccessKey: secretKey,
region: RegionEndpoint.USEast1);
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = poolId,
ClientId = client,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", creds.userName);
authReq.AuthParameters.Add("PASSWORD", creds.passWord);
var authResp = await AmazonCognitoP.AdminInitiateAuthAsync(authReq);
return(authResp);
}
catch (Exception e)
{
throw e;
}
}
public async Task <IActionResult> SignIn(User user)
{
if (!ModelState.IsValid)
{
return(ResponseMessageHelper.ModelStateInvalid(ModelState));
}
var cognito = new AmazonCognitoIdentityProviderClient(_region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = _config.Value.AwsCognitoUserPoolId,
ClientId = _config.Value.AwsCognitoAppClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
try
{
var response = await cognito.AdminInitiateAuthAsync(request);
return(ResponseMessageHelper.Ok(response.AuthenticationResult.IdToken));
}
catch (NotAuthorizedException ex)
{
return(ResponseMessageHelper.Unauthorized(ex.Message));
}
catch (Exception ex)
{
return(ResponseMessageHelper.InternalServerError(ex.Message));
}
}
public async Task <ActionResult <string> > SignIn(User user)
{
RegionEndpoint region = RegionEndpoint.GetBySystemName(this.cognitoSettings.Value.Region);
var cognito = new AmazonCognitoIdentityProviderClient(region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = this.cognitoSettings.Value.PoolId,
ClientId = this.cognitoSettings.Value.AppClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
var response = await cognito.AdminInitiateAuthAsync(request);
var expireDate = DateTime.Now.AddSeconds(response.AuthenticationResult.ExpiresIn);
return(Ok(new
{
id_token = response.AuthenticationResult.IdToken,
expires_at = expireDate,
username = user.Username
}));
}
private async Task <string> CheckPasswordAsync(string userName, string password)
{
try
{
string accessKey = WebConfigurationManager.AppSettings["AWSAccessKeyId"];
string secretKey = WebConfigurationManager.AppSettings["AWSSecretAccessKey"];
//string _aWSRegion = ConfigurationManager.AppSettings["AWSRegion"];
AmazonCognitoIdentityProviderClient _client = new AmazonCognitoIdentityProviderClient(accessKey, secretKey, Amazon.RegionEndpoint.USEast1);
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = WebConfigurationManager.AppSettings["USERPOOL_ID"],
ClientId = WebConfigurationManager.AppSettings["CLIENT_ID"],
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", userName);
authReq.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse authResp = await _client.AdminInitiateAuthAsync(authReq);
string IdToken = authResp.AuthenticationResult.IdToken;
return(IdToken);
}
catch (Exception ex)
{
return(string.Empty);
}
}
private async Task <bool> CheckPasswordAsync(string userName, string password)
{
try
{
var authReq = new AdminInitiateAuthRequest()
{
UserPoolId = _poolId,
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
};
authReq.AuthParameters.Add("USERNAME", userName);
authReq.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse authResp = await _client.AdminInitiateAuthAsync(authReq);
// await new MessageDialog(authResp.ToString(), "Sign In Result").ShowAsync();
return(true);
}
catch (Exception ex)
{
string message = ex.Message;
await new MessageDialog(message, "Sign In Error").ShowAsync();
return(false);
}
}
/// <summary>
/// Confirms user registration as an admin with using a confirmation code.
/// </summary>
/// <param name="loginRequest"></param>
/// <returns></returns>
public async Task <bool> AdminConfirmUserWithNewPassword(Real.AdminConfirmUserWithTempPasswordRequest loginRequest)
{
var client = new AmazonCognitoIdentityProviderClient(RegionEndpoint.GetBySystemName(REGION));
var dictTypeAuthParam = new Dictionary <string, string> {
{ "USERNAME", loginRequest.Username }, { "PASSWORD", loginRequest.TempPassword }
};
AdminInitiateAuthRequest req = new AdminInitiateAuthRequest()
{
AuthFlow = new AuthFlowType(AuthFlowType.ADMIN_NO_SRP_AUTH),
ClientId = CLIENTAPP_ID,
UserPoolId = POOL_ID,
AuthParameters = dictTypeAuthParam
};
var response = await client.AdminInitiateAuthAsync(req);
var dictTypeChallangeResponse = new Dictionary <string, string>
{
{ "USERNAME", loginRequest.Username },
{ "NEW_PASSWORD", loginRequest.NewPassword }
};
var respondRequest = new AdminRespondToAuthChallengeRequest()
{
ChallengeName = new ChallengeNameType(ChallengeNameType.NEW_PASSWORD_REQUIRED),
ClientId = CLIENTAPP_ID,
ChallengeResponses = dictTypeChallangeResponse,
Session = response.Session,
UserPoolId = POOL_ID
};
var respondResponse = await client.AdminRespondToAuthChallengeAsync(respondRequest);
return(true);
}
public async Task <AuthResponse> LogIn(string username, string password)
{
try
{
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = Config.UserPoolId,
ClientId = Config.ClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH,
};
authReq.AuthParameters.Add("USERNAME", username);
authReq.AuthParameters.Add("PASSWORD", password);
//authReq.AuthParameters.Add("SECRET_HASH", AuthHelper.HashHmac(Config.UserPoolId, Config.ClientSecret));
AdminInitiateAuthResponse authResp = await _client.AdminInitiateAuthAsync(authReq);
return(new AuthResponse
{
AccessToken = authResp.AuthenticationResult.AccessToken,
ExpiresIn = authResp.AuthenticationResult.ExpiresIn,
IdToken = authResp.AuthenticationResult.IdToken,
RefreshToken = authResp.AuthenticationResult.RefreshToken,
TokenType = authResp.AuthenticationResult.TokenType,
});
}
catch (Exception ex)
{
return(new AuthResponse
{
ErrorMessage = ex.Message
});
}
}
private async Task <bool> CheckPasswordAsync(string userName, string password)
{
try
{
var client = new AmazonCognitoIdentityProviderClient();
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = ConfigurationManager.AppSettings["USERPOOL_ID"],
ClientId = ConfigurationManager.AppSettings["CLIENT_ID"],
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", userName);
authReq.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse authResp = await client.AdminInitiateAuthAsync(authReq);
// Validate that there is no case that an exception won't be thrown
return(true);
}
catch
{
return(false);
}
}
public async Task <ActionResult <string> > SignIn(User user)
{
var cognito = new AmazonCognitoIdentityProviderClient(_region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = "us-west-2_EOGDtXwex",
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
try
{
var response = await cognito.AdminInitiateAuthAsync(request);
return(Ok(response.AuthenticationResult.IdToken));
}
catch (Exception ex)
{
return(Ok(ex));
}
}
public static BooleanResult getResponse(String userName, String password)
{
try
{
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = ConfigurationManager.AppSettings["USERPOOL_ID"],
ClientId = ConfigurationManager.AppSettings["CLIENT_ID"],
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", userName);
authReq.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse authResp = await _client.AdminInitiateAuthAsync(authReq);
return(new BooleanResult()
{
Success = true
});
}
catch
{
return(new BooleanResult()
{
Success = false
});
}
}
public async Task <ActionResult <string> > SignIn(User user)
{
var cognito = new AmazonCognitoIdentityProviderClient(_region);
try
{
var request = new AdminInitiateAuthRequest
{
UserPoolId = "us-east-1_h2hBTYgfp",
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
var response = await cognito.AdminInitiateAuthAsync(request);
return(Ok(response.AuthenticationResult.IdToken));
}
catch (UserNotFoundException)
{
return(BadRequest("Username or password is invalid"));
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
/// <summary>
/// Password flow, using admin API to fetch user details
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns> CognitoUserCustomAttributes </returns>
private async Task <CognitoUserCustomAttributes> AuthenticateAndGetCognitoUserCustomAttributes(string userName, string password)
{
var request = new AdminInitiateAuthRequest
{
UserPoolId = userPoolId,
ClientId = clientId,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH
};
request.AuthParameters.Add("USERNAME", userName);
request.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse response;
try
{
response = await cognitoClient.AdminInitiateAuthAsync(request);
}
catch (Exception ex)
{
return(new CognitoUserCustomAttributes
{
ErrorMessage = ex.Message
});
}
if (response.HttpStatusCode != HttpStatusCode.OK)
{
return(new CognitoUserCustomAttributes
{
ErrorMessage = "Login error"
});
}
var hand = new JwtSecurityTokenHandler();
var customAttributes = hand.ReadJwtToken(response.AuthenticationResult.IdToken);
var identityResponse = new CognitoUserCustomAttributes
{
Role = GetCustomAttributeValue(customAttributes, CustomAttributeField.Role),
HomeDirectoryDetails = GetCustomAttributeValue(customAttributes, CustomAttributeField.HomeDirectoryDetails),
HomeDirectory = GetCustomAttributeValue(customAttributes, CustomAttributeField.HomeDirectory),
Policy = GetCustomAttributeValue(customAttributes, CustomAttributeField.Policy)
};
// HomeDirectoryDetails to hide actual S3 path
identityResponse.HomeDirectoryType = identityResponse.HomeDirectoryDetails != null ? CustomAttributeField.HomeDirectoryType : null;
return(identityResponse);
}
public async Task <ActionResult <string> > SignIn(User user)
{
var request = new AdminInitiateAuthRequest
{
UserPoolId = _poolId,
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
var response = await _cognito.AdminInitiateAuthAsync(request);
return(Ok(response.AuthenticationResult.IdToken));
}
public async Task <string> LoginAsync(UserInputModel userInput)
{
_logger.LogDebug("Invoked Service LoginAsync");
if (userInput == null)
{
throw new ArgumentNullException($"userInput is null");
}
if (_credentialsConfiguration == null)
{
throw new ArgumentNullException();
}
if (string.IsNullOrEmpty(_credentialsConfiguration.AccessKeyId) || string.IsNullOrEmpty(_credentialsConfiguration.SecretAccessKeyPassword) || string.IsNullOrEmpty(_credentialsConfiguration.Region))
{
throw new ApplicationException();
}
if (string.IsNullOrEmpty(userInput.Username) || string.IsNullOrEmpty(userInput.Password))
{
throw new ArgumentNullException($"username or password null");
}
var client = new AmazonCognitoIdentityProviderClient(
_credentialsConfiguration.AccessKeyId,
_credentialsConfiguration.SecretAccessKeyPassword,
RegionEndpoint.GetBySystemName(_credentialsConfiguration.Region)
);
_logger.LogDebug($"Service LoginAsync logging in for user: [{userInput.Username}]");
var session = await client.AdminInitiateAuthAsync(new AdminInitiateAuthRequest
{
UserPoolId = _credentialsConfiguration.UserPoolId,
ClientId = _credentialsConfiguration.UserPoolAppClientId,
AuthFlow = "ADMIN_NO_SRP_AUTH",
AuthParameters = new Dictionary <string, string>
{
{ "USERNAME", userInput.Username },
{ "PASSWORD", userInput.Password }
}
});
_logger.LogDebug("Service LoginAsync successful");
return(session.AuthenticationResult.IdToken);
}
public override async Task Start(string _postJson, IDynamoDBContext _dynamoDBContext)
{
await base.Start(_postJson, _dynamoDBContext);
User user = JsonConvert.DeserializeObject <User>(_postJson);
var authReq = new AdminInitiateAuthRequest()
{
UserPoolId = ApiDefine.CognitoPoolId,
ClientId = ApiDefine.CognitoClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", user.Email);
authReq.AuthParameters.Add("EMAIL", user.Email);
authReq.AuthParameters.Add("PASSWORD", user.Password);
var client = new AmazonCognitoIdentityProviderClient(ApiDefine.Credentials, RegionEndpoint.USWest2);
AdminInitiateAuthResponse authResp = await client.AdminInitiateAuthAsync(authReq);
// AccessTokenを元にUser名を取得
var getUserReq = new GetUserRequest()
{
AccessToken = authResp.AuthenticationResult.AccessToken
};
var getUserResp = await client.GetUserAsync(getUserReq);
/*var req = new AdminRespondToAuthChallengeRequest()
* {
* ChallengeName = ChallengeNameType.ADMIN_NO_SRP_AUTH,
* ClientId = ApiDefine.CognitoClientId,
* UserPoolId = ApiDefine.CognitoPoolId,
* Session = authResp.Session,
* ChallengeResponses = new Dictionary<string, string>() {
* { "USERNAME", user.Email }, { "PASSWORD", user.Password }
* },
* };
* var resp = await client.AdminRespondToAuthChallengeAsync(req);*/
JsPath = "cognito/my.page.js";
string json = JsonConvert.SerializeObject(getUserResp);
await loadJs();
ExecJs = ExecJs.Replace("_JSON", json.Replace("\"", "\\\""));
}
public async Task <AccountLoginResponseModel> Signin(AccountLoginModel model)
{
var cognito = new AmazonCognitoIdentityProviderClient(_secret.AwsAccessKey, _secret.AwsSecretKey, _region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = _secret.UserPoolId,
ClientId = _secret.ClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", model.Username);
request.AuthParameters.Add("PASSWORD", model.Password);
var response = await cognito.AdminInitiateAuthAsync(request);
return(Mapper.Map <AccountLoginResponseModel>(response));
}
public static async Task <AuthenticationResultType> GetToken(string userName = "******", string password = "******")
{
var cognito = new AmazonCognitoIdentityProviderClient(_region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = UserPoolId,
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH
};
request.AuthParameters.Add("USERNAME", userName);
request.AuthParameters.Add("PASSWORD", password);
var response = await cognito.AdminInitiateAuthAsync(request);
return(response.AuthenticationResult);
}
public async Task <ActionResult <string> > Signin([FromBody] User user)
{
var validation = user != default(User) &&
!string.IsNullOrEmpty(user.UserName) &&
!string.IsNullOrEmpty(user.Password);
if (!validation)
{
return(BadRequest());
}
var token = string.Empty;
var clientId = "20jo0qhegstp7ovimab8nln5pg";
var userPoolId = @"ap-southeast-1_TarRBIFR7";
var awsCredentials = new BasicAWSCredentials(
accessKey: "AKIAJLCJTGLJZ67AAAZA",
secretKey: "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");
try
{
var authenticationRequest = new AdminInitiateAuthRequest
{
UserPoolId = userPoolId,
ClientId = clientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authenticationRequest.AuthParameters.Add("USERNAME", user.UserName);
authenticationRequest.AuthParameters.Add("PASSWORD", user.Password);
using (var client =
new AmazonCognitoIdentityProviderClient(awsCredentials, RegionEndpoint.APSouth1))
{
var response = await client.AdminInitiateAuthAsync(authenticationRequest);
token = response.AuthenticationResult.IdToken;
}
}
catch (Exception exceptionObject)
{
throw exceptionObject;
}
return(Ok(token));
}
public async Task <IHttpActionResult> SignInAsync()
{
var cognito = new AmazonCognitoIdentityProviderClient(_region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = _poolID,
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", "testuser2");
request.AuthParameters.Add("PASSWORD", "*Ibm12345");
var response = await cognito.AdminInitiateAuthAsync(request);
return(Ok(response.AuthenticationResult.IdToken));
}
public async Task <IActionResult> SignIn(User user)
{
var cognito = new AmazonCognitoIdentityProviderClient(_region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = _appConfig.Value.PoolId,
ClientId = _appConfig.Value.AppClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
var response = await cognito.AdminInitiateAuthAsync(request);
return(Ok(response.AuthenticationResult.IdToken));
}
public async Task <AdminInitiateAuthResponse> PerformAuthAsync(UserForCreationDto user)
{
var authRequest = new AdminInitiateAuthRequest
{
UserPoolId = _settings.Value.UserPoolId,
ClientId = _settings.Value.UserPoolClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authRequest.AuthParameters.Add("USERNAME", user.UserName);
authRequest.AuthParameters.Add("PASSWORD", user.Password);
AmazonCognitoIdentityProviderClient _client = new AmazonCognitoIdentityProviderClient();
AdminInitiateAuthResponse authResponse = await _client.AdminInitiateAuthAsync(authRequest);
return(authResponse);
}
//public ActionResult SignUp()
//Task<ActionResult<string>>
public async Task <IActionResult> SignUp()
{
if (ModelState.IsValid)
{
var cognito = new AmazonCognitoIdentityProviderClient("Access key ID", "Secret access key", _region);
/*User Sign up (new user creation)*/
//var request = new SignUpRequest
//{
// ClientId = _clientId,
// Password = "******",
// Username = "******"
//};
//var emailAttribute = new AttributeType
//{
// Name = "email",
// Value = "*****@*****.**"
//};
//request.UserAttributes.Add(emailAttribute);
//var response = await cognito.SignUpAsync(request);
/*SignUp End*/
/*User Login*/
var request = new AdminInitiateAuthRequest
{
UserPoolId = "ap-south-1_beZvEAZjS",
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH
};
request.AuthParameters.Add("USERNAME", "....");
request.AuthParameters.Add("PASSWORD", ".....");
var response = await cognito.AdminInitiateAuthAsync(request);
string id = response.AuthenticationResult.IdToken;
/*Login End*/
//return RedirectToAction("Index");
}
return(View("SignUp"));
}
public async Task <IAASUserSignInResponse> SignIn(string userPoolId, string userPoolClientId, string email, string password)
{
var request = new AdminInitiateAuthRequest
{
UserPoolId = userPoolId,
ClientId = userPoolClientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", email);
request.AuthParameters.Add("PASSWORD", password);
var response = await Client.AdminInitiateAuthAsync(request);
return(new IAASUserSignInResponse
{
Token = response.AuthenticationResult.IdToken
});
}
static async Task Main(string[] args)
{
var awsOptions = new AWSOptions();
using (var cognito = new AmazonCognitoIdentityProviderClient(RegionEndpoint.EUWest1))
{
var initAuthRequest = new AdminInitiateAuthRequest
{
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH,
AuthParameters = new Dictionary <string, string>
{
},
UserPoolId = "eu-west-1_BJ8QvSs1g",
ClientId = "5ive4k9rhvvo776p7rppa5gcd5"
};
var response = await cognito.AdminInitiateAuthAsync(initAuthRequest);
var challengeResponse = new AdminRespondToAuthChallengeRequest
{
ChallengeName = response.ChallengeName,
Session = response.Session,
ClientId = "Filer",
UserPoolId = "Services"
};
var authResponse = await cognito.AdminRespondToAuthChallengeAsync(challengeResponse);
using (var securityTokenProvider = new AmazonSecurityTokenServiceClient())
{
var assumeRoleRequest = new AssumeRoleWithWebIdentityRequest
{
RoleArn = "",
WebIdentityToken = authResponse.AuthenticationResult.AccessToken
};
var roleCreds = await securityTokenProvider.AssumeRoleWithWebIdentityAsync(assumeRoleRequest);
awsOptions.Credentials = roleCreds.Credentials;
}
}
}
public async Task <ActionResult <string> > GetToken(UserViewModel user)
{
var awsCredentials = new Amazon.Runtime.BasicAWSCredentials("AKIAJ7BOWC5RMJ7TVMDQ", "MiCAGAw1PbBuaBKNEFSM7PP+UErR6U0N8Lrq3j/r");
var cognito = new AmazonCognitoIdentityProviderClient(awsCredentials, _region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = "us-west-2_8RxRlJIxy",
ClientId = _clientId,
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
request.AuthParameters.Add("USERNAME", user.Username);
request.AuthParameters.Add("PASSWORD", user.Password);
var response = await cognito.AdminInitiateAuthAsync(request);
return(Ok(response.AuthenticationResult.IdToken));
}
public static async Task <AuthenticationResultType> RefreshToken(string refreshToken)
{
try
{
var cognito = new AmazonCognitoIdentityProviderClient(_region);
var request = new AdminInitiateAuthRequest
{
UserPoolId = UserPoolId_Daihu,
ClientId = _clientIdDaihu,
AuthFlow = AuthFlowType.REFRESH_TOKEN_AUTH
};
request.AuthParameters.Add("REFRESH_TOKEN", refreshToken);
var result = await cognito.AdminInitiateAuthAsync(request);
return(result.AuthenticationResult);
}
catch (Exception ex)
{
return(null);
}
}
private async Task <bool> CheckPasswordAsync(string userName, string password)
{
try
{
var authReq = new AdminInitiateAuthRequest
{
UserPoolId = ConfigurationManager.AppSettings["USERPOOL_ID"],
ClientId = ConfigurationManager.AppSettings["CLIENT_ID"],
AuthFlow = AuthFlowType.ADMIN_NO_SRP_AUTH
};
authReq.AuthParameters.Add("USERNAME", userName);
authReq.AuthParameters.Add("PASSWORD", password);
AdminInitiateAuthResponse authResp = await _client.AdminInitiateAuthAsync(authReq);
return(true);
}
catch
{
return(false);
}
}