Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
# Ejemplos de código de Amazon Cognito con AWS SDK
En los siguientes ejemplos de código, se muestra cómo utilizar Amazon Cognito con un kit de desarrollo de software (SDK) de AWS.
Para obtener una lista completa de las guías para desarrolladores de AWS SDK y ejemplos de código, consulte [Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
**Contents**
+ [Amazon Cognito Identity](service_code_examples_cognito-identity.md)
+ [Conceptos básicos](service_code_examples_cognito-identity_basics.md)
+ [Acciones](service_code_examples_cognito-identity_actions.md)
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
+ [Escenarios](service_code_examples_cognito-identity_scenarios.md)
+ [Creación de una aplicación de exploración de Amazon Textract](cognito-identity_example_cross_TextractExplorer_section.md)
+ [Amazon Cognito Identity Provider](service_code_examples_cognito-identity-provider.md)
+ [Conceptos básicos](service_code_examples_cognito-identity-provider_basics.md)
+ [Introducción a Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [Acciones](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
+ [Escenarios](service_code_examples_cognito-identity-provider_scenarios.md)
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Uso de los grupos de identidades de Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md)
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
+ [Amazon Cognito Sync](service_code_examples_cognito-sync.md)
+ [Conceptos básicos](service_code_examples_cognito-sync_basics.md)
+ [Acciones](service_code_examples_cognito-sync_actions.md)
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Ejemplos de código para Amazon Cognito Identity mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo utilizar Amazon Cognito Identity con un kit de desarrollo de AWS software (SDK).
Las *acciones* son extractos de código de programas más grandes y deben ejecutarse en contexto. Mientras las acciones muestran cómo llamar a las distintas funciones de servicio, es posible ver las acciones en contexto en los escenarios relacionados.
Los *escenarios* son ejemplos de código que muestran cómo llevar a cabo una tarea específica a través de llamadas a varias funciones dentro del servicio o combinado con otros Servicios de AWS.
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
**Contents**
+ [Conceptos básicos](service_code_examples_cognito-identity_basics.md)
+ [Acciones](service_code_examples_cognito-identity_actions.md)
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
+ [Escenarios](service_code_examples_cognito-identity_scenarios.md)
+ [Creación de una aplicación de exploración de Amazon Textract](cognito-identity_example_cross_TextractExplorer_section.md)
# Ejemplos básicos de Amazon Cognito Identity mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo utilizar los conceptos básicos de Amazon Cognito Identity con. AWS SDKs
**Contents**
+ [Acciones](service_code_examples_cognito-identity_actions.md)
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
# Acciones para el uso de Amazon Cognito Identity AWS SDKs
Los siguientes ejemplos de código muestran cómo realizar acciones individuales de Amazon Cognito Identity con. AWS SDKs Cada ejemplo incluye un enlace a GitHub, donde puede encontrar instrucciones para configurar y ejecutar el código.
Estos fragmentos llaman a la API de identidades de Amazon Cognito y son fragmentos de código de programas más grandes que se deben ejecutar en contexto. Puede ver las acciones en contexto en [Escenarios de uso de Amazon Cognito Identity AWS SDKs](service_code_examples_cognito-identity_scenarios.md).
Los siguientes ejemplos incluyen solo las acciones que se utilizan con mayor frecuencia. Para consultar la lista completa, vea la [referencia de la API de Amazon Cognito Identity](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/Welcome.html).
**Topics**
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
# Úselo `CreateIdentityPool` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `CreateIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Para crear un grupo de identidades con el proveedor de grupos de identidades de Cognito**
En este ejemplo se crea un grupo de identidades denominado MyIdentityPool. Tiene un proveedor de grupo de identidades de Cognito. No se permiten identidades no autenticadas.
Comando:
```
aws cognito-identity create-identity-pool --identity-pool-name MyIdentityPool --no-allow-unauthenticated-identities --cognito-identity-providers ProviderName="cognito-idp.us-west-2.amazonaws.com/us-west-2_aaaaaaaaa",ClientId="3n4b5urk1ft4fl3mg5e62d9ado",ServerSideTokenCheck=false
```
Salida:
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",
"ClientId": "3n4b5urk1ft4fl3mg5e62d9ado",
"ServerSideTokenCheck": false
}
]
}
```
+ Para obtener más información sobre la API, consulte [CreateIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/create-identity-pool.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolRequest;
import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateIdentityPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
identityPoolName - The name to give your identity pool.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String identityPoolName = args[0];
CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.build();
String identityPoolId = createIdPool(cognitoClient, identityPoolName);
System.out.println("Unity pool ID " + identityPoolId);
cognitoClient.close();
}
public static String createIdPool(CognitoIdentityClient cognitoClient, String identityPoolName) {
try {
CreateIdentityPoolRequest poolRequest = CreateIdentityPoolRequest.builder()
.allowUnauthenticatedIdentities(false)
.identityPoolName(identityPoolName)
.build();
CreateIdentityPoolResponse response = cognitoClient.createIdentityPool(poolRequest);
return response.identityPoolId();
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
}
```
+ Para obtener más información sobre la API, consulta [CreateIdentityPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/CreateIdentityPool)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Creación de un nuevo grupo de identidades que permite identidades no autenticadas.**
```
New-CGIIdentityPool -AllowUnauthenticatedIdentities $true -IdentityPoolName CommonTests13
```
**Salida:**
```
LoggedAt : 8/12/2015 4:56:07 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3
IdentityPoolName : CommonTests13
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 136
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [CreateIdentityPool Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Creación de un nuevo grupo de identidades que permite identidades no autenticadas.**
```
New-CGIIdentityPool -AllowUnauthenticatedIdentities $true -IdentityPoolName CommonTests13
```
**Salida:**
```
LoggedAt : 8/12/2015 4:56:07 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3
IdentityPoolName : CommonTests13
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 136
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [CreateIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples).
```
import AWSCognitoIdentity
/// Create a new identity pool and return its ID.
///
/// - Parameters:
/// - name: The name to give the new identity pool.
///
/// - Returns: A string containing the newly created pool's ID, or `nil`
/// if an error occurred.
///
func createIdentityPool(name: String) async throws -> String? {
do {
let cognitoInputCall = CreateIdentityPoolInput(developerProviderName: "com.exampleco.CognitoIdentityDemo",
identityPoolName: name)
let result = try await cognitoIdentityClient.createIdentityPool(input: cognitoInputCall)
guard let poolId = result.identityPoolId else {
return nil
}
return poolId
} catch {
print("ERROR: createIdentityPool:", dump(error))
throw error
}
}
```
+ Para obtener información, consulte [Guía para desarrolladores del SDK de AWS SDK para Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html).
+ Para obtener más información sobre la API, consulta [CreateIdentityPool](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/createidentitypool(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `DeleteIdentityPool` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `DeleteIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Para eliminar un grupo de identidades**
En el siguiente ejemplo de `delete-identity-pool` se elimina el grupo de identidades especificado.
Comando:
```
aws cognito-identity delete-identity-pool \
--identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111"
```
Este comando no genera ninguna salida.
+ Para obtener más información sobre la API, consulte [DeleteIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/delete-identity-pool.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.DeleteIdentityPoolRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class DeleteIdentityPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
identityPoolId - The Id value of your identity pool.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String identityPoold = args[0];
CognitoIdentityClient cognitoIdClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.credentialsProvider(ProfileCredentialsProvider.create())
.build();
deleteIdPool(cognitoIdClient, identityPoold);
cognitoIdClient.close();
}
public static void deleteIdPool(CognitoIdentityClient cognitoIdClient, String identityPoold) {
try {
DeleteIdentityPoolRequest identityPoolRequest = DeleteIdentityPoolRequest.builder()
.identityPoolId(identityPoold)
.build();
cognitoIdClient.deleteIdentityPool(identityPoolRequest);
System.out.println("Done");
} catch (AwsServiceException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [DeleteIdentityPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/DeleteIdentityPool)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Eliminación de un grupo de identidades específico.**
```
Remove-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
+ Para obtener más información sobre la API, consulte [DeleteIdentityPool Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Eliminación de un grupo de identidades específico.**
```
Remove-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
+ Para obtener más información sobre la API, consulte [DeleteIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples).
```
import AWSCognitoIdentity
/// Delete the specified identity pool.
///
/// - Parameters:
/// - id: The ID of the identity pool to delete.
///
func deleteIdentityPool(id: String) async throws {
do {
let input = DeleteIdentityPoolInput(
identityPoolId: id
)
_ = try await cognitoIdentityClient.deleteIdentityPool(input: input)
} catch {
print("ERROR: deleteIdentityPool:", dump(error))
throw error
}
}
```
+ Para obtener información, consulte [Guía para desarrolladores del SDK de AWS SDK para Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html).
+ Para obtener más información sobre la API, consulta [DeleteIdentityPool](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/deleteidentitypool(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Utilizar `DescribeIdentityPool` con una CLI
Los siguientes ejemplos de código muestran cómo utilizar `DescribeIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Para describir un grupo de identidades**
En este ejemplo, se describe un grupo de identidades.
Comando:
```
aws cognito-identity describe-identity-pool --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111"
```
Salida:
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",
"ClientId": "3n4b5urk1ft4fl3mg5e62d9ado",
"ServerSideTokenCheck": false
}
]
}
```
+ Para obtener más información sobre la API, consulte [DescribeIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/describe-identity-pool.html)la *Referencia de AWS CLI comandos*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Recuperación de información sobre un grupo de identidades específico mediante el identificador.**
```
Get-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Salida:**
```
LoggedAt : 8/12/2015 4:29:40 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : CommonTests1
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 142
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [DescribeIdentityPool Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Recuperación de información sobre un grupo de identidades específico mediante el identificador.**
```
Get-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Salida:**
```
LoggedAt : 8/12/2015 4:29:40 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : CommonTests1
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 142
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [DescribeIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# `GetCredentialsForIdentity`Úselo con un AWS SDK
En el siguiente ejemplo de código, se muestra cómo utilizar `GetCredentialsForIdentity`.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class GetIdentityCredentials {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
identityId - The Id of an existing identity in the format REGION:GUID.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String identityId = args[0];
CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.build();
getCredsForIdentity(cognitoClient, identityId);
cognitoClient.close();
}
public static void getCredsForIdentity(CognitoIdentityClient cognitoClient, String identityId) {
try {
GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = GetCredentialsForIdentityRequest
.builder()
.identityId(identityId)
.build();
GetCredentialsForIdentityResponse response = cognitoClient
.getCredentialsForIdentity(getCredentialsForIdentityRequest);
System.out.println(
"Identity ID " + response.identityId() + ", Access key ID " + response.credentials().accessKeyId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [GetCredentialsForIdentity](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/GetCredentialsForIdentity)la *Referencia AWS SDK for Java 2.x de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Utilizar `GetIdentityPoolRoles` con una CLI
Los siguientes ejemplos de código muestran cómo utilizar `GetIdentityPoolRoles`.
------
#### [ CLI ]
**AWS CLI**
**Para obtener roles del grupo de identidades**
En este ejemplo, se obtienen los roles de grupos de identidades.
Comando:
```
aws cognito-identity get-identity-pool-roles --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111"
```
Salida:
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"Roles": {
"authenticated": "arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolAuth_Role",
"unauthenticated": "arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolUnauth_Role"
}
}
```
+ Para obtener más información sobre la API, consulte [GetIdentityPoolRoles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/get-identity-pool-roles.html)la *Referencia de AWS CLI comandos*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Obtención de información sobre los roles de un grupo de identidades específico.**
```
Get-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Salida:**
```
LoggedAt : 8/12/2015 4:33:51 PM
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
Roles : {[unauthenticated, arn:aws:iam::123456789012:role/CommonTests1Role]}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 165
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [GetIdentityPoolRoles Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Obtención de información sobre los roles de un grupo de identidades específico.**
```
Get-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Salida:**
```
LoggedAt : 8/12/2015 4:33:51 PM
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
Roles : {[unauthenticated, arn:aws:iam::123456789012:role/CommonTests1Role]}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 165
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [GetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ListIdentityPools` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ListIdentityPools`.
------
#### [ CLI ]
**AWS CLI**
**Para mostrar grupos de identidades**
En este ejemplo, se muestran los grupos de identidades. Hay un máximo de 20 identidades en la lista.
Comando:
```
aws cognito-identity list-identity-pools --max-results 20
```
Salida:
```
{
"IdentityPools": [
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool"
},
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "AnotherIdentityPool"
},
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "IdentityPoolRegionA"
}
]
}
```
+ Para obtener más información sobre la API, consulte [ListIdentityPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/list-identity-pools.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.ListIdentityPoolsRequest;
import software.amazon.awssdk.services.cognitoidentity.model.ListIdentityPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListIdentityPools {
public static void main(String[] args) {
CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.build();
listIdPools(cognitoClient);
cognitoClient.close();
}
public static void listIdPools(CognitoIdentityClient cognitoClient) {
try {
ListIdentityPoolsRequest poolsRequest = ListIdentityPoolsRequest.builder()
.maxResults(15)
.build();
ListIdentityPoolsResponse response = cognitoClient.listIdentityPools(poolsRequest);
response.identityPools().forEach(pool -> {
System.out.println("Pool ID: " + pool.identityPoolId());
System.out.println("Pool name: " + pool.identityPoolName());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListIdentityPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/ListIdentityPools)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Recuperación de una lista de grupos de identidades existentes.**
```
Get-CGIIdentityPoolList
```
**Salida:**
```
IdentityPoolId IdentityPoolName
-------------- ----------------
us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 CommonTests1
us-east-1:118d242d-204e-4b88-b803-EXAMPLEGUID2 Tests2
us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 CommonTests13
```
+ Para obtener más información sobre la API, consulte [ListIdentityPools Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Recuperación de una lista de grupos de identidades existentes.**
```
Get-CGIIdentityPoolList
```
**Salida:**
```
IdentityPoolId IdentityPoolName
-------------- ----------------
us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 CommonTests1
us-east-1:118d242d-204e-4b88-b803-EXAMPLEGUID2 Tests2
us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 CommonTests13
```
+ Para obtener más información sobre la API, consulte [ListIdentityPools](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples).
```
import AWSCognitoIdentity
/// Return the ID of the identity pool with the specified name.
///
/// - Parameters:
/// - name: The name of the identity pool whose ID should be returned.
///
/// - Returns: A string containing the ID of the specified identity pool
/// or `nil` on error or if not found.
///
func getIdentityPoolID(name: String) async throws -> String? {
let listPoolsInput = ListIdentityPoolsInput(maxResults: 25)
// Use "Paginated" to get all the objects.
// This lets the SDK handle the 'nextToken' field in "ListIdentityPoolsOutput".
let pages = cognitoIdentityClient.listIdentityPoolsPaginated(input: listPoolsInput)
do {
for try await page in pages {
guard let identityPools = page.identityPools else {
print("ERROR: listIdentityPoolsPaginated returned nil contents.")
continue
}
/// Read pages of identity pools from Cognito until one is found
/// whose name matches the one specified in the `name` parameter.
/// Return the matching pool's ID.
for pool in identityPools {
if pool.identityPoolName == name {
return pool.identityPoolId!
}
}
}
} catch {
print("ERROR: getIdentityPoolID:", dump(error))
throw error
}
return nil
}
```
Obtenga el ID de un grupo de identidades existente o créelo si aún no existe.
```
import AWSCognitoIdentity
/// Return the ID of the identity pool with the specified name.
///
/// - Parameters:
/// - name: The name of the identity pool whose ID should be returned
///
/// - Returns: A string containing the ID of the specified identity pool.
/// Returns `nil` if there's an error or if the pool isn't found.
///
public func getOrCreateIdentityPoolID(name: String) async throws -> String? {
// See if the pool already exists. If it doesn't, create it.
do {
guard let poolId = try await getIdentityPoolID(name: name) else {
return try await createIdentityPool(name: name)
}
return poolId
} catch {
print("ERROR: getOrCreateIdentityPoolID:", dump(error))
throw error
}
}
```
+ Para obtener información, consulte [Guía para desarrolladores del SDK de AWS SDK para Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html).
+ Para obtener más información sobre la API, consulta [ListIdentityPools](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/listidentitypools(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Utilizar `SetIdentityPoolRoles` con una CLI
Los siguientes ejemplos de código muestran cómo utilizar `SetIdentityPoolRoles`.
------
#### [ CLI ]
**AWS CLI**
**Para establecer roles del grupo de identidades**
En el siguiente ejemplo de `set-identity-pool-roles`, se establecen roles para un grupo de identidades.
```
aws cognito-identity set-identity-pool-roles \
--identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" \
--roles authenticated="arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolAuth_Role"
```
+ Para obtener más información sobre la API, consulte [SetIdentityPoolRoles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/set-identity-pool-roles.html)la *Referencia de AWS CLI comandos*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Configuración del grupo de identidades específico para que tenga un rol de IAM no autenticado.**
```
Set-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -Role @{ "unauthenticated" = "arn:aws:iam::123456789012:role/CommonTests1Role" }
```
+ Para obtener más información sobre la API, consulte [SetIdentityPoolRoles Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Configuración del grupo de identidades específico para que tenga un rol de IAM no autenticado.**
```
Set-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -Role @{ "unauthenticated" = "arn:aws:iam::123456789012:role/CommonTests1Role" }
```
+ Para obtener más información sobre la API, consulte [SetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Utilizar `UpdateIdentityPool` con una CLI
Los siguientes ejemplos de código muestran cómo utilizar `UpdateIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Para actualizar un grupo de identidades**
En este ejemplo, se actualiza un grupo de identidades. Establece el nombre en MyIdentityPool. Añade Cognito como un proveedor de identidades. No permite las identidades no autenticadas.
Comando:
```
aws cognito-identity update-identity-pool --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" --identity-pool-name "MyIdentityPool" --no-allow-unauthenticated-identities --cognito-identity-providers ProviderName="cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",ClientId="3n4b5urk1ft4fl3mg5e62d9ado",ServerSideTokenCheck=false
```
Salida:
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",
"ClientId": "3n4b5urk1ft4fl3mg5e62d9ado",
"ServerSideTokenCheck": false
}
]
}
```
+ Para obtener más información sobre la API, consulte [UpdateIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/update-identity-pool.html)la *Referencia de AWS CLI comandos*.
------
#### [ PowerShell ]
**Herramientas para la PowerShell versión 4**
**Ejemplo 1: Actualización de algunas de las propiedades del grupo de identidades, en este caso el nombre del grupo de identidades.**
```
Update-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -IdentityPoolName NewPoolName
```
**Salida:**
```
LoggedAt : 8/12/2015 4:53:33 PM
AllowUnauthenticatedIdentities : False
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : NewPoolName
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 135
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [UpdateIdentityPool Herramientas de AWS para PowerShell](https://docs.aws.amazon.com/powershell/v4/reference)*Cmdlet Reference (V4)*.
**Herramientas para la versión 5 PowerShell **
**Ejemplo 1: Actualización de algunas de las propiedades del grupo de identidades, en este caso el nombre del grupo de identidades.**
```
Update-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -IdentityPoolName NewPoolName
```
**Salida:**
```
LoggedAt : 8/12/2015 4:53:33 PM
AllowUnauthenticatedIdentities : False
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : NewPoolName
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 135
HttpStatusCode : OK
```
+ Para obtener más información sobre la API, consulte [UpdateIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)la *referencia de Herramientas de AWS para PowerShell cmdlets (*V5).
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Escenarios de uso de Amazon Cognito Identity AWS SDKs
Los siguientes ejemplos de código muestran cómo implementar escenarios comunes en Amazon Cognito Identity con. AWS SDKs Estos escenarios muestran cómo realizar tareas específicas llamando a varias funciones dentro de la identidad de Amazon Cognito o en combinación con otros Servicios de AWS. En cada escenario se incluye un enlace al código fuente completo, con instrucciones de configuración y ejecución del código.
Los escenarios requieren un nivel intermedio de experiencia para entender las acciones de servicio en su contexto.
**Topics**
+ [Creación de una aplicación de exploración de Amazon Textract](cognito-identity_example_cross_TextractExplorer_section.md)
# Creación de una aplicación de exploración de Amazon Textract
Los siguientes ejemplos de código indican cómo explorar la salida de Amazon Textract mediante una aplicación interactiva.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Muestra cómo utilizarla AWS SDK para JavaScript para crear una aplicación de React que utilice Amazon Textract para extraer datos de la imagen de un documento y mostrarlos en una página web interactiva. Este ejemplo se ejecuta en un navegador web y requiere una identidad autenticada de Amazon Cognito para las credenciales. Para el almacenamiento utiliza Amazon Simple Storage Service (Amazon S3) y para las notificaciones consulta una cola de Amazon Simple Queue Service (Amazon SQS) que está suscrita a un tema de Amazon Simple Notification Service (Amazon SNS).
Para obtener el código fuente completo y las instrucciones sobre cómo configurarlo y ejecutarlo, consulte el ejemplo completo en [GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/textract-react).
**Servicios utilizados en este ejemplo**
+ Amazon Cognito Identity
+ Amazon S3
+ Amazon SNS
+ Amazon SQS
+ Amazon Textract
------
#### [ Python ]
**SDK para Python (Boto3)**
Muestra cómo utilizar Amazon Textract para detectar elementos de texto, formulario y tabla en una imagen de documento. AWS SDK para Python (Boto3) La imagen de entrada y la salida de Amazon Textract aparecen en una aplicación Tkinter que permite explorar los elementos detectados.
+ Envía la imagen de un documento a Amazon Textract y explora el resultado de los elementos detectados.
+ Envía imágenes directamente a Amazon Textract o mediante un bucket de Amazon Simple Storage Service (Amazon S3).
+ Utilice la función asincrónica APIs para iniciar un trabajo que publique una notificación en un tema del Amazon Simple Notification Service (Amazon SNS) cuando se complete el trabajo.
+ Consulta una cola de Amazon Simple Queue Service (Amazon SQS) en busca de un mensaje de finalización de trabajo y muestra los resultados.
Para obtener el código fuente completo y las instrucciones sobre cómo configurarlo y ejecutarlo, consulte el ejemplo completo en. [GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/cross_service/textract_explorer)
**Servicios utilizados en este ejemplo**
+ Amazon Cognito Identity
+ Amazon S3
+ Amazon SNS
+ Amazon SQS
+ Amazon Textract
------
Para obtener una lista completa de las guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Ejemplos de código para Amazon Cognito Identity Provider mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo utilizar Amazon Cognito Identity Provider con un kit de desarrollo de AWS software (SDK).
Las *acciones* son extractos de código de programas más grandes y deben ejecutarse en contexto. Mientras las acciones muestran cómo llamar a las distintas funciones de servicio, es posible ver las acciones en contexto en los escenarios relacionados.
Los *escenarios* son ejemplos de código que muestran cómo llevar a cabo una tarea específica a través de llamadas a varias funciones dentro del servicio o combinado con otros Servicios de AWS.
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
**Contents**
+ [Conceptos básicos](service_code_examples_cognito-identity-provider_basics.md)
+ [Introducción a Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [Acciones](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
+ [Escenarios](service_code_examples_cognito-identity-provider_scenarios.md)
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Uso de los grupos de identidades de Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md)
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
# Ejemplos básicos de Amazon Cognito Identity Provider mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo utilizar los aspectos básicos de Amazon Cognito Identity Provider con. AWS SDKs
**Contents**
+ [Introducción a Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [Acciones](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
# Introducción a Amazon Cognito
En los siguientes ejemplos de código se muestra cómo empezar a utilizar Amazon Cognito.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito/hello_cognito#code-examples).
Código para el CMake archivo CMake Lists.txt.
```
# Set the minimum required version of CMake for this project.
cmake_minimum_required(VERSION 3.13)
# Set the AWS service components used by this project.
set(SERVICE_COMPONENTS cognito-idp)
# Set this project's name.
project("hello_cognito")
# Set the C++ standard to use to build this target.
# At least C++ 11 is required for the AWS SDK for C++.
set(CMAKE_CXX_STANDARD 11)
# Use the MSVC variable to determine if this is a Windows build.
set(WINDOWS_BUILD ${MSVC})
if (WINDOWS_BUILD) # Set the location where CMake can find the installed libraries for the AWS SDK.
string(REPLACE ";" "/aws-cpp-sdk-all;" SYSTEM_MODULE_PATH "${CMAKE_SYSTEM_PREFIX_PATH}/aws-cpp-sdk-all")
list(APPEND CMAKE_PREFIX_PATH ${SYSTEM_MODULE_PATH})
endif ()
# Find the AWS SDK for C++ package.
find_package(AWSSDK REQUIRED COMPONENTS ${SERVICE_COMPONENTS})
if (WINDOWS_BUILD AND AWSSDK_INSTALL_AS_SHARED_LIBS)
# Copy relevant AWS SDK for C++ libraries into the current binary directory for running and debugging.
# set(BIN_SUB_DIR "/Debug") # If you are building from the command line, you may need to uncomment this
# and set the proper subdirectory to the executables' location.
AWSSDK_CPY_DYN_LIBS(SERVICE_COMPONENTS "" ${CMAKE_CURRENT_BINARY_DIR}${BIN_SUB_DIR})
endif ()
add_executable(${PROJECT_NAME}
hello_cognito.cpp)
target_link_libraries(${PROJECT_NAME}
${AWSSDK_LINK_LIBRARIES})
```
Código del archivo de origen hello\$1cognito.cpp.
```
#include
#include
#include
#include
/*
* A "Hello Cognito" starter application which initializes an Amazon Cognito client and lists the Amazon Cognito
* user pools.
*
* main function
*
* Usage: 'hello_cognito'
*
*/
int main(int argc, char **argv) {
Aws::SDKOptions options;
// Optionally change the log level for debugging.
// options.loggingOptions.logLevel = Utils::Logging::LogLevel::Debug;
Aws::InitAPI(options); // Should only be called once.
int result = 0;
{
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient cognitoClient(clientConfig);
Aws::String nextToken; // Used for pagination.
std::vector userPools;
do {
Aws::CognitoIdentityProvider::Model::ListUserPoolsRequest listUserPoolsRequest;
if (!nextToken.empty()) {
listUserPoolsRequest.SetNextToken(nextToken);
}
Aws::CognitoIdentityProvider::Model::ListUserPoolsOutcome listUserPoolsOutcome =
cognitoClient.ListUserPools(listUserPoolsRequest);
if (listUserPoolsOutcome.IsSuccess()) {
for (auto &userPool: listUserPoolsOutcome.GetResult().GetUserPools()) {
userPools.push_back(userPool.GetName());
}
nextToken = listUserPoolsOutcome.GetResult().GetNextToken();
} else {
std::cerr << "ListUserPools error: " << listUserPoolsOutcome.GetError().GetMessage() << std::endl;
result = 1;
break;
}
} while (!nextToken.empty());
std::cout << userPools.size() << " user pools found." << std::endl;
for (auto &userPool: userPools) {
std::cout << " user pool: " << userPool << std::endl;
}
}
Aws::ShutdownAPI(options); // Should only be called once.
return result;
}
```
+ Para obtener más información sobre la API, consulte [ListUserPools](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPools)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
// main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service
// (Amazon SNS) client and list the topics in your account.
// This example uses the default settings specified in your shared credentials
// and config files.
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
fmt.Println("Couldn't load default configuration. Have you set up your AWS account?")
fmt.Println(err)
return
}
cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig)
fmt.Println("Let's list the user pools for your account.")
var pools []types.UserPoolDescriptionType
paginator := cognitoidentityprovider.NewListUserPoolsPaginator(
cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)})
for paginator.HasMorePages() {
output, err := paginator.NextPage(ctx)
if err != nil {
log.Printf("Couldn't get user pools. Here's why: %v\n", err)
} else {
pools = append(pools, output.UserPools...)
}
}
if len(pools) == 0 {
fmt.Println("You don't have any user pools!")
} else {
for _, pool := range pools {
fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id)
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)la *Referencia AWS SDK para Go de la API*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
import {
paginateListUserPools,
CognitoIdentityProviderClient,
} from "@aws-sdk/client-cognito-identity-provider";
const client = new CognitoIdentityProviderClient({});
export const helloCognito = async () => {
const paginator = paginateListUserPools({ client }, {});
const userPoolNames = [];
for await (const page of paginator) {
const names = page.UserPools.map((pool) => pool.Name);
userPoolNames.push(...names);
}
console.log("User pool names: ");
console.log(userPoolNames.join("\n"));
return userPoolNames;
};
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUserPoolsCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
import boto3
# Create a Cognito Identity Provider client
cognitoidp = boto3.client("cognito-idp")
# Initialize a paginator for the list_user_pools operation
paginator = cognitoidp.get_paginator("list_user_pools")
# Create a PageIterator from the paginator
page_iterator = paginator.paginate(MaxResults=10)
# Initialize variables for pagination
user_pools = []
# Handle pagination
for page in page_iterator:
user_pools.extend(page.get("UserPools", []))
# Print the list of user pools
print("User Pools for the account:")
if user_pools:
for pool in user_pools:
print(f"Name: {pool['Name']}, ID: {pool['Id']}")
else:
print("No user pools found.")
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserPools)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ Ruby ]
**SDK para Ruby**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/cognito#code-examples).
```
require 'aws-sdk-cognitoidentityprovider'
require 'logger'
# CognitoManager is a class responsible for managing AWS Cognito operations
# such as listing all user pools in the current AWS account.
class CognitoManager
def initialize(client)
@client = client
@logger = Logger.new($stdout)
end
# Lists and prints all user pools associated with the AWS account.
def list_user_pools
paginator = @client.list_user_pools(max_results: 10)
user_pools = []
paginator.each_page do |page|
user_pools.concat(page.user_pools)
end
if user_pools.empty?
@logger.info('No Cognito user pools found.')
else
user_pools.each do |user_pool|
@logger.info("User pool ID: #{user_pool.id}")
@logger.info("User pool name: #{user_pool.name}")
@logger.info("User pool status: #{user_pool.status}")
@logger.info('---')
end
end
end
end
if $PROGRAM_NAME == __FILE__
cognito_client = Aws::CognitoIdentityProvider::Client.new
manager = CognitoManager.new(cognito_client)
manager.list_user_pools
end
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.aws.amazon.com/goto/SdkForRubyV3/cognito-idp-2016-04-18/ListUserPools)la *Referencia AWS SDK para Ruby de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Acciones para el proveedor de identidad de Amazon Cognito mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo realizar acciones individuales del proveedor de identidad de Amazon Cognito con. AWS SDKs Cada ejemplo incluye un enlace a GitHub, donde puede encontrar instrucciones para configurar y ejecutar el código.
Estos fragmentos llaman a la API de proveedor de identidades de Amazon Cognito y son fragmentos de código de programas más grandes que se deben ejecutar en contexto. Puede ver las acciones en contexto en [Escenarios en los que Amazon Cognito Identity Provider utiliza AWS SDKs](service_code_examples_cognito-identity-provider_scenarios.md).
Los siguientes ejemplos incluyen solo las acciones que se utilizan con mayor frecuencia. Para consultar la lista completa, consulte [Amazon Cognito Identity Provider API Reference](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/Welcome.html) (Referencia de la API de Amazon Cognito Identity Provider).
**Topics**
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
# Úselo `AdminCreateUser` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `AdminCreateUser`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**Para crear un usuario**
En el siguiente ejemplo `admin-create-user`, se crea un usuario con la dirección de correo electrónico y el número de teléfono especificados.
```
aws cognito-idp admin-create-user \
--user-pool-id us-west-2_aaaaaaaaa \
--username diego \
--user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \
--message-action SUPPRESS
```
Salida:
```
{
"User": {
"Username": "diego",
"Attributes": [
{
"Name": "sub",
"Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2"
},
{
"Name": "phone_number",
"Value": "+15555551212"
},
{
"Name": "email",
"Value": "diego@example.com"
}
],
"UserCreateDate": 1548099495.428,
"UserLastModifiedDate": 1548099495.428,
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD"
}
}
```
+ Para obtener más información sobre la API, consulte [AdminCreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-create-user.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
+ Para obtener más información sobre la API, consulta [AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)la *Referencia AWS SDK para Go de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `AdminGetUser` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `AdminGetUser`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Get the specified user from an Amazon Cognito user pool with administrator access.
///
/// The name of the user.
/// The Id of the Amazon Cognito user pool.
/// Async task.
public async Task GetAdminUserAsync(string userName, string poolId)
{
AdminGetUserRequest userRequest = new AdminGetUserRequest
{
Username = userName,
UserPoolId = poolId,
};
var response = await _cognitoService.AdminGetUserAsync(userRequest);
Console.WriteLine($"User status {response.UserStatus}");
return response.UserStatus;
}
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Para obtener un usuario**
En este ejemplo se obtiene información sobre el nombre de usuario jane@example.com.
Comando:
```
aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com
```
Salida:
```
{
"Username": "4320de44-2322-4620-999b-5e2e1c8df013",
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD",
"UserCreateDate": 1548108509.537,
"UserAttributes": [
{
"Name": "sub",
"Value": "4320de44-2322-4620-999b-5e2e1c8df013"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "phone_number_verified",
"Value": "true"
},
{
"Name": "phone_number",
"Value": "+01115551212"
},
{
"Name": "email",
"Value": "jane@example.com"
}
],
"UserLastModifiedDate": 1548108509.537
}
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-user.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples).
```
const adminGetUser = ({ userPoolId, username }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminGetUserCommand({
UserPoolId: userPoolId,
Username: username,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Get information about a specific user in a user pool.
///
/// - Parameters:
/// - cipClient: The Amazon Cognito Identity Provider client to use.
/// - userName: The user to retrieve information about.
/// - userPoolId: The user pool to search for the specified user.
///
/// - Returns: `true` if the user's information was successfully
/// retrieved. Otherwise returns `false`.
func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String,
userPoolId: String) async -> Bool {
do {
let output = try await cipClient.adminGetUser(
input: AdminGetUserInput(
userPoolId: userPoolId,
username: userName
)
)
guard let userStatus = output.userStatus else {
print("*** Unable to get the user's status.")
return false
}
print("User status: \(userStatus)")
return true
} catch {
return false
}
}
```
+ Para obtener más información sobre la API, consulta [AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `AdminInitiateAuth` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `AdminInitiateAuth`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Initiate an admin auth request.
///
/// The client ID to use.
/// The ID of the user pool.
/// The username to authenticate.
/// The user's password.
/// The session to use in challenge-response.
public async Task AdminInitiateAuthAsync(string clientId, string userPoolId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var request = new AdminInitiateAuthRequest
{
ClientId = clientId,
UserPoolId = userPoolId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
};
var response = await _cognitoService.AdminInitiateAuthAsync(request);
return response.Session;
}
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Inicio de sesión de un usuario como administrador**
En el siguiente ejemplo de `admin-initiate-auth`, se inicia la sesión del usuario diego@example.com. Este ejemplo también incluye metadatos para la protección contra amenazas y ClientMetadata para los activadores Lambda. El usuario está configurado para MFA con TOTP y recibe el desafío de proporcionar un código desde la aplicación del autenticador antes de poder completar la autenticación.
```
aws cognito-idp admin-initiate-auth \
--user-pool-id us-west-2_EXAMPLE \
--client-id 1example23456789 \
--auth-flow ADMIN_USER_PASSWORD_AUTH \
--auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \
--context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \
--client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}"
```
Salida:
```
{
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": "AYABeExample...",
"ChallengeParameters": {
"FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp",
"USER_ID_FOR_SRP": "diego@example.com"
}
}
```
Para obtener más información, consulte [Flujo de autenticación de administrador](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulte [AdminInitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-initiate-auth.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples).
```
const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminInitiateAuthCommand({
ClientId: clientId,
UserPoolId: userPoolId,
AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
AuthParameters: { USERNAME: username, PASSWORD: password },
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def start_sign_in(self, user_name, password):
"""
Starts the sign-in process for a user by using administrator credentials.
This method of signing in is appropriate for code running on a secure server.
If the user pool is configured to require MFA and this is the first sign-in
for the user, Amazon Cognito returns a challenge response to set up an
MFA application. When this occurs, this function gets an MFA secret from
Amazon Cognito and returns it to the caller.
:param user_name: The name of the user to sign in.
:param password: The user's password.
:return: The result of the sign-in attempt. When sign-in is successful, this
returns an access token that can be used to get AWS credentials. Otherwise,
Amazon Cognito returns a challenge to set up an MFA application,
or a challenge to enter an MFA code from a registered MFA application.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"AuthFlow": "ADMIN_USER_PASSWORD_AUTH",
"AuthParameters": {"USERNAME": user_name, "PASSWORD": password},
}
if self.client_secret is not None:
kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name)
response = self.cognito_idp_client.admin_initiate_auth(**kwargs)
challenge_name = response.get("ChallengeName", None)
if challenge_name == "MFA_SETUP":
if (
"SOFTWARE_TOKEN_MFA"
in response["ChallengeParameters"]["MFAS_CAN_SETUP"]
):
response.update(self.get_mfa_secret(response["Session"]))
else:
raise RuntimeError(
"The user pool requires MFA setup, but the user pool is not "
"configured for TOTP MFA. This example requires TOTP MFA."
)
except ClientError as err:
logger.error(
"Couldn't start sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**SDK para SAP ABAP**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
" Set up authentication parameters
DATA(lt_auth_params) = VALUE /aws1/cl_cgpauthparamstype_w=>tt_authparameterstype(
( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow(
key = 'USERNAME'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_user_name ) ) )
( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow(
key = 'PASSWORD'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_password ) ) )
).
" Add SECRET_HASH if provided
IF iv_secret_hash IS NOT INITIAL.
INSERT VALUE #(
key = 'SECRET_HASH'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_secret_hash )
) INTO TABLE lt_auth_params.
ENDIF.
oo_result = lo_cgp->admininitiateauth(
iv_userpoolid = iv_user_pool_id
iv_clientid = iv_client_id
iv_authflow = 'ADMIN_USER_PASSWORD_AUTH'
it_authparameters = lt_auth_params
).
DATA(lv_challenge) = oo_result->get_challengename( ).
IF lv_challenge IS INITIAL.
MESSAGE 'User successfully signed in.' TYPE 'I'.
ELSE.
MESSAGE |Authentication challenge required: { lv_challenge }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpusernotfoundex INTO DATA(lo_user_ex).
MESSAGE |User { iv_user_name } not found.| TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized. Check credentials.' TYPE 'E'.
ENDTRY.
```
+ Para obtener más información sobre la API, consulte [AdminInitiateAuth](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la *referencia sobre la API ABAP del AWS SDK para SAP*.
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Begin an authentication session.
///
/// - Parameters:
/// - cipClient: The `CongitoIdentityProviderClient` to use.
/// - clientId: The app client ID to use.
/// - userName: The username to check.
/// - password: The user's password.
/// - userPoolId: The user pool to use.
///
/// - Returns: The session token associated with this authentication
/// session.
func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, password: String,
userPoolId: String) async -> String? {
var authParams: [String: String] = [:]
authParams["USERNAME"] = userName
authParams["PASSWORD"] = password
do {
let output = try await cipClient.adminInitiateAuth(
input: AdminInitiateAuthInput(
authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth,
authParameters: authParams,
clientId: clientId,
userPoolId: userPoolId
)
)
guard let challengeName = output.challengeName else {
print("*** Invalid response from the auth service.")
return nil
}
print("=====> Response challenge is \(challengeName)")
return output.session
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return nil
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return nil
} catch {
print("*** An unexpected error occurred.")
return nil
}
}
```
+ Para obtener más información sobre la API, consulta [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `AdminRespondToAuthChallenge` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `AdminRespondToAuthChallenge`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Respond to an admin authentication challenge.
///
/// The name of the user.
/// The client ID.
/// The multi-factor authentication code.
/// The current application session.
/// The user pool ID.
/// The result of the authentication response.
public async Task AdminRespondToAuthChallengeAsync(
string userName,
string clientId,
string mfaCode,
string session,
string userPoolId)
{
Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated");
var challengeResponses = new Dictionary();
challengeResponses.Add("USERNAME", userName);
challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
var respondToAuthChallengeRequest = new AdminRespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA,
ClientId = clientId,
ChallengeResponses = challengeResponses,
Session = session,
UserPoolId = userPoolId,
};
var response = await _cognitoService.AdminRespondToAuthChallengeAsync(respondToAuthChallengeRequest);
Console.WriteLine($"Response to Authentication {response.AuthenticationResult.TokenType}");
return response.AuthenticationResult;
}
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Respuesta a un desafío de autenticación**
Hay muchas maneras de responder a los diferentes desafíos de autenticación, en función del flujo de autenticación, la configuración del grupo de usuarios y los ajustes de los usuarios. En el siguiente ejemplo de `admin-respond-to-auth-challenge`, se proporciona un código MFA con TOTP para diego@example.com y se completa el inicio de sesión. Este grupo de usuarios tiene activada la función de recordar dispositivos, por lo que el resultado de la autenticación también devuelve una nueva clave de dispositivo.
```
aws cognito-idp admin-respond-to-auth-challenge \
--user-pool-id us-west-2_EXAMPLE \
--client-id 1example23456789 \
--challenge-name SOFTWARE_TOKEN_MFA \
--challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \
--session AYABeExample...
```
Salida:
```
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-ExAmPlE1"
}
}
}
```
Para obtener más información, consulte [Flujo de autenticación de administrador](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const adminRespondToAuthChallenge = ({
userPoolId,
clientId,
username,
totp,
session,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminRespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: totp,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Para responder a un desafío de MFA, proporcione un código generado por una aplicación MFA asociada.
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def respond_to_mfa_challenge(self, user_name, session, mfa_code):
"""
Responds to a challenge for an MFA code. This completes the second step of
a two-factor sign-in. When sign-in is successful, it returns an access token
that can be used to get AWS credentials from Amazon Cognito.
:param user_name: The name of the user who is signing in.
:param session: Session information returned from a previous call to initiate
authentication.
:param mfa_code: A code generated by the associated MFA application.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": session,
"ChallengeResponses": {
"USERNAME": user_name,
"SOFTWARE_TOKEN_MFA_CODE": mfa_code,
},
}
if self.client_secret is not None:
kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash(
user_name
)
response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs)
auth_result = response["AuthenticationResult"]
except ClientError as err:
if err.response["Error"]["Code"] == "ExpiredCodeException":
logger.warning(
"Your MFA code has expired or has been used already. You might have "
"to wait a few seconds until your app shows you a new code."
)
else:
logger.error(
"Couldn't respond to mfa challenge for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_result
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**SDK para SAP ABAP**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
" Build challenge responses
DATA(lt_challenge_responses) = VALUE /aws1/cl_cgpchallengerspstyp00=>tt_challengeresponsestype(
( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow(
key = 'USERNAME'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_user_name ) ) )
( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow(
key = 'SOFTWARE_TOKEN_MFA_CODE'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_mfa_code ) ) )
).
" Add SECRET_HASH if provided
IF iv_secret_hash IS NOT INITIAL.
INSERT VALUE #(
key = 'SECRET_HASH'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_secret_hash )
) INTO TABLE lt_challenge_responses.
ENDIF.
DATA(lo_result) = lo_cgp->adminrespondtoauthchallenge(
iv_userpoolid = iv_user_pool_id
iv_clientid = iv_client_id
iv_challengename = 'SOFTWARE_TOKEN_MFA'
it_challengeresponses = lt_challenge_responses
iv_session = iv_session
).
oo_auth_result = lo_result->get_authenticationresult( ).
IF oo_auth_result IS BOUND.
MESSAGE 'MFA challenge completed successfully.' TYPE 'I'.
ELSE.
" Another challenge might be required
DATA(lv_next_challenge) = lo_result->get_challengename( ).
MESSAGE |Additional challenge required: { lv_next_challenge }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex).
MESSAGE 'Invalid MFA code provided.' TYPE 'E'.
CATCH /aws1/cx_cgpexpiredcodeex INTO DATA(lo_expired_ex).
MESSAGE 'MFA code has expired.' TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized. Check MFA configuration.' TYPE 'E'.
ENDTRY.
```
+ Para obtener más información sobre la API, consulte [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la *referencia sobre la API ABAP del AWS SDK para SAP*.
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Respond to the authentication challenge received from Cognito after
/// initiating an authentication session. This involves sending a current
/// MFA code to the service.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - userName: The user's username.
/// - clientId: The app client ID.
/// - userPoolId: The user pool to sign into.
/// - mfaCode: The 6-digit MFA code currently displayed by the user's
/// authenticator.
/// - session: The authentication session to continue processing.
func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String,
clientId: String, userPoolId: String, mfaCode: String,
session: String) async {
print("=====> SOFTWARE_TOKEN_MFA challenge is generated...")
var challengeResponsesOb: [String: String] = [:]
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
do {
let output = try await cipClient.adminRespondToAuthChallenge(
input: AdminRespondToAuthChallengeInput(
challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa,
challengeResponses: challengeResponsesOb,
clientId: clientId,
session: session,
userPoolId: userPoolId
)
)
guard let authenticationResult = output.authenticationResult else {
print("*** Unable to get authentication result.")
return
}
print("=====> Authentication result (JWTs are redacted):")
print(authenticationResult)
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return
} catch let error as NotAuthorizedException {
print("*** Unauthorized access. Reason: \(error.properties.message ?? "")")
} catch {
print("*** Error responding to the MFA challenge.")
return
}
}
```
+ Para obtener más información sobre la API, consulta [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `AdminSetUserPassword` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `AdminSetUserPassword`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**Configuración de una contraseña de usuario como administrador**
En el siguiente ejemplo de `admin-set-user-password`, se establece de forma permanente la contraseña de diego@example.com.
```
aws cognito-idp admin-set-user-password \
--user-pool-id us-west-2_EXAMPLE \
--username diego@example.com \
--password MyExamplePassword1! \
--permanent
```
Este comando no genera ninguna salida.
Para obtener más información, consulte [Contraseñas, recuperación de contraseñas y políticas de contraseñas](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulte [AdminSetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-password.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
+ Para obtener más información sobre la API, consulta [AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)la *Referencia AWS SDK para Go de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `AssociateSoftwareToken` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `AssociateSoftwareToken`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Get an MFA token to authenticate the user with the authenticator.
///
/// The session name.
/// The session name.
public async Task AssociateSoftwareTokenAsync(string session)
{
var softwareTokenRequest = new AssociateSoftwareTokenRequest
{
Session = session,
};
var tokenResponse = await _cognitoService.AssociateSoftwareTokenAsync(softwareTokenRequest);
var secretCode = tokenResponse.SecretCode;
Console.WriteLine($"Use the following secret code to set up the authenticator: {secretCode}");
return tokenResponse.Session;
}
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Generación de una clave secreta para una aplicación de autenticación MFA**
En el siguiente ejemplo de `associate-software-token`, se genera una clave privada TOTP para un usuario que ha iniciado sesión y ha recibido un token de acceso. La clave privada resultante se puede ingresar manualmente en una aplicación de autenticación o las aplicaciones pueden renderizarla como un código QR que el usuario puede escanear.
```
aws cognito-idp associate-software-token \
--access-token eyJra456defEXAMPLE
```
Salida:
```
{
"SecretCode": "QWERTYUIOP123456EXAMPLE"
}
```
Para obtener más información, consulte [MFA con token de software TOTP](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/associate-software-token.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const associateSoftwareToken = (session) => {
const client = new CognitoIdentityProviderClient({});
const command = new AssociateSoftwareTokenCommand({
Session: session,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def get_mfa_secret(self, session):
"""
Gets a token that can be used to associate an MFA application with the user.
:param session: Session information returned from a previous call to initiate
authentication.
:return: An MFA token that can be used to set up an MFA application.
"""
try:
response = self.cognito_idp_client.associate_software_token(Session=session)
except ClientError as err:
logger.error(
"Couldn't get MFA secret. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**SDK para SAP ABAP**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
DATA(lo_result) = lo_cgp->associatesoftwaretoken(
iv_session = iv_session
).
ov_secret_code = lo_result->get_secretcode( ).
MESSAGE 'MFA secret code generated successfully.' TYPE 'I'.
CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex).
MESSAGE 'Session not found or expired.' TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized to associate software token.' TYPE 'E'.
ENDTRY.
```
+ Para obtener más información sobre la API, consulte [AssociateSoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la *referencia sobre la API ABAP del AWS SDK para SAP*.
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Request and display an MFA secret token that the user should enter
/// into their authenticator to set it up for the user account.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - authSession: The authentication session to request an MFA secret
/// for.
///
/// - Returns: A string containing the MFA secret token that should be
/// entered into the authenticator software.
func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
do {
let output = try await cipClient.associateSoftwareToken(
input: AssociateSoftwareTokenInput(
session: authSession
)
)
guard let secretCode = output.secretCode else {
print("*** Unable to get the secret code")
return nil
}
print("=====> Enter this token into Google Authenticator: \(secretCode)")
return output.session
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return nil
} catch {
print("*** An unexpected error occurred getting the secret for the app's MFA.")
return nil
}
}
```
+ Para obtener más información sobre la API, consulta [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ConfirmDevice` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ConfirmDevice`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Initiates and confirms tracking of the device.
///
/// The user's access token.
/// The key of the device from Amazon Cognito.
/// The device name.
///
public async Task ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName)
{
var request = new ConfirmDeviceRequest
{
AccessToken = accessToken,
DeviceKey = deviceKey,
DeviceName = deviceName
};
var response = await _cognitoService.ConfirmDeviceAsync(request);
return response.UserConfirmationNecessary;
}
```
+ Para obtener más información sobre la API, consulta [ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice)la *Referencia AWS SDK para .NET de la API*.
------
#### [ CLI ]
**AWS CLI**
**Confirmación del dispositivo de un usuario**
En el siguiente ejemplo de `confirm-device`, se agrega un nuevo dispositivo recordado para el usuario actual.
```
aws cognito-idp confirm-device \
--access-token eyJra456defEXAMPLE \
--device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \
--device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0
```
Salida:
```
{
"UserConfirmationNecessary": false
}
```
Para obtener más información, consulte [Trabajo con dispositivos de usuario en el grupo de usuarios](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [ConfirmDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-device.html)la *Referencia de AWS CLI comandos*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const confirmDevice = ({ deviceKey, accessToken, passwordVerifier, salt }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmDeviceCommand({
DeviceKey: deviceKey,
AccessToken: accessToken,
DeviceSecretVerifierConfig: {
PasswordVerifier: passwordVerifier,
Salt: salt,
},
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def confirm_mfa_device(
self,
user_name,
device_key,
device_group_key,
device_password,
access_token,
aws_srp,
):
"""
Confirms an MFA device to be tracked by Amazon Cognito. When a device is
tracked, its key and password can be used to sign in without requiring a new
MFA code from the MFA application.
:param user_name: The user that is associated with the device.
:param device_key: The key of the device, returned by Amazon Cognito.
:param device_group_key: The group key of the device, returned by Amazon Cognito.
:param device_password: The password that is associated with the device.
:param access_token: The user's access token.
:param aws_srp: A class that helps with Secure Remote Password (SRP)
calculations. The scenario associated with this example uses
the warrant package.
:return: True when the user must confirm the device. Otherwise, False. When
False, the device is automatically confirmed and tracked.
"""
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
device_and_pw = f"{device_group_key}{device_key}:{device_password}"
device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8"))
salt = aws_srp.pad_hex(aws_srp.get_random(16))
x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash))
verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n))
device_secret_verifier_config = {
"PasswordVerifier": base64.standard_b64encode(
bytearray.fromhex(verifier)
).decode("utf-8"),
"Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"),
}
try:
response = self.cognito_idp_client.confirm_device(
AccessToken=access_token,
DeviceKey=device_key,
DeviceSecretVerifierConfig=device_secret_verifier_config,
)
user_confirm = response["UserConfirmationNecessary"]
except ClientError as err:
logger.error(
"Couldn't confirm mfa device %s. Here's why: %s: %s",
device_key,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return user_confirm
```
+ Para obtener más información sobre la API, consulta [ConfirmDevice](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)la *AWS Referencia de API de SDK for Python (Boto3*).
------
Para obtener una lista completa de las guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ConfirmForgotPassword` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ConfirmForgotPassword`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
------
#### [ CLI ]
**AWS CLI**
**Para confirmar una contraseña olvidada**
En este ejemplo, se confirma una contraseña olvidada del nombre de usuario diego@example.com.
Comando:
```
aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE
```
+ Para obtener más información sobre la API, consulte [ConfirmForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-forgot-password.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
```
+ Para obtener más información sobre la API, consulta [ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword)la *Referencia AWS SDK para Go de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ConfirmSignUp` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ConfirmSignUp`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Confirm that the user has signed up.
///
/// The Id of this application.
/// The confirmation code sent to the user.
/// The username.
/// True if successful.
public async Task ConfirmSignupAsync(string clientId, string code, string userName)
{
var signUpRequest = new ConfirmSignUpRequest
{
ClientId = clientId,
ConfirmationCode = code,
Username = userName,
};
var response = await _cognitoService.ConfirmSignUpAsync(signUpRequest);
if (response.HttpStatusCode == HttpStatusCode.OK)
{
Console.WriteLine($"{userName} was confirmed");
return true;
}
return false;
}
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Para confirmar la inscripción**
Este ejemplo confirma el registro del nombre de usuario diego@example.com.
Comando:
```
aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-sign-up.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const confirmSignUp = ({ clientId, username, code }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmSignUpCommand({
ClientId: clientId,
Username: username,
ConfirmationCode: code,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def confirm_user_sign_up(self, user_name, confirmation_code):
"""
Confirms a previously created user. A user must be confirmed before they
can sign in to Amazon Cognito.
:param user_name: The name of the user to confirm.
:param confirmation_code: The confirmation code sent to the user's registered
email address.
:return: True when the confirmation succeeds.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"ConfirmationCode": confirmation_code,
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
self.cognito_idp_client.confirm_sign_up(**kwargs)
except ClientError as err:
logger.error(
"Couldn't confirm sign up for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return True
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Submit a confirmation code for the specified user. This is the code as
/// entered by the user after they've received it by email or text
/// message.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The app client ID the user is signing up for.
/// - userName: The username of the user whose code is being sent.
/// - code: The user's confirmation code.
///
/// - Returns: `true` if the code was successfully confirmed; otherwise `false`.
func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, code: String) async -> Bool {
do {
_ = try await cipClient.confirmSignUp(
input: ConfirmSignUpInput(
clientId: clientId,
confirmationCode: code,
username: userName
)
)
print("=====> \(userName) has been confirmed.")
return true
} catch {
print("=====> \(userName)'s code was entered incorrectly.")
return false
}
}
```
+ Para obtener más información sobre la API, consulta [ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `CreateUserPool` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `CreateUserPool`.
------
#### [ CLI ]
**AWS CLI**
**Para crear un grupo de usuarios con una configuración mínima**
En este ejemplo, se crea un grupo de usuarios denominado MyUserPool con los valores predeterminados. No se requieren atributos ni clientes de aplicación. La MFA y la seguridad avanzada están deshabilitadas.
Comando:
```
aws cognito-idp create-user-pool --pool-name MyUserPool
```
Salida:
```
{
"UserPool": {
"SchemaAttributes": [
{
"Name": "sub",
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": true,
"AttributeDataType": "String",
"Mutable": false
},
{
"Name": "name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "given_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "family_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "middle_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "nickname",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "preferred_username",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "profile",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "picture",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "website",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "email",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "email_verified",
"Mutable": true
},
{
"Name": "gender",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "birthdate",
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "zoneinfo",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "locale",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "phone_number",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "phone_number_verified",
"Mutable": true
},
{
"Name": "address",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "updated_at",
"NumberAttributeConstraints": {
"MinValue": "0"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "Number",
"Mutable": true
}
],
"MfaConfiguration": "OFF",
"Name": "MyUserPool",
"LastModifiedDate": 1547833345.777,
"AdminCreateUserConfig": {
"UnusedAccountValidityDays": 7,
"AllowAdminCreateUserOnly": false
},
"EmailConfiguration": {},
"Policies": {
"PasswordPolicy": {
"RequireLowercase": true,
"RequireSymbols": true,
"RequireNumbers": true,
"MinimumLength": 8,
"RequireUppercase": true
}
},
"CreationDate": 1547833345.777,
"EstimatedNumberOfUsers": 0,
"Id": "us-west-2_aaaaaaaaa",
"LambdaConfig": {}
}
}
```
**Creación de un grupo de usuarios con dos atributos obligatorios**
En este ejemplo se crea un grupo de usuarios MyUserPool. El grupo está configurado para aceptar un correo electrónico como atributo de nombre de usuario. También establece la dirección de origen del correo electrónico en una dirección validada mediante Amazon Simple Email Service.
Comando:
```
aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com"
```
Salida:
```
{
"UserPool": {
"SchemaAttributes": [
{
"Name": "sub",
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": true,
"AttributeDataType": "String",
"Mutable": false
},
{
"Name": "name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "given_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "family_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "middle_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "nickname",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "preferred_username",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "profile",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "picture",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "website",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "email",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "email_verified",
"Mutable": true
},
{
"Name": "gender",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "birthdate",
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "zoneinfo",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "locale",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "phone_number",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "phone_number_verified",
"Mutable": true
},
{
"Name": "address",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "updated_at",
"NumberAttributeConstraints": {
"MinValue": "0"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "Number",
"Mutable": true
}
],
"MfaConfiguration": "OFF",
"Name": "MyUserPool",
"LastModifiedDate": 1547837788.189,
"AdminCreateUserConfig": {
"UnusedAccountValidityDays": 7,
"AllowAdminCreateUserOnly": false
},
"EmailConfiguration": {
"ReplyToEmailAddress": "jane@example.com",
"SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com"
},
"Policies": {
"PasswordPolicy": {
"RequireLowercase": true,
"RequireSymbols": true,
"RequireNumbers": true,
"MinimumLength": 8,
"RequireUppercase": true
}
},
"UsernameAttributes": [
"email"
],
"CreationDate": 1547837788.189,
"EstimatedNumberOfUsers": 0,
"Id": "us-west-2_aaaaaaaaa",
"LambdaConfig": {}
}
}
```
+ Para obtener más información sobre la API, consulte [CreateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolName - The name to give your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolName = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
String id = createPool(cognitoClient, userPoolName);
System.out.println("User pool ID: " + id);
cognitoClient.close();
}
public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName) {
try {
CreateUserPoolRequest request = CreateUserPoolRequest.builder()
.poolName(userPoolName)
.build();
CreateUserPoolResponse response = cognitoClient.createUserPool(request);
return response.userPool().id();
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
}
```
+ Para obtener más información sobre la API, consulta [CreateUserPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPool)la *Referencia AWS SDK for Java 2.x de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `CreateUserPoolClient` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `CreateUserPoolClient`.
------
#### [ CLI ]
**AWS CLI**
**Para crear un cliente de un grupo de usuarios**
En el siguiente `create-user-pool-client` ejemplo, se crea un nuevo cliente de grupo de usuarios con un secreto de cliente, atributos de lectura y escritura explícitos, se inicia sesión con el nombre de usuario, la contraseña y los flujos SRP, se inicia sesión con tres, se accede a un subconjunto de OAuth ámbitos IdPs, se analiza y se amplía la validez de la sesión de PinPoint autenticación.
```
aws cognito-idp create-user-pool-client \
--user-pool-id us-west-2_EXAMPLE \
--client-name MyTestClient \
--generate-secret \
--refresh-token-validity 10 \
--access-token-validity 60 \
--id-token-validity 60 \
--token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \
--read-attributes email phone_number email_verified phone_number_verified \
--write-attributes email phone_number \
--explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \
--supported-identity-providers Google Facebook MyOIDC \
--callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \
--allowed-o-auth-flows code implicit \
--allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \
--allowed-o-auth-flows-user-pool-client \
--analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \
--prevent-user-existence-errors ENABLED \
--enable-token-revocation \
--enable-propagate-additional-user-context-data \
--auth-session-validity 4
```
Salida:
```
{
"UserPoolClient": {
"UserPoolId": "us-west-2_EXAMPLE",
"ClientName": "MyTestClient",
"ClientId": "123abc456defEXAMPLE",
"ClientSecret": "this1234is5678my91011example1213client1415secret",
"LastModifiedDate": 1726788459.464,
"CreationDate": 1726788459.464,
"RefreshTokenValidity": 10,
"AccessTokenValidity": 60,
"IdTokenValidity": 60,
"TokenValidityUnits": {
"AccessToken": "minutes",
"IdToken": "minutes",
"RefreshToken": "days"
},
"ReadAttributes": [
"email_verified",
"phone_number_verified",
"phone_number",
"email"
],
"WriteAttributes": [
"phone_number",
"email"
],
"ExplicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"SupportedIdentityProviders": [
"Google",
"MyOIDC",
"Facebook"
],
"CallbackURLs": [
"https://example.com",
"https://www.amazon.com",
"myapp://example",
"http://localhost:8001"
],
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthScopes": [
"aws.cognito.signin.user.admin",
"openid",
"profile",
"solar-system-data/asteroids.add"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AnalyticsConfiguration": {
"ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid",
"RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp",
"UserDataShared": true
},
"PreventUserExistenceErrors": "ENABLED",
"EnableTokenRevocation": true,
"EnablePropagateAdditionalUserContextData": true,
"AuthSessionValidity": 4
}
}
```
Para obtener más información, consulte [Application-specific settings with app clients](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ *Para obtener más información sobre la API, consulte la Referencia de comandos. [CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)AWS CLI *
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
/**
* A user pool client app is an application that authenticates with Amazon
* Cognito user pools.
* When you create a user pool, you can configure app clients that allow mobile
* or web applications
* to call API operations to authenticate users, manage user attributes and
* profiles,
* and implement sign-up and sign-in flows.
*
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPoolClient {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
clientName - The name for the user pool client to create.
userPoolId - The ID for the user pool.
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientName = args[0];
String userPoolId = args[1];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
createPoolClient(cognitoClient, clientName, userPoolId);
cognitoClient.close();
}
public static void createPoolClient(CognitoIdentityProviderClient cognitoClient, String clientName,
String userPoolId) {
try {
CreateUserPoolClientRequest request = CreateUserPoolClientRequest.builder()
.clientName(clientName)
.userPoolId(userPoolId)
.build();
CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient(request);
System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: "
+ response.userPoolClient().clientId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [CreateUserPoolClient](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPoolClient)la *Referencia AWS SDK for Java 2.x de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `DeleteUser` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `DeleteUser`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en su contexto en los siguientes ejemplos de código:
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ Para obtener más información sobre la API, consulta [DeleteUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUser)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Para eliminar un usuario**
En este ejemplo se elimina un usuario.
Comando:
```
aws cognito-idp delete-user --access-token ACCESS_TOKEN
```
+ Para obtener más información sobre la API, consulta [DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
```
+ Para obtener más información sobre la API, consulta [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)la *Referencia AWS SDK para Go de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples).
```
/**
* Delete the signed-in user. Useful for allowing a user to delete their
* own profile.
* @param {{ region: string, accessToken: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>}
*/
export const deleteUser = async ({ region, accessToken }) => {
try {
const client = new CognitoIdentityProviderClient({ region });
const response = await client.send(
new DeleteUserCommand({ AccessToken: accessToken }),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ Para obtener más información sobre la API, consulta [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ForgotPassword` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ForgotPassword`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
------
#### [ CLI ]
**AWS CLI**
**Para obligar a cambiar de contraseña**
En el siguiente ejemplo de `forgot-password`, se envía un mensaje a jane@example.com para cambiar la contraseña.
```
aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com
```
Salida:
```
{
"CodeDeliveryDetails": {
"Destination": "j***@e***.com",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
}
```
+ Para obtener más información sobre la API, consulte [ForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forgot-password.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
```
+ Para obtener más información sobre la API, consulta [ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword)la *Referencia AWS SDK para Go de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `InitiateAuth` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `InitiateAuth`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en los siguientes ejemplos de código:
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Initiate authorization.
///
/// The client Id of the application.
/// The name of the user who is authenticating.
/// The password for the user who is authenticating.
/// The response from the initiate auth request.
public async Task InitiateAuthAsync(string clientId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var authRequest = new InitiateAuthRequest
{
ClientId = clientId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
};
var response = await _cognitoService.InitiateAuthAsync(authRequest);
Console.WriteLine($"Result Challenge is : {response.ChallengeName}");
return response;
}
```
+ Para obtener más información sobre la API, consulta [InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth)la *Referencia AWS SDK para .NET de la API*.
------
#### [ CLI ]
**AWS CLI**
**Inicio de sesión de un usuario**
En el siguiente ejemplo de `initiate-auth`, se inicia la sesión de un usuario con el flujo básico de nombre de usuario y contraseña, sin desafíos adicionales.
```
aws cognito-idp initiate-auth \
--auth-flow USER_PASSWORD_AUTH \
--client-id 1example23456789 \
--analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \
--auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue
```
Salida:
```
{
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-v7w9UcY6"
}
}
}
```
Para obtener más información, consulte [Autenticación](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [InitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/initiate-auth.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
```
+ Para obtener más información sobre la API, consulta [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)la *Referencia AWS SDK para Go de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const initiateAuth = ({ username, password, clientId }) => {
const client = new CognitoIdentityProviderClient({});
const command = new InitiateAuthCommand({
AuthFlow: AuthFlowType.USER_PASSWORD_AUTH,
AuthParameters: {
USERNAME: username,
PASSWORD: password,
},
ClientId: clientId,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
En este ejemplo, se muestra cómo iniciar la autenticación con un dispositivo del que se hace seguimiento. Para completar el inicio de sesión, el cliente debe responder correctamente a los desafíos relacionados con la contraseña remota segura (SRP).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
+ Para obtener más información sobre la API, consulta [InitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)la *AWS Referencia de API de SDK for Python (Boto3*).
------
Para obtener una lista completa de las guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ListUserPools` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ListUserPools`.
------
#### [ .NET ]
**SDK para .NET (v4)**
Hay más información GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/Cognito#code-examples).
```
///
/// List the Amazon Cognito user pools for an account.
///
/// A list of UserPoolDescriptionType objects.
public async Task> ListUserPoolsAsync()
{
var userPools = new List();
var userPoolsPaginator = _cognitoService.Paginators.ListUserPools(new ListUserPoolsRequest());
await foreach (var response in userPoolsPaginator.Responses)
{
userPools.AddRange(response.UserPools);
}
return userPools;
}
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.aws.amazon.com/goto/DotNetSDKV4/cognito-idp-2016-04-18/ListUserPools)la *Referencia AWS SDK para .NET de la API*.
------
#### [ CLI ]
**AWS CLI**
**Para mostrar los grupos de usuarios**
En el siguiente `list-user-pools` ejemplo, se enumeran 3 de los grupos de usuarios disponibles en la AWS cuenta de las credenciales de CLI actuales.
```
aws cognito-idp list-user-pools \
--max-results 3
```
Salida:
```
{
"NextToken": "[Pagination token]",
"UserPools": [
{
"CreationDate": 1681502497.741,
"Id": "us-west-2_EXAMPLE1",
"LambdaConfig": {
"CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreTokenGenerationConfig": {
"LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"LambdaVersion": "V1_0"
}
},
"LastModifiedDate": 1681502497.741,
"Name": "user pool 1"
},
{
"CreationDate": 1686064178.717,
"Id": "us-west-2_EXAMPLE2",
"LambdaConfig": {
},
"LastModifiedDate": 1686064178.873,
"Name": "user pool 2"
},
{
"CreationDate": 1627681712.237,
"Id": "us-west-2_EXAMPLE3",
"LambdaConfig": {
"UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction"
},
"LastModifiedDate": 1678486942.479,
"Name": "user pool 3"
}
]
}
```
Para obtener más información, consulte [Grupos de usuarios de Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulte [ListUserPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pools.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
// main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service
// (Amazon SNS) client and list the topics in your account.
// This example uses the default settings specified in your shared credentials
// and config files.
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
fmt.Println("Couldn't load default configuration. Have you set up your AWS account?")
fmt.Println(err)
return
}
cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig)
fmt.Println("Let's list the user pools for your account.")
var pools []types.UserPoolDescriptionType
paginator := cognitoidentityprovider.NewListUserPoolsPaginator(
cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)})
for paginator.HasMorePages() {
output, err := paginator.NextPage(ctx)
if err != nil {
log.Printf("Couldn't get user pools. Here's why: %v\n", err)
} else {
pools = append(pools, output.UserPools...)
}
}
if len(pools) == 0 {
fmt.Println("You don't have any user pools!")
} else {
for _, pool := range pools {
fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id)
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)la *Referencia AWS SDK para Go de la API*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ Rust ]
**SDK para Rust**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitoidentityprovider#code-examples).
```
async fn show_pools(client: &Client) -> Result<(), Error> {
let response = client.list_user_pools().max_results(10).send().await?;
let pools = response.user_pools();
println!("User pools:");
for pool in pools {
println!(" ID: {}", pool.id().unwrap_or_default());
println!(" Name: {}", pool.name().unwrap_or_default());
println!(" Lambda Config: {:?}", pool.lambda_config().unwrap());
println!(
" Last modified: {}",
pool.last_modified_date().unwrap().to_chrono_utc()?
);
println!(
" Creation date: {:?}",
pool.creation_date().unwrap().to_chrono_utc()
);
println!();
}
println!("Next token: {}", response.next_token().unwrap_or_default());
Ok(())
}
```
+ Para obtener más información sobre la API, consulta [ListUserPools](https://docs.rs/aws-sdk-cognitoidentityprovider/latest/aws_sdk_cognitoidentityprovider/client/struct.Client.html#method.list_user_pools)la *referencia sobre la API de AWS SDK para Rust*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ListUsers` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ListUsers`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Get a list of users for the Amazon Cognito user pool.
///
/// The user pool ID.
/// A list of users.
public async Task> ListUsersAsync(string userPoolId)
{
var request = new ListUsersRequest
{
UserPoolId = userPoolId
};
var users = new List();
var usersPaginator = _cognitoService.Paginators.ListUsers(request);
await foreach (var response in usersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
```
+ Para obtener más información sobre la API, consulta [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers)la *Referencia AWS SDK para .NET de la API*.
------
#### [ CLI ]
**AWS CLI**
**Ejemplo 1: muestra de usuarios con un filtro del servidor**
En el siguiente ejemplo de `list-users`, se muestran 3 usuarios del grupo de usuarios solicitado cuyas direcciones de correo electrónico comienzan por `testuser`.
```
aws cognito-idp list-users \
--user-pool-id us-west-2_EXAMPLE \
--filter email^=\"testuser\" \
--max-items 3
```
Salida:
```
{
"PaginationToken": "efgh5678EXAMPLE",
"Users": [
{
"Attributes": [
{
"Name": "sub",
"Value": "eaad0219-2117-439f-8d46-4db20e59268f"
},
{
"Name": "email",
"Value": "testuser@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1682955829.578,
"UserLastModifiedDate": 1689030181.63,
"UserStatus": "CONFIRMED",
"Username": "testuser"
},
{
"Attributes": [
{
"Name": "sub",
"Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90"
},
{
"Name": "email",
"Value": "testuser2@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1684427979.201,
"UserLastModifiedDate": 1684427979.201,
"UserStatus": "UNCONFIRMED",
"Username": "testuser2"
},
{
"Attributes": [
{
"Name": "sub",
"Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7"
},
{
"Name": "email",
"Value": "testuser3@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1684427823.641,
"UserLastModifiedDate": 1684427823.641,
"UserStatus": "UNCONFIRMED",
"Username": "testuser3@example.com"
}
]
}
```
Para obtener más información, consulte [Administración y búsqueda de usuarios](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) en la *Guía para desarrolladores de Amazon Cognito*.
**Ejemplo 2: muestra de usuarios con un filtro del cliente**
En el siguiente ejemplo de `list-users`, se muestran los atributos de tres usuarios que tienen un atributo, en este caso su dirección de correo electrónico, que contiene el dominio de correo electrónico "@example.com". Si otros atributos contuvieran esta cadena, también se mostrarían. El segundo usuario no tiene atributos que coincidan con la consulta y se excluye del resultado mostrado, pero no de la respuesta del servidor.
```
aws cognito-idp list-users \
--user-pool-id us-west-2_EXAMPLE \
--max-items 3
--query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\]
```
Salida:
```
[
[
{
"Name": "email",
"Value": "admin@example.com"
}
],
[],
[
{
"Name": "email",
"Value": "operator@example.com"
}
]
]
```
Para obtener más información, consulte [Administración y búsqueda de usuarios](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUsers {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolId - The ID given to your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolId = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUsers(cognitoClient, userPoolId);
listUsersFilter(cognitoClient, userPoolId);
cognitoClient.close();
}
public static void listAllUsers(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User " + user.username() + " Status " + user.userStatus() + " Created "
+ user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
// Shows how to list users by using a filter.
public static void listUsersFilter(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
String filter = "email = \"tblue@noserver.com\"";
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.filter(filter)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User with filter applied " + user.username() + " Status " + user.userStatus()
+ " Created " + user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const listUsers = ({ userPoolId }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ListUsersCommand({
UserPoolId: userPoolId,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun listAllUsers(userPoolId: String) {
val request =
ListUsersRequest {
this.userPoolId = userPoolId
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { cognitoClient ->
val response = cognitoClient.listUsers(request)
response.users?.forEach { user ->
println("The user name is ${user.username}")
}
}
}
```
+ Para obtener más información sobre la API, consulta [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def list_users(self):
"""
Returns a list of the users in the current user pool.
:return: The list of users.
"""
try:
response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id)
users = response["Users"]
except ClientError as err:
logger.error(
"Couldn't list users for %s. Here's why: %s: %s",
self.user_pool_id,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return users
```
+ Para obtener más información sobre la API, consulta [ListUsers](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**SDK para SAP ABAP**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
DATA(lo_result) = lo_cgp->listusers(
iv_userpoolid = iv_user_pool_id
).
ot_users = lo_result->get_users( ).
MESSAGE |Found { lines( ot_users ) } users in the pool.| TYPE 'I'.
CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex).
MESSAGE |User pool { iv_user_pool_id } not found.| TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized to list users.' TYPE 'E'.
ENDTRY.
```
+ Para obtener más información sobre la API, consulte [ListUsers](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la *referencia sobre la API ABAP del AWS SDK para SAP*.
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
do {
let output = try await cognitoClient.listUsers(
input: ListUsersInput(
userPoolId: poolId
)
)
guard let users = output.users else {
print("No users found.")
return
}
print("\(users.count) user(s) found.")
for user in users {
print(" \(user.username ?? "")")
}
} catch _ as NotAuthorizedException {
print("*** Please authenticate with AWS before using this command.")
return
} catch _ as ResourceNotFoundException {
print("*** The specified User Pool was not found.")
return
} catch {
print("*** An unexpected type of error occurred.")
return
}
```
+ Para obtener más información sobre la API, consulta [ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `ResendConfirmationCode` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `ResendConfirmationCode`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Send a new confirmation code to a user.
///
/// The Id of the client application.
/// The username of user who will receive the code.
/// The delivery details.
public async Task ResendConfirmationCodeAsync(string clientId, string userName)
{
var codeRequest = new ResendConfirmationCodeRequest
{
ClientId = clientId,
Username = userName,
};
var response = await _cognitoService.ResendConfirmationCodeAsync(codeRequest);
Console.WriteLine($"Method of delivery is {response.CodeDeliveryDetails.DeliveryMedium}");
return response.CodeDeliveryDetails;
}
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Para reenviar un código de confirmación**
En el siguiente ejemplo `resend-confirmation-code`, se envía un código de confirmación al usuario `jane`.
```
aws cognito-idp resend-confirmation-code \
--client-id 12a3b456c7de890f11g123hijk \
--username jane
```
Salida:
```
{
"CodeDeliveryDetails": {
"Destination": "j***@e***.com",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
}
```
Para obtener más información, consulte [Inscripción y confirmación de cuentas de usuarios](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/resend-confirmation-code.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const resendConfirmationCode = ({ clientId, username }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ResendConfirmationCodeCommand({
ClientId: clientId,
Username: username,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def resend_confirmation(self, user_name):
"""
Prompts Amazon Cognito to resend an email with a new confirmation code.
:param user_name: The name of the user who will receive the email.
:return: Delivery information about where the email is sent.
"""
try:
kwargs = {"ClientId": self.client_id, "Username": user_name}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.resend_confirmation_code(**kwargs)
delivery = response["CodeDeliveryDetails"]
except ClientError as err:
logger.error(
"Couldn't resend confirmation to %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return delivery
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Requests a new confirmation code be sent to the given user's contact
/// method.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The application client ID.
/// - userName: The user to resend a code for.
///
/// - Returns: `true` if a new code was sent successfully, otherwise
/// `false`.
func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String) async -> Bool {
do {
let output = try await cipClient.resendConfirmationCode(
input: ResendConfirmationCodeInput(
clientId: clientId,
username: userName
)
)
guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else {
print("*** Unable to get the delivery method for the resent code.")
return false
}
print("=====> A new code has been sent by \(deliveryMedium)")
return true
} catch {
print("*** Unable to resend the confirmation code to user \(userName).")
return false
}
}
```
+ Para obtener más información sobre la API, consulta [ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `RespondToAuthChallenge` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `RespondToAuthChallenge`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ CLI ]
**AWS CLI**
**Ejemplo 1: respuesta a un desafío NEW\$1PASSWORD\$1REQUIRED**
En el siguiente ejemplo de `respond-to-auth-challenge`, se responde a un desafío NEW\$1PASSWORD\$1REQUIRED devuelto por initiate-auth. Establece una contraseña para el usuario `jane@example.com`.
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789 \
--challenge-name NEW_PASSWORD_REQUIRED \
--challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \
--session AYABeEv5HklEXAMPLE
```
Salida:
```
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "ACCESS_TOKEN",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "REFRESH_TOKEN",
"IdToken": "ID_TOKEN",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-wt2ha1Zd"
}
}
}
```
Para obtener más información, consulte [Autenticación](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) en la *Guía para desarrolladores de Amazon Cognito*.
**Ejemplo 2: respuesta a un desafío SELECT\$1MFA\$1TYPE**
En el siguiente ejemplo de `respond-to-auth-challenge`, se elige TOTP MFA como opción de MFA para el usuario actual. Se solicitó al usuario que seleccionara un tipo de MFA y, a continuación, se le pedirá que ingrese su código de MFA.
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789
--session AYABeEv5HklEXAMPLE
--challenge-name SELECT_MFA_TYPE
--challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA
```
Salida:
```
{
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": "AYABeEv5HklEXAMPLE",
"ChallengeParameters": {
"FRIENDLY_DEVICE_NAME": "transparent"
}
}
```
Para obtener más información, consulte [Agregación de MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) en la *Guía para desarrolladores de Amazon Cognito*.
**Ejemplo 3: respuesta a un desafío SOFTWARE\$1TOKEN\$1MFA**
En el siguiente ejemplo de `respond-to-auth-challenge`, se proporciona un código MFA con TOTP y se completa el inicio de sesión.
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789 \
--session AYABeEv5HklEXAMPLE \
--challenge-name SOFTWARE_TOKEN_MFA \
--challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456
```
Salida:
```
{
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-v7w9UcY6"
}
}
}
```
Para obtener más información, consulte [Agregación de MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulte [RespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)la *Referencia de AWS CLI comandos*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const respondToAuthChallenge = ({
clientId,
username,
session,
userPoolId,
code,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new RespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: code,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Inicie sesión con un dispositivo con seguimiento. Para completar el inicio de sesión, el cliente debe responder correctamente a los desafíos relacionados con la contraseña remota segura (SRP).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
+ Para obtener más información sobre la API, consulta [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)la *AWS Referencia de API de SDK for Python (Boto3*).
------
Para obtener una lista completa de las guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `SignUp` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `SignUp`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en los siguientes ejemplos de código:
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Sign up a new user.
///
/// The client Id of the application.
/// The username to use.
/// The user's password.
/// The email address of the user.
/// A Boolean value indicating whether the user was confirmed.
public async Task SignUpAsync(string clientId, string userName, string password, string email)
{
var userAttrs = new AttributeType
{
Name = "email",
Value = email,
};
var userAttrsList = new List();
userAttrsList.Add(userAttrs);
var signUpRequest = new SignUpRequest
{
UserAttributes = userAttrsList,
Username = userName,
ClientId = clientId,
Password = password
};
var response = await _cognitoService.SignUpAsync(signUpRequest);
return response.HttpStatusCode == HttpStatusCode.OK;
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Para inscribir a un usuario**
En este ejemplo, se registra jane@example.com.
Comando:
```
aws cognito-idp sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username jane@example.com --password PASSWORD --user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane"
```
Salida:
```
{
"UserConfirmed": false,
"UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862"
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/sign-up.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)la *Referencia AWS SDK para Go de la API*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const signUp = ({ clientId, username, password, email }) => {
const client = new CognitoIdentityProviderClient({});
const command = new SignUpCommand({
ClientId: clientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
```
+ Para obtener más información sobre la API, consulta [SignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Create a new user in a user pool.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The ID of the app client to create a user for.
/// - userName: The username for the new user.
/// - password: The new user's password.
/// - email: The new user's email address.
///
/// - Returns: `true` if successful; otherwise `false`.
func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool {
let emailAttr = CognitoIdentityProviderClientTypes.AttributeType(
name: "email",
value: email
)
let userAttrsList = [emailAttr]
do {
_ = try await cipClient.signUp(
input: SignUpInput(
clientId: clientId,
password: password,
userAttributes: userAttrsList,
username: userName
)
)
print("=====> User \(userName) signed up.")
} catch _ as AWSCognitoIdentityProvider.UsernameExistsException {
print("*** The username \(userName) already exists. Please use a different one.")
return false
} catch let error as AWSCognitoIdentityProvider.InvalidPasswordException {
print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "").")
return false
} catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException {
print("*** Error: The specified client ID (\(clientId)) doesn't exist.")
return false
} catch {
print("*** Unexpected error: \(error)")
return false
}
return true
}
```
+ Para obtener más información sobre la API, consulta [SignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/signup(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `UpdateUserPool` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `UpdateUserPool`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en los siguientes ejemplos de código:
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**Para actualizar un grupo de usuarios**
En el siguiente ejemplo de `update-user-pool`, se modifica un grupo de usuarios con un ejemplo de sintaxis para cada una de las opciones de configuración disponibles. Para actualizar un grupo de usuarios, debe especificar todas las opciones configuradas previamente o estas se restablecerán a su valor predeterminado.
```
aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \
--policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \
--deletion-protection ACTIVE \
--lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \
--auto-verified-attributes "phone_number" "email" \
--verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \
--sms-authentication-message "Your code is {####}" \
--user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \
--mfa-configuration "OPTIONAL" \
--device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \
--email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \
--sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-add-ons AdvancedSecurityMode="AUDIT" \
--account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\]
```
Este comando no genera ninguna salida.
Para obtener más información, consulte [Updating user pool configuration](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulte [UpdateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool.html)la *Referencia de AWS CLI comandos*.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
```
+ Para obtener más información sobre la API, consulta [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)la *Referencia AWS SDK para Go de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples).
```
/**
* Connect a Lambda function to the PreSignUp trigger for a Cognito user pool
* @param {{ region: string, userPoolId: string, handlerArn: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").UpdateUserPoolCommandOutput | null, unknown]>}
*/
export const addPreSignUpHandler = async ({
region,
userPoolId,
handlerArn,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const command = new UpdateUserPoolCommand({
UserPoolId: userPoolId,
LambdaConfig: {
PreSignUp: handlerArn,
},
});
const response = await cognitoClient.send(command);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ Para obtener más información sobre la API, consulta [UpdateUserPool](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/UpdateUserPoolCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Úselo `VerifySoftwareToken` con un AWS SDK o CLI
Los siguientes ejemplos de código muestran cómo utilizar `VerifySoftwareToken`.
Los ejemplos de acciones son extractos de código de programas más grandes y deben ejecutarse en contexto. Puede ver esta acción en contexto en el siguiente ejemplo de código:
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Verify the TOTP and register for MFA.
///
/// The name of the session.
/// The MFA code.
/// The status of the software token.
public async Task VerifySoftwareTokenAsync(string session, string code)
{
var tokenRequest = new VerifySoftwareTokenRequest
{
UserCode = code,
Session = session,
};
var verifyResponse = await _cognitoService.VerifySoftwareTokenAsync(tokenRequest);
return verifyResponse.Status;
}
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken)la *Referencia AWS SDK para .NET de la API*.
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)la *Referencia AWS SDK para C\$1\$1 de la API*.
------
#### [ CLI ]
**AWS CLI**
**Confirmación del registro de una autenticación TOTP**
En el siguiente ejemplo de `verify-software-token`, se completa el registro TOTP para el usuario actual.
```
aws cognito-idp verify-software-token \
--access-token eyJra456defEXAMPLE \
--user-code 123456
```
Salida:
```
{
"Status": "SUCCESS"
}
```
Para obtener más información, consulte [Adding MFA to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) en la *Guía para desarrolladores de Amazon Cognito*.
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-software-token.html)la *Referencia de AWS CLI comandos*.
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)la *Referencia AWS SDK for Java 2.x de la API*.
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const verifySoftwareToken = (totp) => {
const client = new CognitoIdentityProviderClient({});
// The 'Session' is provided in the response to 'AssociateSoftwareToken'.
const session = process.env.SESSION;
if (!session) {
throw new Error(
"Missing a valid Session. Did you run 'admin-initiate-auth'?",
);
}
const command = new VerifySoftwareTokenCommand({
Session: session,
UserCode: totp,
});
return client.send(command);
};
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)la *Referencia AWS SDK para JavaScript de la API*.
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)la *referencia sobre el AWS SDK para la API de Kotlin*.
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def verify_mfa(self, session, user_code):
"""
Verify a new MFA application that is associated with a user.
:param session: Session information returned from a previous call to initiate
authentication.
:param user_code: A code generated by the associated MFA application.
:return: Status that indicates whether the MFA application is verified.
"""
try:
response = self.cognito_idp_client.verify_software_token(
Session=session, UserCode=user_code
)
except ClientError as err:
logger.error(
"Couldn't verify MFA. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)la *AWS Referencia de API de SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**SDK para SAP ABAP**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
DATA(lo_result) = lo_cgp->verifysoftwaretoken(
iv_session = iv_session
iv_usercode = iv_user_code
).
ov_status = lo_result->get_status( ).
IF ov_status = 'SUCCESS'.
MESSAGE 'MFA token verified successfully.' TYPE 'I'.
ELSE.
MESSAGE |MFA verification status: { ov_status }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex).
MESSAGE 'Invalid MFA code provided.' TYPE 'E'.
CATCH /aws1/cx_cgpenbsoftwaretokmf00 INTO DATA(lo_enabled_ex).
MESSAGE 'Software token MFA is already enabled.' TYPE 'E'.
ENDTRY.
```
+ Para obtener más información sobre la API, consulte [VerifySoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la *referencia sobre la API ABAP del AWS SDK para SAP*.
------
#### [ Swift ]
**SDK para Swift**
Hay más información al respecto. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Confirm that the user's TOTP authenticator is configured correctly by
/// sending a code to it to check that it matches successfully.
///
/// - Parameters:
/// - cipClient: The `CongnitoIdentityProviderClient` to use.
/// - session: An authentication session previously returned by an
/// `associateSoftwareToken()` call.
/// - mfaCode: The 6-digit code currently displayed by the user's
/// authenticator, as provided by the user.
func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
do {
let output = try await cipClient.verifySoftwareToken(
input: VerifySoftwareTokenInput(
session: session,
userCode: mfaCode
)
)
guard let tokenStatus = output.status else {
print("*** Unable to get the token's status.")
return
}
print("=====> The token's status is: \(tokenStatus)")
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user has not been confirmed.")
return
} catch {
print("*** Error verifying the MFA token!")
return
}
}
```
+ Para obtener más información sobre la API, consulta [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))la *referencia sobre la API de AWS SDK for Swift*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Escenarios en los que Amazon Cognito Identity Provider utiliza AWS SDKs
Los siguientes ejemplos de código muestran cómo implementar escenarios comunes en Amazon Cognito Identity Provider con. AWS SDKs Estos escenarios muestran cómo realizar tareas específicas llamando a varias funciones dentro del proveedor de identidades de Amazon Cognito o en combinación con otros Servicios de AWS. En cada escenario se incluye un enlace al código fuente completo, con instrucciones de configuración y ejecución del código.
Los escenarios requieren un nivel intermedio de experiencia para entender las acciones de servicio en su contexto.
**Topics**
+ [Confirmación de manera automática a los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migración en forma automática los usuarios conocidos con una función de Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Registro de un usuario en un grupo de usuarios que requiera MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Uso de los grupos de identidades de Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md)
+ [Escriba datos de actividad personalizados con una función de Lambda tras la autenticación de usuario de Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
# Confirme automáticamente a los usuarios conocidos de Amazon Cognito con una función Lambda mediante un SDK AWS
En los siguientes ejemplos de código, se muestra cómo confirmar de manera automática los usuarios conocidos de Amazon Cognito con una función de Lambda.
+ Configure un grupo de usuarios para que llame a una función de Lambda para el desencadenador `PreSignUp`.
+ Inscripción de un usuario mediante Amazon Cognito
+ La función de Lambda escanea una tabla de DynamoDB y confirma de manera automática los usuarios conocidos.
+ Inicie sesión con el nuevo usuario y, luego, elimine los recursos.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples).
Ejecutar un escenario interactivo en un símbolo del sistema.
```
import (
"context"
"errors"
"log"
"strings"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// AutoConfirm separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type AutoConfirm struct {
helper IScenarioHelper
questioner demotools.IQuestioner
resources Resources
cognitoActor *actions.CognitoActions
}
// NewAutoConfirm constructs a new auto confirm runner.
func NewAutoConfirm(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) AutoConfirm {
scenario := AutoConfirm{
helper: helper,
questioner: questioner,
resources: Resources{},
cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
}
scenario.resources.init(scenario.cognitoActor, questioner)
return scenario
}
// AddPreSignUpTrigger adds a Lambda handler as an invocation target for the PreSignUp trigger.
func (runner *AutoConfirm) AddPreSignUpTrigger(ctx context.Context, userPoolId string, functionArn string) {
log.Printf("Let's add a Lambda function to handle the PreSignUp trigger from Cognito.\n" +
"This trigger happens when a user signs up, and lets your function take action before the main Cognito\n" +
"sign up processing occurs.\n")
err := runner.cognitoActor.UpdateTriggers(
ctx, userPoolId,
actions.TriggerInfo{Trigger: actions.PreSignUp, HandlerArn: aws.String(functionArn)})
if err != nil {
panic(err)
}
log.Printf("Lambda function %v added to user pool %v to handle the PreSignUp trigger.\n",
functionArn, userPoolId)
}
// SignUpUser signs up a user from the known user table with a password you specify.
func (runner *AutoConfirm) SignUpUser(ctx context.Context, clientId string, usersTable string) (string, string) {
log.Println("Let's sign up a user to your Cognito user pool. When the user's email matches an email in the\n" +
"DynamoDB known users table, it is automatically verified and the user is confirmed.")
knownUsers, err := runner.helper.GetKnownUsers(ctx, usersTable)
if err != nil {
panic(err)
}
userChoice := runner.questioner.AskChoice("Which user do you want to use?\n", knownUsers.UserNameList())
user := knownUsers.Users[userChoice]
var signedUp bool
var userConfirmed bool
password := runner.questioner.AskPassword("Enter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
"(the password will not display as you type):", 8)
for !signedUp {
log.Printf("Signing up user '%v' with email '%v' to Cognito.\n", user.UserName, user.UserEmail)
userConfirmed, err = runner.cognitoActor.SignUp(ctx, clientId, user.UserName, password, user.UserEmail)
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
password = runner.questioner.AskPassword("Enter another password:", 8)
} else {
panic(err)
}
} else {
signedUp = true
}
}
log.Printf("User %v signed up, confirmed = %v.\n", user.UserName, userConfirmed)
log.Println(strings.Repeat("-", 88))
return user.UserName, password
}
// SignInUser signs in a user.
func (runner *AutoConfirm) SignInUser(ctx context.Context, clientId string, userName string, password string) string {
runner.questioner.Ask("Press Enter when you're ready to continue.")
log.Printf("Let's sign in as %v...\n", userName)
authResult, err := runner.cognitoActor.SignIn(ctx, clientId, userName, password)
if err != nil {
panic(err)
}
log.Printf("Successfully signed in. Your access token starts with: %v...\n", (*authResult.AccessToken)[:10])
log.Println(strings.Repeat("-", 88))
return *authResult.AccessToken
}
// Run runs the scenario.
func (runner *AutoConfirm) Run(ctx context.Context, stackName string) {
defer func() {
if r := recover(); r != nil {
log.Println("Something went wrong with the demo.")
runner.resources.Cleanup(ctx)
}
}()
log.Println(strings.Repeat("-", 88))
log.Printf("Welcome\n")
log.Println(strings.Repeat("-", 88))
stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
if err != nil {
panic(err)
}
runner.resources.userPoolId = stackOutputs["UserPoolId"]
runner.helper.PopulateUserTable(ctx, stackOutputs["TableName"])
runner.AddPreSignUpTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["AutoConfirmFunctionArn"])
runner.resources.triggers = append(runner.resources.triggers, actions.PreSignUp)
userName, password := runner.SignUpUser(ctx, stackOutputs["UserPoolClientId"], stackOutputs["TableName"])
runner.helper.ListRecentLogEvents(ctx, stackOutputs["AutoConfirmFunction"])
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens,
runner.SignInUser(ctx, stackOutputs["UserPoolClientId"], userName, password))
runner.resources.Cleanup(ctx)
log.Println(strings.Repeat("-", 88))
log.Println("Thanks for watching!")
log.Println(strings.Repeat("-", 88))
}
```
Controle el desencadenador `PreSignUp` con una función de Lambda.
```
import (
"context"
"log"
"os"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
const TABLE_NAME = "TABLE_NAME"
// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
UserName string `dynamodbav:"UserName"`
UserEmail string `dynamodbav:"UserEmail"`
}
// GetKey marshals the user email value to a DynamoDB key format.
func (user UserInfo) GetKey() map[string]dynamodbtypes.AttributeValue {
userEmail, err := attributevalue.Marshal(user.UserEmail)
if err != nil {
panic(err)
}
return map[string]dynamodbtypes.AttributeValue{"UserEmail": userEmail}
}
type handler struct {
dynamoClient *dynamodb.Client
}
// HandleRequest handles the PreSignUp event by looking up a user in an Amazon DynamoDB table and
// specifying whether they should be confirmed and verified.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsPreSignup) (events.CognitoEventUserPoolsPreSignup, error) {
log.Printf("Received presignup from %v for user '%v'", event.TriggerSource, event.UserName)
if event.TriggerSource != "PreSignUp_SignUp" {
// Other trigger sources, such as PreSignUp_AdminInitiateAuth, ignore the response from this handler.
return event, nil
}
tableName := os.Getenv(TABLE_NAME)
user := UserInfo{
UserEmail: event.Request.UserAttributes["email"],
}
log.Printf("Looking up email %v in table %v.\n", user.UserEmail, tableName)
output, err := h.dynamoClient.GetItem(ctx, &dynamodb.GetItemInput{
Key: user.GetKey(),
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Error looking up email %v.\n", user.UserEmail)
return event, err
}
if output.Item == nil {
log.Printf("Email %v not found. Email verification is required.\n", user.UserEmail)
return event, err
}
err = attributevalue.UnmarshalMap(output.Item, &user)
if err != nil {
log.Printf("Couldn't unmarshal DynamoDB item. Here's why: %v\n", err)
return event, err
}
if user.UserName != event.UserName {
log.Printf("UserEmail %v found, but stored UserName '%v' does not match supplied UserName '%v'. Verification is required.\n",
user.UserEmail, user.UserName, event.UserName)
} else {
log.Printf("UserEmail %v found with matching UserName %v. User is confirmed.\n", user.UserEmail, user.UserName)
event.Response.AutoConfirmUser = true
event.Response.AutoVerifyEmail = true
}
return event, err
}
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
log.Panicln(err)
}
h := handler{
dynamoClient: dynamodb.NewFromConfig(sdkConfig),
}
lambda.Start(h.HandleRequest)
}
```
Cree una estructura que lleve a cabo las tareas habituales.
```
import (
"context"
"log"
"strings"
"time"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
Pause(secs int)
GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
PopulateUserTable(ctx context.Context, tableName string)
GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
AddKnownUser(ctx context.Context, tableName string, user actions.User)
ListRecentLogEvents(ctx context.Context, functionName string)
}
// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
questioner demotools.IQuestioner
dynamoActor *actions.DynamoActions
cfnActor *actions.CloudFormationActions
cwlActor *actions.CloudWatchLogsActions
isTestRun bool
}
// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
scenario := ScenarioHelper{
questioner: questioner,
dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
}
return scenario
}
// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
if !helper.isTestRun {
time.Sleep(time.Duration(secs) * time.Second)
}
}
// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
return helper.cfnActor.GetOutputs(ctx, stackName), nil
}
// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
err := helper.dynamoActor.PopulateTable(ctx, tableName)
if err != nil {
panic(err)
}
}
// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
if err != nil {
log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
}
return knownUsers, err
}
// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
user.UserName, user.UserEmail)
err := helper.dynamoActor.AddUser(ctx, tableName, user)
if err != nil {
panic(err)
}
}
// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
helper.Pause(10)
log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
if err != nil {
panic(err)
}
log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
if err != nil {
panic(err)
}
for _, event := range events {
log.Printf("\t%v", *event.Message)
}
log.Println(strings.Repeat("-", 88))
}
```
Cree una estructura que ajuste las acciones de Amazon Cognito.
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
Cree una estructura que ajuste las acciones de DynamoDB.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
DynamoClient *dynamodb.Client
}
// User defines structured user data.
type User struct {
UserName string
UserEmail string
LastLogin *LoginInfo `dynamodbav:",omitempty"`
}
// LoginInfo defines structured custom login data.
type LoginInfo struct {
UserPoolId string
ClientId string
Time string
}
// UserList defines a list of users.
type UserList struct {
Users []User
}
// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
names := make([]string, len(users.Users))
for i := 0; i < len(users.Users); i++ {
names[i] = users.Users[i].UserName
}
return names
}
// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
var err error
var item map[string]types.AttributeValue
var writeReqs []types.WriteRequest
for i := 1; i < 4; i++ {
item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
if err != nil {
log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
return err
}
writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
}
_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
})
if err != nil {
log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
}
return err
}
// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
var userList UserList
output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
} else {
err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
if err != nil {
log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
}
}
return userList, err
}
// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
userItem, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
}
_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userItem,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
}
return err
}
```
Crea una estructura que abarque las acciones de CloudWatch Logs.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)
type CloudWatchLogsActions struct {
CwlClient *cloudwatchlogs.Client
}
// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
var logStream types.LogStream
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
Descending: aws.Bool(true),
Limit: aws.Int32(1),
LogGroupName: aws.String(logGroupName),
OrderBy: types.OrderByLastEventTime,
})
if err != nil {
log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
} else {
logStream = output.LogStreams[0]
}
return logStream, err
}
// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
[]types.OutputLogEvent, error) {
var events []types.OutputLogEvent
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
LogStreamName: aws.String(logStreamName),
Limit: aws.Int32(eventCount),
LogGroupName: aws.String(logGroupName),
})
if err != nil {
log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
} else {
events = output.Events
}
return events, err
}
```
Crea una estructura que agrupe las acciones. CloudFormation
```
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)
// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string
type CloudFormationActions struct {
CfnClient *cloudformation.Client
}
// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(stackName),
})
if err != nil || len(output.Stacks) == 0 {
log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
}
stackOutputs := StackOutputs{}
for _, out := range output.Stacks[0].Outputs {
stackOutputs[*out.OutputKey] = *out.OutputValue
}
return stackOutputs
}
```
Eliminación de recursos.
```
import (
"context"
"log"
"user_pools_and_lambda_triggers/actions"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
userPoolId string
userAccessTokens []string
triggers []actions.Trigger
cognitoActor *actions.CognitoActions
questioner demotools.IQuestioner
}
func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
resources.userAccessTokens = []string{}
resources.triggers = []actions.Trigger{}
resources.cognitoActor = cognitoActor
resources.questioner = questioner
}
// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
defer func() {
if r := recover(); r != nil {
log.Printf("Something went wrong during cleanup.\n%v\n", r)
log.Println("Use the AWS Management Console to remove any remaining resources \n" +
"that were created for this scenario.")
}
}()
wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
"during this demo (y/n)?", "y")
if wantDelete {
for _, accessToken := range resources.userAccessTokens {
err := resources.cognitoActor.DeleteUser(ctx, accessToken)
if err != nil {
log.Println("Couldn't delete user during cleanup.")
panic(err)
}
log.Println("Deleted user.")
}
triggerList := make([]actions.TriggerInfo, len(resources.triggers))
for i := 0; i < len(resources.triggers); i++ {
triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
}
err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
if err != nil {
log.Println("Couldn't update Cognito triggers during cleanup.")
panic(err)
}
log.Println("Removed Cognito triggers from user pool.")
} else {
log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
}
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para Go *.
+ [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
+ [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
+ [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)
+ [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples).
Configure una ejecución interactiva de “Escenario”. Los ejemplos JavaScript (v3) comparten un gestor de escenarios para simplificar los ejemplos complejos. El código fuente completo está activado GitHub.
```
import { AutoConfirm } from "./scenario-auto-confirm.js";
/**
* The context is passed to every scenario. Scenario steps
* will modify the context.
*/
const context = {
errors: [],
users: [
{
UserName: "test_user_1",
UserEmail: "test_email_1@example.com",
},
{
UserName: "test_user_2",
UserEmail: "test_email_2@example.com",
},
{
UserName: "test_user_3",
UserEmail: "test_email_3@example.com",
},
],
};
/**
* Three Scenarios are created for the workflow. A Scenario is an orchestration class
* that simplifies running a series of steps.
*/
export const scenarios = {
// Demonstrate automatically confirming known users in a database.
"auto-confirm": AutoConfirm(context),
};
// Call function if run directly
import { fileURLToPath } from "node:url";
import { parseScenarioArgs } from "@aws-doc-sdk-examples/lib/scenario/index.js";
if (process.argv[1] === fileURLToPath(import.meta.url)) {
parseScenarioArgs(scenarios, {
name: "Cognito user pools and triggers",
description:
"Demonstrate how to use the AWS SDKs to customize Amazon Cognito authentication behavior.",
});
}
```
En este escenario, se muestra la confirmación automática de un usuario conocido. Orquesta los pasos del ejemplo.
```
import { wait } from "@aws-doc-sdk-examples/lib/utils/util-timers.js";
import {
Scenario,
ScenarioAction,
ScenarioInput,
ScenarioOutput,
} from "@aws-doc-sdk-examples/lib/scenario/scenario.js";
import {
getStackOutputs,
logCleanUpReminder,
promptForStackName,
promptForStackRegion,
skipWhenErrors,
} from "./steps-common.js";
import { populateTable } from "./actions/dynamodb-actions.js";
import {
addPreSignUpHandler,
deleteUser,
getUser,
signIn,
signUpUser,
} from "./actions/cognito-actions.js";
import {
getLatestLogStreamForLambda,
getLogEvents,
} from "./actions/cloudwatch-logs-actions.js";
/**
* @typedef {{
* errors: Error[],
* password: string,
* users: { UserName: string, UserEmail: string }[],
* selectedUser?: string,
* stackName?: string,
* stackRegion?: string,
* token?: string,
* confirmDeleteSignedInUser?: boolean,
* TableName?: string,
* UserPoolClientId?: string,
* UserPoolId?: string,
* UserPoolArn?: string,
* AutoConfirmHandlerArn?: string,
* AutoConfirmHandlerName?: string
* }} State
*/
const greeting = new ScenarioOutput(
"greeting",
(/** @type {State} */ state) => `This demo will populate some users into the \
database created as part of the "${state.stackName}" stack. \
Then the AutoConfirmHandler will be linked to the PreSignUp \
trigger from Cognito. Finally, you will choose a user to sign up.`,
{ skipWhen: skipWhenErrors },
);
const logPopulatingUsers = new ScenarioOutput(
"logPopulatingUsers",
"Populating the DynamoDB table with some users.",
{ skipWhenErrors: skipWhenErrors },
);
const logPopulatingUsersComplete = new ScenarioOutput(
"logPopulatingUsersComplete",
"Done populating users.",
{ skipWhen: skipWhenErrors },
);
const populateUsers = new ScenarioAction(
"populateUsers",
async (/** @type {State} */ state) => {
const [_, err] = await populateTable({
region: state.stackRegion,
tableName: state.TableName,
items: state.users,
});
if (err) {
state.errors.push(err);
}
},
{
skipWhen: skipWhenErrors,
},
);
const logSetupSignUpTrigger = new ScenarioOutput(
"logSetupSignUpTrigger",
"Setting up the PreSignUp trigger for the Cognito User Pool.",
{ skipWhen: skipWhenErrors },
);
const setupSignUpTrigger = new ScenarioAction(
"setupSignUpTrigger",
async (/** @type {State} */ state) => {
const [_, err] = await addPreSignUpHandler({
region: state.stackRegion,
userPoolId: state.UserPoolId,
handlerArn: state.AutoConfirmHandlerArn,
});
if (err) {
state.errors.push(err);
}
},
{
skipWhen: skipWhenErrors,
},
);
const logSetupSignUpTriggerComplete = new ScenarioOutput(
"logSetupSignUpTriggerComplete",
(
/** @type {State} */ state,
) => `The lambda function "${state.AutoConfirmHandlerName}" \
has been configured as the PreSignUp trigger handler for the user pool "${state.UserPoolId}".`,
{ skipWhen: skipWhenErrors },
);
const selectUser = new ScenarioInput(
"selectedUser",
"Select a user to sign up.",
{
type: "select",
choices: (/** @type {State} */ state) => state.users.map((u) => u.UserName),
skipWhen: skipWhenErrors,
default: (/** @type {State} */ state) => state.users[0].UserName,
},
);
const checkIfUserAlreadyExists = new ScenarioAction(
"checkIfUserAlreadyExists",
async (/** @type {State} */ state) => {
const [user, err] = await getUser({
region: state.stackRegion,
userPoolId: state.UserPoolId,
username: state.selectedUser,
});
if (err?.name === "UserNotFoundException") {
// Do nothing. We're not expecting the user to exist before
// sign up is complete.
return;
}
if (err) {
state.errors.push(err);
return;
}
if (user) {
state.errors.push(
new Error(
`The user "${state.selectedUser}" already exists in the user pool "${state.UserPoolId}".`,
),
);
}
},
{
skipWhen: skipWhenErrors,
},
);
const createPassword = new ScenarioInput(
"password",
"Enter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.",
{ type: "password", skipWhen: skipWhenErrors, default: "Abcd1234!" },
);
const logSignUpExistingUser = new ScenarioOutput(
"logSignUpExistingUser",
(/** @type {State} */ state) => `Signing up user "${state.selectedUser}".`,
{ skipWhen: skipWhenErrors },
);
const signUpExistingUser = new ScenarioAction(
"signUpExistingUser",
async (/** @type {State} */ state) => {
const signUp = (password) =>
signUpUser({
region: state.stackRegion,
userPoolClientId: state.UserPoolClientId,
username: state.selectedUser,
email: state.users.find((u) => u.UserName === state.selectedUser)
.UserEmail,
password,
});
let [_, err] = await signUp(state.password);
while (err?.name === "InvalidPasswordException") {
console.warn("The password you entered was invalid.");
await createPassword.handle(state);
[_, err] = await signUp(state.password);
}
if (err) {
state.errors.push(err);
}
},
{ skipWhen: skipWhenErrors },
);
const logSignUpExistingUserComplete = new ScenarioOutput(
"logSignUpExistingUserComplete",
(/** @type {State} */ state) =>
`"${state.selectedUser} was signed up successfully.`,
{ skipWhen: skipWhenErrors },
);
const logLambdaLogs = new ScenarioAction(
"logLambdaLogs",
async (/** @type {State} */ state) => {
console.log(
"Waiting a few seconds to let Lambda write to CloudWatch Logs...\n",
);
await wait(10);
const [logStream, logStreamErr] = await getLatestLogStreamForLambda({
functionName: state.AutoConfirmHandlerName,
region: state.stackRegion,
});
if (logStreamErr) {
state.errors.push(logStreamErr);
return;
}
console.log(
`Getting some recent events from log stream "${logStream.logStreamName}"`,
);
const [logEvents, logEventsErr] = await getLogEvents({
functionName: state.AutoConfirmHandlerName,
region: state.stackRegion,
eventCount: 10,
logStreamName: logStream.logStreamName,
});
if (logEventsErr) {
state.errors.push(logEventsErr);
return;
}
console.log(logEvents.map((ev) => `\t${ev.message}`).join(""));
},
{ skipWhen: skipWhenErrors },
);
const logSignInUser = new ScenarioOutput(
"logSignInUser",
(/** @type {State} */ state) => `Let's sign in as ${state.selectedUser}`,
{ skipWhen: skipWhenErrors },
);
const signInUser = new ScenarioAction(
"signInUser",
async (/** @type {State} */ state) => {
const [response, err] = await signIn({
region: state.stackRegion,
clientId: state.UserPoolClientId,
username: state.selectedUser,
password: state.password,
});
if (err?.name === "PasswordResetRequiredException") {
state.errors.push(new Error("Please reset your password."));
return;
}
if (err) {
state.errors.push(err);
return;
}
state.token = response?.AuthenticationResult?.AccessToken;
},
{ skipWhen: skipWhenErrors },
);
const logSignInUserComplete = new ScenarioOutput(
"logSignInUserComplete",
(/** @type {State} */ state) =>
`Successfully signed in. Your access token starts with: ${state.token.slice(0, 11)}`,
{ skipWhen: skipWhenErrors },
);
const confirmDeleteSignedInUser = new ScenarioInput(
"confirmDeleteSignedInUser",
"Do you want to delete the currently signed in user?",
{ type: "confirm", skipWhen: skipWhenErrors },
);
const deleteSignedInUser = new ScenarioAction(
"deleteSignedInUser",
async (/** @type {State} */ state) => {
const [_, err] = await deleteUser({
region: state.stackRegion,
accessToken: state.token,
});
if (err) {
state.errors.push(err);
}
},
{
skipWhen: (/** @type {State} */ state) =>
skipWhenErrors(state) || !state.confirmDeleteSignedInUser,
},
);
const logErrors = new ScenarioOutput(
"logErrors",
(/** @type {State}*/ state) => {
const errorList = state.errors
.map((err) => ` - ${err.name}: ${err.message}`)
.join("\n");
return `Scenario errors found:\n${errorList}`;
},
{
// Don't log errors when there aren't any!
skipWhen: (/** @type {State} */ state) => state.errors.length === 0,
},
);
export const AutoConfirm = (context) =>
new Scenario(
"AutoConfirm",
[
promptForStackName,
promptForStackRegion,
getStackOutputs,
greeting,
logPopulatingUsers,
populateUsers,
logPopulatingUsersComplete,
logSetupSignUpTrigger,
setupSignUpTrigger,
logSetupSignUpTriggerComplete,
selectUser,
checkIfUserAlreadyExists,
createPassword,
logSignUpExistingUser,
signUpExistingUser,
logSignUpExistingUserComplete,
logLambdaLogs,
logSignInUser,
signInUser,
logSignInUserComplete,
confirmDeleteSignedInUser,
deleteSignedInUser,
logCleanUpReminder,
logErrors,
],
context,
);
```
Estos son pasos que se comparten con otros escenarios.
```
import {
ScenarioAction,
ScenarioInput,
ScenarioOutput,
} from "@aws-doc-sdk-examples/lib/scenario/scenario.js";
import { getCfnOutputs } from "@aws-doc-sdk-examples/lib/sdk/cfn-outputs.js";
export const skipWhenErrors = (state) => state.errors.length > 0;
export const getStackOutputs = new ScenarioAction(
"getStackOutputs",
async (state) => {
if (!state.stackName || !state.stackRegion) {
state.errors.push(
new Error(
"No stack name or region provided. The stack name and \
region are required to fetch CFN outputs relevant to this example.",
),
);
return;
}
const outputs = await getCfnOutputs(state.stackName, state.stackRegion);
Object.assign(state, outputs);
},
);
export const promptForStackName = new ScenarioInput(
"stackName",
"Enter the name of the stack you deployed earlier.",
{ type: "input", default: "PoolsAndTriggersStack" },
);
export const promptForStackRegion = new ScenarioInput(
"stackRegion",
"Enter the region of the stack you deployed earlier.",
{ type: "input", default: "us-east-1" },
);
export const logCleanUpReminder = new ScenarioOutput(
"logCleanUpReminder",
"All done. Remember to run 'cdk destroy' to teardown the stack.",
{ skipWhen: skipWhenErrors },
);
```
Un controlador para el desencadenador `PreSignUp` con una función de Lambda.
```
import type { PreSignUpTriggerEvent, Handler } from "aws-lambda";
import type { UserRepository } from "./user-repository";
import { DynamoDBUserRepository } from "./user-repository";
export class PreSignUpHandler {
private userRepository: UserRepository;
constructor(userRepository: UserRepository) {
this.userRepository = userRepository;
}
private isPreSignUpTriggerSource(event: PreSignUpTriggerEvent): boolean {
return event.triggerSource === "PreSignUp_SignUp";
}
private getEventUserEmail(event: PreSignUpTriggerEvent): string {
return event.request.userAttributes.email;
}
async handlePreSignUpTriggerEvent(
event: PreSignUpTriggerEvent,
): Promise {
console.log(
`Received presignup from ${event.triggerSource} for user '${event.userName}'`,
);
if (!this.isPreSignUpTriggerSource(event)) {
return event;
}
const eventEmail = this.getEventUserEmail(event);
console.log(`Looking up email ${eventEmail}.`);
const storedUserInfo =
await this.userRepository.getUserInfoByEmail(eventEmail);
if (!storedUserInfo) {
console.log(
`Email ${eventEmail} not found. Email verification is required.`,
);
return event;
}
if (storedUserInfo.UserName !== event.userName) {
console.log(
`UserEmail ${eventEmail} found, but stored UserName '${storedUserInfo.UserName}' does not match supplied UserName '${event.userName}'. Verification is required.`,
);
} else {
console.log(
`UserEmail ${eventEmail} found with matching UserName ${storedUserInfo.UserName}. User is confirmed.`,
);
event.response.autoConfirmUser = true;
event.response.autoVerifyEmail = true;
}
return event;
}
}
const createPreSignUpHandler = (): PreSignUpHandler => {
const tableName = process.env.TABLE_NAME;
if (!tableName) {
throw new Error("TABLE_NAME environment variable is not set");
}
const userRepository = new DynamoDBUserRepository(tableName);
return new PreSignUpHandler(userRepository);
};
export const handler: Handler = async (event: PreSignUpTriggerEvent) => {
const preSignUpHandler = createPreSignUpHandler();
return preSignUpHandler.handlePreSignUpTriggerEvent(event);
};
```
Acciones del módulo de CloudWatch registros.
```
import {
CloudWatchLogsClient,
GetLogEventsCommand,
OrderBy,
paginateDescribeLogStreams,
} from "@aws-sdk/client-cloudwatch-logs";
/**
* Get the latest log stream for a Lambda function.
* @param {{ functionName: string, region: string }} config
* @returns {Promise<[import("@aws-sdk/client-cloudwatch-logs").LogStream | null, unknown]>}
*/
export const getLatestLogStreamForLambda = async ({ functionName, region }) => {
try {
const logGroupName = `/aws/lambda/${functionName}`;
const cwlClient = new CloudWatchLogsClient({ region });
const paginator = paginateDescribeLogStreams(
{ client: cwlClient },
{
descending: true,
limit: 1,
orderBy: OrderBy.LastEventTime,
logGroupName,
},
);
for await (const page of paginator) {
return [page.logStreams[0], null];
}
} catch (err) {
return [null, err];
}
};
/**
* Get the log events for a Lambda function's log stream.
* @param {{
* functionName: string,
* logStreamName: string,
* eventCount: number,
* region: string
* }} config
* @returns {Promise<[import("@aws-sdk/client-cloudwatch-logs").OutputLogEvent[] | null, unknown]>}
*/
export const getLogEvents = async ({
functionName,
logStreamName,
eventCount,
region,
}) => {
try {
const cwlClient = new CloudWatchLogsClient({ region });
const logGroupName = `/aws/lambda/${functionName}`;
const response = await cwlClient.send(
new GetLogEventsCommand({
logStreamName: logStreamName,
limit: eventCount,
logGroupName: logGroupName,
}),
);
return [response.events, null];
} catch (err) {
return [null, err];
}
};
```
Módulo de acciones de Amazon Cognito.
```
import {
AdminGetUserCommand,
CognitoIdentityProviderClient,
DeleteUserCommand,
InitiateAuthCommand,
SignUpCommand,
UpdateUserPoolCommand,
} from "@aws-sdk/client-cognito-identity-provider";
/**
* Connect a Lambda function to the PreSignUp trigger for a Cognito user pool
* @param {{ region: string, userPoolId: string, handlerArn: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").UpdateUserPoolCommandOutput | null, unknown]>}
*/
export const addPreSignUpHandler = async ({
region,
userPoolId,
handlerArn,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const command = new UpdateUserPoolCommand({
UserPoolId: userPoolId,
LambdaConfig: {
PreSignUp: handlerArn,
},
});
const response = await cognitoClient.send(command);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Attempt to register a user to a user pool with a given username and password.
* @param {{
* region: string,
* userPoolClientId: string,
* username: string,
* email: string,
* password: string
* }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").SignUpCommandOutput | null, unknown]>}
*/
export const signUpUser = async ({
region,
userPoolClientId,
username,
email,
password,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const response = await cognitoClient.send(
new SignUpCommand({
ClientId: userPoolClientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Sign in a user to Amazon Cognito using a username and password authentication flow.
* @param {{ region: string, clientId: string, username: string, password: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").InitiateAuthCommandOutput | null, unknown]>}
*/
export const signIn = async ({ region, clientId, username, password }) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({ region });
const response = await cognitoClient.send(
new InitiateAuthCommand({
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: clientId,
AuthParameters: { USERNAME: username, PASSWORD: password },
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Retrieve an existing user from a user pool.
* @param {{ region: string, userPoolId: string, username: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").AdminGetUserCommandOutput | null, unknown]>}
*/
export const getUser = async ({ region, userPoolId, username }) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({ region });
const response = await cognitoClient.send(
new AdminGetUserCommand({
UserPoolId: userPoolId,
Username: username,
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Delete the signed-in user. Useful for allowing a user to delete their
* own profile.
* @param {{ region: string, accessToken: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>}
*/
export const deleteUser = async ({ region, accessToken }) => {
try {
const client = new CognitoIdentityProviderClient({ region });
const response = await client.send(
new DeleteUserCommand({ AccessToken: accessToken }),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
Módulo de acciones de DynamoDB.
```
import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
import {
BatchWriteCommand,
DynamoDBDocumentClient,
} from "@aws-sdk/lib-dynamodb";
/**
* Populate a DynamoDB table with provide items.
* @param {{ region: string, tableName: string, items: Record[] }} config
* @returns {Promise<[import("@aws-sdk/lib-dynamodb").BatchWriteCommandOutput | null, unknown]>}
*/
export const populateTable = async ({ region, tableName, items }) => {
try {
const ddbClient = new DynamoDBClient({ region });
const docClient = DynamoDBDocumentClient.from(ddbClient);
const response = await docClient.send(
new BatchWriteCommand({
RequestItems: {
[tableName]: items.map((item) => ({
PutRequest: {
Item: item,
},
})),
},
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para JavaScript *.
+ [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand)
+ [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)
+ [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)
+ [UpdateUserPool](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/UpdateUserPoolCommand)
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Migre automáticamente los usuarios conocidos de Amazon Cognito con una función Lambda mediante un SDK AWS
En el siguiente ejemplo de código, se muestra cómo migrar de manera automática los usuarios conocidos de Amazon Cognito con una función de Lambda.
+ Configure un grupo de usuarios para que llame a una función de Lambda para el desencadenador `MigrateUser`.
+ Inicie sesión en Amazon Cognito con un nombre de usuario y un correo electrónico que no estén en el grupo de usuarios.
+ La función de Lambda escanea una tabla de DynamoDB y migra de manera automática los usuarios conocidos al grupo de usuarios.
+ Realice el flujo en caso de olvido de contraseña para restablecer la contraseña respecto del usuario migrado.
+ Inicie sesión como un nuevo usuario y, a continuación, elimine los recursos.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples).
Ejecutar un escenario interactivo en un símbolo del sistema.
```
import (
"context"
"errors"
"fmt"
"log"
"strings"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// MigrateUser separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type MigrateUser struct {
helper IScenarioHelper
questioner demotools.IQuestioner
resources Resources
cognitoActor *actions.CognitoActions
}
// NewMigrateUser constructs a new migrate user runner.
func NewMigrateUser(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) MigrateUser {
scenario := MigrateUser{
helper: helper,
questioner: questioner,
resources: Resources{},
cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
}
scenario.resources.init(scenario.cognitoActor, questioner)
return scenario
}
// AddMigrateUserTrigger adds a Lambda handler as an invocation target for the MigrateUser trigger.
func (runner *MigrateUser) AddMigrateUserTrigger(ctx context.Context, userPoolId string, functionArn string) {
log.Printf("Let's add a Lambda function to handle the MigrateUser trigger from Cognito.\n" +
"This trigger happens when an unknown user signs in, and lets your function take action before Cognito\n" +
"rejects the user.\n\n")
err := runner.cognitoActor.UpdateTriggers(
ctx, userPoolId,
actions.TriggerInfo{Trigger: actions.UserMigration, HandlerArn: aws.String(functionArn)})
if err != nil {
panic(err)
}
log.Printf("Lambda function %v added to user pool %v to handle the MigrateUser trigger.\n",
functionArn, userPoolId)
log.Println(strings.Repeat("-", 88))
}
// SignInUser adds a new user to the known users table and signs that user in to Amazon Cognito.
func (runner *MigrateUser) SignInUser(ctx context.Context, usersTable string, clientId string) (bool, actions.User) {
log.Println("Let's sign in a user to your Cognito user pool. When the username and email matches an entry in the\n" +
"DynamoDB known users table, the email is automatically verified and the user is migrated to the Cognito user pool.")
user := actions.User{}
user.UserName = runner.questioner.Ask("\nEnter a username:")
user.UserEmail = runner.questioner.Ask("\nEnter an email that you own. This email will be used to confirm user migration\n" +
"during this example:")
runner.helper.AddKnownUser(ctx, usersTable, user)
var err error
var resetRequired *types.PasswordResetRequiredException
var authResult *types.AuthenticationResultType
signedIn := false
for !signedIn && resetRequired == nil {
log.Printf("Signing in to Cognito as user '%v'. The expected result is a PasswordResetRequiredException.\n\n", user.UserName)
authResult, err = runner.cognitoActor.SignIn(ctx, clientId, user.UserName, "_")
if err != nil {
if errors.As(err, &resetRequired) {
log.Printf("\nUser '%v' is not in the Cognito user pool but was found in the DynamoDB known users table.\n"+
"User migration is started and a password reset is required.", user.UserName)
} else {
panic(err)
}
} else {
log.Printf("User '%v' successfully signed in. This is unexpected and probably means you have not\n"+
"cleaned up a previous run of this scenario, so the user exist in the Cognito user pool.\n"+
"You can continue this example and select to clean up resources, or manually remove\n"+
"the user from your user pool and try again.", user.UserName)
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
signedIn = true
}
}
log.Println(strings.Repeat("-", 88))
return resetRequired != nil, user
}
// ResetPassword starts a password recovery flow.
func (runner *MigrateUser) ResetPassword(ctx context.Context, clientId string, user actions.User) {
wantCode := runner.questioner.AskBool(fmt.Sprintf("In order to migrate the user to Cognito, you must be able to receive a confirmation\n"+
"code by email at %v. Do you want to send a code (y/n)?", user.UserEmail), "y")
if !wantCode {
log.Println("To complete this example and successfully migrate a user to Cognito, you must enter an email\n" +
"you own that can receive a confirmation code.")
return
}
codeDelivery, err := runner.cognitoActor.ForgotPassword(ctx, clientId, user.UserName)
if err != nil {
panic(err)
}
log.Printf("\nA confirmation code has been sent to %v.", *codeDelivery.Destination)
code := runner.questioner.Ask("Check your email and enter it here:")
confirmed := false
password := runner.questioner.AskPassword("\nEnter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
"(the password will not display as you type):", 8)
for !confirmed {
log.Printf("\nConfirming password reset for user '%v'.\n", user.UserName)
err = runner.cognitoActor.ConfirmForgotPassword(ctx, clientId, code, user.UserName, password)
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
password = runner.questioner.AskPassword("\nEnter another password:", 8)
} else {
panic(err)
}
} else {
confirmed = true
}
}
log.Printf("User '%v' successfully confirmed and migrated.\n", user.UserName)
log.Println("Signing in with your username and password...")
authResult, err := runner.cognitoActor.SignIn(ctx, clientId, user.UserName, password)
if err != nil {
panic(err)
}
log.Printf("Successfully signed in. Your access token starts with: %v...\n", (*authResult.AccessToken)[:10])
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
log.Println(strings.Repeat("-", 88))
}
// Run runs the scenario.
func (runner *MigrateUser) Run(ctx context.Context, stackName string) {
defer func() {
if r := recover(); r != nil {
log.Println("Something went wrong with the demo.")
runner.resources.Cleanup(ctx)
}
}()
log.Println(strings.Repeat("-", 88))
log.Printf("Welcome\n")
log.Println(strings.Repeat("-", 88))
stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
if err != nil {
panic(err)
}
runner.resources.userPoolId = stackOutputs["UserPoolId"]
runner.AddMigrateUserTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["MigrateUserFunctionArn"])
runner.resources.triggers = append(runner.resources.triggers, actions.UserMigration)
resetNeeded, user := runner.SignInUser(ctx, stackOutputs["TableName"], stackOutputs["UserPoolClientId"])
if resetNeeded {
runner.helper.ListRecentLogEvents(ctx, stackOutputs["MigrateUserFunction"])
runner.ResetPassword(ctx, stackOutputs["UserPoolClientId"], user)
}
runner.resources.Cleanup(ctx)
log.Println(strings.Repeat("-", 88))
log.Println("Thanks for watching!")
log.Println(strings.Repeat("-", 88))
}
```
Controle el desencadenador `MigrateUser` con una función de Lambda.
```
import (
"context"
"log"
"os"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
)
const TABLE_NAME = "TABLE_NAME"
// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
UserName string `dynamodbav:"UserName"`
UserEmail string `dynamodbav:"UserEmail"`
}
type handler struct {
dynamoClient *dynamodb.Client
}
// HandleRequest handles the MigrateUser event by looking up a user in an Amazon DynamoDB table and
// specifying whether they should be migrated to the user pool.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsMigrateUser) (events.CognitoEventUserPoolsMigrateUser, error) {
log.Printf("Received migrate trigger from %v for user '%v'", event.TriggerSource, event.UserName)
if event.TriggerSource != "UserMigration_Authentication" {
return event, nil
}
tableName := os.Getenv(TABLE_NAME)
user := UserInfo{
UserName: event.UserName,
}
log.Printf("Looking up user '%v' in table %v.\n", user.UserName, tableName)
filterEx := expression.Name("UserName").Equal(expression.Value(user.UserName))
expr, err := expression.NewBuilder().WithFilter(filterEx).Build()
if err != nil {
log.Printf("Error building expression to query for user '%v'.\n", user.UserName)
return event, err
}
output, err := h.dynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
FilterExpression: expr.Filter(),
ExpressionAttributeNames: expr.Names(),
ExpressionAttributeValues: expr.Values(),
})
if err != nil {
log.Printf("Error looking up user '%v'.\n", user.UserName)
return event, err
}
if len(output.Items) == 0 {
log.Printf("User '%v' not found, not migrating user.\n", user.UserName)
return event, err
}
var users []UserInfo
err = attributevalue.UnmarshalListOfMaps(output.Items, &users)
if err != nil {
log.Printf("Couldn't unmarshal DynamoDB items. Here's why: %v\n", err)
return event, err
}
user = users[0]
log.Printf("UserName '%v' found with email %v. User is migrated and must reset password.\n", user.UserName, user.UserEmail)
event.CognitoEventUserPoolsMigrateUserResponse.UserAttributes = map[string]string{
"email": user.UserEmail,
"email_verified": "true", // email_verified is required for the forgot password flow.
}
event.CognitoEventUserPoolsMigrateUserResponse.FinalUserStatus = "RESET_REQUIRED"
event.CognitoEventUserPoolsMigrateUserResponse.MessageAction = "SUPPRESS"
return event, err
}
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
log.Panicln(err)
}
h := handler{
dynamoClient: dynamodb.NewFromConfig(sdkConfig),
}
lambda.Start(h.HandleRequest)
}
```
Cree una estructura que lleve a cabo las tareas habituales.
```
import (
"context"
"log"
"strings"
"time"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
Pause(secs int)
GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
PopulateUserTable(ctx context.Context, tableName string)
GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
AddKnownUser(ctx context.Context, tableName string, user actions.User)
ListRecentLogEvents(ctx context.Context, functionName string)
}
// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
questioner demotools.IQuestioner
dynamoActor *actions.DynamoActions
cfnActor *actions.CloudFormationActions
cwlActor *actions.CloudWatchLogsActions
isTestRun bool
}
// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
scenario := ScenarioHelper{
questioner: questioner,
dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
}
return scenario
}
// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
if !helper.isTestRun {
time.Sleep(time.Duration(secs) * time.Second)
}
}
// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
return helper.cfnActor.GetOutputs(ctx, stackName), nil
}
// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
err := helper.dynamoActor.PopulateTable(ctx, tableName)
if err != nil {
panic(err)
}
}
// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
if err != nil {
log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
}
return knownUsers, err
}
// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
user.UserName, user.UserEmail)
err := helper.dynamoActor.AddUser(ctx, tableName, user)
if err != nil {
panic(err)
}
}
// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
helper.Pause(10)
log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
if err != nil {
panic(err)
}
log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
if err != nil {
panic(err)
}
for _, event := range events {
log.Printf("\t%v", *event.Message)
}
log.Println(strings.Repeat("-", 88))
}
```
Cree una estructura que ajuste las acciones de Amazon Cognito.
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
Cree una estructura que ajuste las acciones de DynamoDB.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
DynamoClient *dynamodb.Client
}
// User defines structured user data.
type User struct {
UserName string
UserEmail string
LastLogin *LoginInfo `dynamodbav:",omitempty"`
}
// LoginInfo defines structured custom login data.
type LoginInfo struct {
UserPoolId string
ClientId string
Time string
}
// UserList defines a list of users.
type UserList struct {
Users []User
}
// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
names := make([]string, len(users.Users))
for i := 0; i < len(users.Users); i++ {
names[i] = users.Users[i].UserName
}
return names
}
// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
var err error
var item map[string]types.AttributeValue
var writeReqs []types.WriteRequest
for i := 1; i < 4; i++ {
item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
if err != nil {
log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
return err
}
writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
}
_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
})
if err != nil {
log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
}
return err
}
// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
var userList UserList
output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
} else {
err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
if err != nil {
log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
}
}
return userList, err
}
// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
userItem, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
}
_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userItem,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
}
return err
}
```
Crea una estructura que abarque las acciones de CloudWatch Logs.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)
type CloudWatchLogsActions struct {
CwlClient *cloudwatchlogs.Client
}
// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
var logStream types.LogStream
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
Descending: aws.Bool(true),
Limit: aws.Int32(1),
LogGroupName: aws.String(logGroupName),
OrderBy: types.OrderByLastEventTime,
})
if err != nil {
log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
} else {
logStream = output.LogStreams[0]
}
return logStream, err
}
// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
[]types.OutputLogEvent, error) {
var events []types.OutputLogEvent
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
LogStreamName: aws.String(logStreamName),
Limit: aws.Int32(eventCount),
LogGroupName: aws.String(logGroupName),
})
if err != nil {
log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
} else {
events = output.Events
}
return events, err
}
```
Crea una estructura que agrupe las acciones. CloudFormation
```
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)
// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string
type CloudFormationActions struct {
CfnClient *cloudformation.Client
}
// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(stackName),
})
if err != nil || len(output.Stacks) == 0 {
log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
}
stackOutputs := StackOutputs{}
for _, out := range output.Stacks[0].Outputs {
stackOutputs[*out.OutputKey] = *out.OutputValue
}
return stackOutputs
}
```
Eliminación de recursos.
```
import (
"context"
"log"
"user_pools_and_lambda_triggers/actions"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
userPoolId string
userAccessTokens []string
triggers []actions.Trigger
cognitoActor *actions.CognitoActions
questioner demotools.IQuestioner
}
func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
resources.userAccessTokens = []string{}
resources.triggers = []actions.Trigger{}
resources.cognitoActor = cognitoActor
resources.questioner = questioner
}
// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
defer func() {
if r := recover(); r != nil {
log.Printf("Something went wrong during cleanup.\n%v\n", r)
log.Println("Use the AWS Management Console to remove any remaining resources \n" +
"that were created for this scenario.")
}
}()
wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
"during this demo (y/n)?", "y")
if wantDelete {
for _, accessToken := range resources.userAccessTokens {
err := resources.cognitoActor.DeleteUser(ctx, accessToken)
if err != nil {
log.Println("Couldn't delete user during cleanup.")
panic(err)
}
log.Println("Deleted user.")
}
triggerList := make([]actions.TriggerInfo, len(resources.triggers))
for i := 0; i < len(resources.triggers); i++ {
triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
}
err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
if err != nil {
log.Println("Couldn't update Cognito triggers during cleanup.")
panic(err)
}
log.Println("Removed Cognito triggers from user pool.")
} else {
log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
}
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para Go *.
+ [ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword)
+ [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
+ [ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword)
+ [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
+ [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)
+ [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Registrar un usuario con un grupo de usuarios de Amazon Cognito que requiera MFA mediante un SDK AWS
En el siguiente ejemplo de código, se muestra cómo:
+ Registre y confirme a un usuario con un nombre de usuario, una contraseña y una dirección de correo electrónico.
+ Configure la autenticación multifactor asociando una aplicación MFA al usuario.
+ Inicie sesión con una contraseña y un código MFA.
------
#### [ .NET ]
**SDK para .NET**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
namespace CognitoBasics;
public class CognitoBasics
{
private static ILogger logger = null!;
static async Task Main(string[] args)
{
// Set up dependency injection for Amazon Cognito.
using var host = Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
logging.AddFilter("System", LogLevel.Debug)
.AddFilter("Microsoft", LogLevel.Information)
.AddFilter("Microsoft", LogLevel.Trace))
.ConfigureServices((_, services) =>
services.AddAWSService()
.AddTransient()
)
.Build();
logger = LoggerFactory.Create(builder => { builder.AddConsole(); })
.CreateLogger();
var configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json") // Load settings from .json file.
.AddJsonFile("settings.local.json",
true) // Optionally load local settings.
.Build();
var cognitoWrapper = host.Services.GetRequiredService();
Console.WriteLine(new string('-', 80));
UiMethods.DisplayOverview();
Console.WriteLine(new string('-', 80));
// clientId - The app client Id value that you get from the AWS CDK script.
var clientId = configuration["ClientId"]; // "*** REPLACE WITH CLIENT ID VALUE FROM CDK SCRIPT";
// poolId - The pool Id that you get from the AWS CDK script.
var poolId = configuration["PoolId"]!; // "*** REPLACE WITH POOL ID VALUE FROM CDK SCRIPT";
var userName = configuration["UserName"];
var password = configuration["Password"];
var email = configuration["Email"];
// If the username wasn't set in the configuration file,
// get it from the user now.
if (userName is null)
{
do
{
Console.Write("Username: ");
userName = Console.ReadLine();
}
while (string.IsNullOrEmpty(userName));
}
Console.WriteLine($"\nUsername: {userName}");
// If the password wasn't set in the configuration file,
// get it from the user now.
if (password is null)
{
do
{
Console.Write("Password: ");
password = Console.ReadLine();
}
while (string.IsNullOrEmpty(password));
}
// If the email address wasn't set in the configuration file,
// get it from the user now.
if (email is null)
{
do
{
Console.Write("Email: ");
email = Console.ReadLine();
} while (string.IsNullOrEmpty(email));
}
// Now sign up the user.
Console.WriteLine($"\nSigning up {userName} with email address: {email}");
await cognitoWrapper.SignUpAsync(clientId, userName, password, email);
// Add the user to the user pool.
Console.WriteLine($"Adding {userName} to the user pool");
await cognitoWrapper.GetAdminUserAsync(userName, poolId);
UiMethods.DisplayTitle("Get confirmation code");
Console.WriteLine($"Conformation code sent to {userName}.");
Console.Write("Would you like to send a new code? (Y/N) ");
var answer = Console.ReadLine();
if (answer!.ToLower() == "y")
{
await cognitoWrapper.ResendConfirmationCodeAsync(clientId, userName);
Console.WriteLine("Sending a new confirmation code");
}
Console.Write("Enter confirmation code (from Email): ");
var code = Console.ReadLine();
await cognitoWrapper.ConfirmSignupAsync(clientId, code, userName);
UiMethods.DisplayTitle("Checking status");
Console.WriteLine($"Rechecking the status of {userName} in the user pool");
await cognitoWrapper.GetAdminUserAsync(userName, poolId);
Console.WriteLine($"Setting up authenticator for {userName} in the user pool");
var setupResponse = await cognitoWrapper.InitiateAuthAsync(clientId, userName, password);
var setupSession = await cognitoWrapper.AssociateSoftwareTokenAsync(setupResponse.Session);
Console.Write("Enter the 6-digit code displayed in Google Authenticator: ");
var setupCode = Console.ReadLine();
var setupResult = await cognitoWrapper.VerifySoftwareTokenAsync(setupSession, setupCode);
Console.WriteLine($"Setup status: {setupResult}");
Console.WriteLine($"Now logging in {userName} in the user pool");
var authSession = await cognitoWrapper.AdminInitiateAuthAsync(clientId, poolId, userName, password);
Console.Write("Enter a new 6-digit code displayed in Google Authenticator: ");
var authCode = Console.ReadLine();
var authResult = await cognitoWrapper.AdminRespondToAuthChallengeAsync(userName, clientId, authCode, authSession, poolId);
Console.WriteLine($"Authenticated and received access token: {authResult.AccessToken}");
Console.WriteLine(new string('-', 80));
Console.WriteLine("Cognito scenario is complete.");
Console.WriteLine(new string('-', 80));
}
}
using System.Net;
namespace CognitoActions;
///
/// Methods to perform Amazon Cognito Identity Provider actions.
///
public class CognitoWrapper
{
private readonly IAmazonCognitoIdentityProvider _cognitoService;
///
/// Constructor for the wrapper class containing Amazon Cognito actions.
///
/// The Amazon Cognito client object.
public CognitoWrapper(IAmazonCognitoIdentityProvider cognitoService)
{
_cognitoService = cognitoService;
}
///
/// List the Amazon Cognito user pools for an account.
///
/// A list of UserPoolDescriptionType objects.
public async Task> ListUserPoolsAsync()
{
var userPools = new List();
var userPoolsPaginator = _cognitoService.Paginators.ListUserPools(new ListUserPoolsRequest());
await foreach (var response in userPoolsPaginator.Responses)
{
userPools.AddRange(response.UserPools);
}
return userPools;
}
///
/// Get a list of users for the Amazon Cognito user pool.
///
/// The user pool ID.
/// A list of users.
public async Task> ListUsersAsync(string userPoolId)
{
var request = new ListUsersRequest
{
UserPoolId = userPoolId
};
var users = new List();
var usersPaginator = _cognitoService.Paginators.ListUsers(request);
await foreach (var response in usersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
///
/// Respond to an admin authentication challenge.
///
/// The name of the user.
/// The client ID.
/// The multi-factor authentication code.
/// The current application session.
/// The user pool ID.
/// The result of the authentication response.
public async Task AdminRespondToAuthChallengeAsync(
string userName,
string clientId,
string mfaCode,
string session,
string userPoolId)
{
Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated");
var challengeResponses = new Dictionary();
challengeResponses.Add("USERNAME", userName);
challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
var respondToAuthChallengeRequest = new AdminRespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA,
ClientId = clientId,
ChallengeResponses = challengeResponses,
Session = session,
UserPoolId = userPoolId,
};
var response = await _cognitoService.AdminRespondToAuthChallengeAsync(respondToAuthChallengeRequest);
Console.WriteLine($"Response to Authentication {response.AuthenticationResult.TokenType}");
return response.AuthenticationResult;
}
///
/// Verify the TOTP and register for MFA.
///
/// The name of the session.
/// The MFA code.
/// The status of the software token.
public async Task VerifySoftwareTokenAsync(string session, string code)
{
var tokenRequest = new VerifySoftwareTokenRequest
{
UserCode = code,
Session = session,
};
var verifyResponse = await _cognitoService.VerifySoftwareTokenAsync(tokenRequest);
return verifyResponse.Status;
}
///
/// Get an MFA token to authenticate the user with the authenticator.
///
/// The session name.
/// The session name.
public async Task AssociateSoftwareTokenAsync(string session)
{
var softwareTokenRequest = new AssociateSoftwareTokenRequest
{
Session = session,
};
var tokenResponse = await _cognitoService.AssociateSoftwareTokenAsync(softwareTokenRequest);
var secretCode = tokenResponse.SecretCode;
Console.WriteLine($"Use the following secret code to set up the authenticator: {secretCode}");
return tokenResponse.Session;
}
///
/// Initiate an admin auth request.
///
/// The client ID to use.
/// The ID of the user pool.
/// The username to authenticate.
/// The user's password.
/// The session to use in challenge-response.
public async Task AdminInitiateAuthAsync(string clientId, string userPoolId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var request = new AdminInitiateAuthRequest
{
ClientId = clientId,
UserPoolId = userPoolId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
};
var response = await _cognitoService.AdminInitiateAuthAsync(request);
return response.Session;
}
///
/// Initiate authorization.
///
/// The client Id of the application.
/// The name of the user who is authenticating.
/// The password for the user who is authenticating.
/// The response from the initiate auth request.
public async Task InitiateAuthAsync(string clientId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var authRequest = new InitiateAuthRequest
{
ClientId = clientId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
};
var response = await _cognitoService.InitiateAuthAsync(authRequest);
Console.WriteLine($"Result Challenge is : {response.ChallengeName}");
return response;
}
///
/// Confirm that the user has signed up.
///
/// The Id of this application.
/// The confirmation code sent to the user.
/// The username.
/// True if successful.
public async Task ConfirmSignupAsync(string clientId, string code, string userName)
{
var signUpRequest = new ConfirmSignUpRequest
{
ClientId = clientId,
ConfirmationCode = code,
Username = userName,
};
var response = await _cognitoService.ConfirmSignUpAsync(signUpRequest);
if (response.HttpStatusCode == HttpStatusCode.OK)
{
Console.WriteLine($"{userName} was confirmed");
return true;
}
return false;
}
///
/// Initiates and confirms tracking of the device.
///
/// The user's access token.
/// The key of the device from Amazon Cognito.
/// The device name.
///
public async Task ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName)
{
var request = new ConfirmDeviceRequest
{
AccessToken = accessToken,
DeviceKey = deviceKey,
DeviceName = deviceName
};
var response = await _cognitoService.ConfirmDeviceAsync(request);
return response.UserConfirmationNecessary;
}
///
/// Send a new confirmation code to a user.
///
/// The Id of the client application.
/// The username of user who will receive the code.
/// The delivery details.
public async Task ResendConfirmationCodeAsync(string clientId, string userName)
{
var codeRequest = new ResendConfirmationCodeRequest
{
ClientId = clientId,
Username = userName,
};
var response = await _cognitoService.ResendConfirmationCodeAsync(codeRequest);
Console.WriteLine($"Method of delivery is {response.CodeDeliveryDetails.DeliveryMedium}");
return response.CodeDeliveryDetails;
}
///
/// Get the specified user from an Amazon Cognito user pool with administrator access.
///
/// The name of the user.
/// The Id of the Amazon Cognito user pool.
/// Async task.
public async Task GetAdminUserAsync(string userName, string poolId)
{
AdminGetUserRequest userRequest = new AdminGetUserRequest
{
Username = userName,
UserPoolId = poolId,
};
var response = await _cognitoService.AdminGetUserAsync(userRequest);
Console.WriteLine($"User status {response.UserStatus}");
return response.UserStatus;
}
///
/// Sign up a new user.
///
/// The client Id of the application.
/// The username to use.
/// The user's password.
/// The email address of the user.
/// A Boolean value indicating whether the user was confirmed.
public async Task SignUpAsync(string clientId, string userName, string password, string email)
{
var userAttrs = new AttributeType
{
Name = "email",
Value = email,
};
var userAttrsList = new List();
userAttrsList.Add(userAttrs);
var signUpRequest = new SignUpRequest
{
UserAttributes = userAttrsList,
Username = userName,
ClientId = clientId,
Password = password
};
var response = await _cognitoService.SignUpAsync(signUpRequest);
return response.HttpStatusCode == HttpStatusCode.OK;
}
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para .NET *.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ C\$1\$1 ]
**SDK para C\$1\$1**
Hay más información GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
//! Scenario that adds a user to an Amazon Cognito user pool.
/*!
\sa gettingStartedWithUserPools()
\param clientID: Client ID associated with an Amazon Cognito user pool.
\param userPoolID: An Amazon Cognito user pool ID.
\param clientConfig: Aws client configuration.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::gettingStartedWithUserPools(const Aws::String &clientID,
const Aws::String &userPoolID,
const Aws::Client::ClientConfiguration &clientConfig) {
printAsterisksLine();
std::cout
<< "Welcome to the Amazon Cognito example scenario."
<< std::endl;
printAsterisksLine();
std::cout
<< "This scenario will add a user to an Amazon Cognito user pool."
<< std::endl;
const Aws::String userName = askQuestion("Enter a new username: ");
const Aws::String password = askQuestion("Enter a new password: ");
const Aws::String email = askQuestion("Enter a valid email for the user: ");
std::cout << "Signing up " << userName << std::endl;
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
bool userExists = false;
do {
// 1. Add a user with a username, password, and email address.
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
} while (userExists);
printAsterisksLine();
std::cout << "Retrieving status of " << userName << " in the user pool."
<< std::endl;
// 2. Confirm that the user was added to the user pool.
if (!checkAdminUserStatus(userName, userPoolID, client)) {
return false;
}
std::cout << "A confirmation code was sent to " << email << "." << std::endl;
bool resend = askYesNoQuestion("Would you like to send a new code? (y/n) ");
if (resend) {
// Request a resend of the confirmation code to the email address. (ResendConfirmationCode)
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
printAsterisksLine();
{
// 4. Send the confirmation code that's received in the email. (ConfirmSignUp)
const Aws::String confirmationCode = askQuestion(
"Enter the confirmation code that was emailed: ");
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
std::cout << "Rechecking the status of " << userName << " in the user pool."
<< std::endl;
if (!checkAdminUserStatus(userName, userPoolID, client)) {
return false;
}
printAsterisksLine();
std::cout << "Initiating authorization using the username and password."
<< std::endl;
Aws::String session;
// 5. Initiate authorization with username and password. (AdminInitiateAuth)
if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) {
return false;
}
printAsterisksLine();
std::cout
<< "Starting setup of time-based one-time password (TOTP) multi-factor authentication (MFA)."
<< std::endl;
{
// 6. Request a setup key for one-time password (TOTP)
// multi-factor authentication (MFA). (AssociateSoftwareToken)
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
askQuestion("Type enter to continue...", alwaysTrueTest);
printAsterisksLine();
{
Aws::String userCode = askQuestion(
"Enter the 6 digit code displayed in the authenticator app: ");
// 7. Send the MFA code copied from an authenticator app. (VerifySoftwareToken)
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
printAsterisksLine();
std::cout << "You have completed the MFA authentication setup." << std::endl;
std::cout << "Now, sign in." << std::endl;
// 8. Initiate authorization again with username and password. (AdminInitiateAuth)
if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) {
return false;
}
Aws::String accessToken;
{
Aws::String mfaCode = askQuestion(
"Re-enter the 6 digit code displayed in the authenticator app: ");
// 9. Send a new MFA code copied from an authenticator app. (AdminRespondToAuthChallenge)
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
std::cout << "You have successfully added a user to Amazon Cognito."
<< std::endl;
}
if (askYesNoQuestion("Would you like to delete the user that you just added? (y/n) ")) {
// 10. Delete the user that you just added. (DeleteUser)
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
}
return true;
}
//! Routine which checks the user status in an Amazon Cognito user pool.
/*!
\sa checkAdminUserStatus()
\param userName: A username.
\param userPoolID: An Amazon Cognito user pool ID.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::checkAdminUserStatus(const Aws::String &userName,
const Aws::String &userPoolID,
const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) {
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
return outcome.IsSuccess();
}
//! Routine which starts authorization of an Amazon Cognito user.
//! This routine requires administrator credentials.
/*!
\sa adminInitiateAuthorization()
\param clientID: Client ID of tracked device.
\param userPoolID: An Amazon Cognito user pool ID.
\param userName: A username.
\param password: A password.
\param sessionResult: String to receive a session token.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::adminInitiateAuthorization(const Aws::String &clientID,
const Aws::String &userPoolID,
const Aws::String &userName,
const Aws::String &password,
Aws::String &sessionResult,
const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) {
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
return outcome.IsSuccess();
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para C\$1\$1 *.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ Java ]
**SDK para Java 2.x**
Hay más información GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthFlowType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeNameType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmSignUpRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.SignUpRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenResponse;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Scanner;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*
* TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS
* CDK) script provided in this GitHub repo at
* resources/cdk/cognito_scenario_user_pool_with_mfa.
*
* This code example performs the following operations:
*
* 1. Invokes the signUp method to sign up a user.
* 2. Invokes the adminGetUser method to get the user's confirmation status.
* 3. Invokes the ResendConfirmationCode method if the user requested another
* code.
* 4. Invokes the confirmSignUp method.
* 5. Invokes the AdminInitiateAuth to sign in. This results in being prompted
* to set up TOTP (time-based one-time password). (The response is
* “ChallengeName”: “MFA_SETUP”).
* 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private
* key. This can be used with Google Authenticator.
* 7. Invokes the VerifySoftwareToken method to verify the TOTP and register for
* MFA.
* 8. Invokes the AdminInitiateAuth to sign in again. This results in being
* prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
* 9. Invokes the AdminRespondToAuthChallenge to get back a token.
*/
public class CognitoMVP {
public static final String DASHES = new String(new char[80]).replace("\0", "-");
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
final String usage = """
Usage:
Where:
clientId - The app client Id value that you can get from the AWS CDK script.
poolId - The pool Id that you can get from the AWS CDK script.\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientId = args[0];
String poolId = args[1];
CognitoIdentityProviderClient identityProviderClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
System.out.println(DASHES);
System.out.println("Welcome to the Amazon Cognito example scenario.");
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("*** Enter your user name");
Scanner in = new Scanner(System.in);
String userName = in.nextLine();
System.out.println("*** Enter your password");
String password = in.nextLine();
System.out.println("*** Enter your email");
String email = in.nextLine();
System.out.println("1. Signing up " + userName);
signUp(identityProviderClient, clientId, userName, password, email);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("2. Getting " + userName + " in the user pool");
getAdminUser(identityProviderClient, userName, poolId);
System.out
.println("*** Conformation code sent to " + userName + ". Would you like to send a new code? (Yes/No)");
System.out.println(DASHES);
System.out.println(DASHES);
String ans = in.nextLine();
if (ans.compareTo("Yes") == 0) {
resendConfirmationCode(identityProviderClient, clientId, userName);
System.out.println("3. Sending a new confirmation code");
}
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("4. Enter confirmation code that was emailed");
String code = in.nextLine();
confirmSignUp(identityProviderClient, clientId, code, userName);
System.out.println("Rechecking the status of " + userName + " in the user pool");
getAdminUser(identityProviderClient, userName, poolId);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("5. Invokes the initiateAuth to sign in");
AdminInitiateAuthResponse authResponse = initiateAuth(identityProviderClient, clientId, userName, password,
poolId);
String mySession = authResponse.session();
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("6. Invokes the AssociateSoftwareToken method to generate a TOTP key");
String newSession = getSecretForAppMFA(identityProviderClient, mySession);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("*** Enter the 6-digit code displayed in Google Authenticator");
String myCode = in.nextLine();
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("7. Verify the TOTP and register for MFA");
verifyTOTP(identityProviderClient, newSession, myCode);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("8. Re-enter a 6-digit code displayed in Google Authenticator");
String mfaCode = in.nextLine();
AdminInitiateAuthResponse authResponse1 = initiateAuth(identityProviderClient, clientId, userName, password,
poolId);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("9. Invokes the AdminRespondToAuthChallenge");
String session2 = authResponse1.session();
adminRespondToAuthChallenge(identityProviderClient, userName, clientId, mfaCode, session2);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("All Amazon Cognito operations were successfully performed");
System.out.println(DASHES);
}
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK for Java 2.x *.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ JavaScript ]
**SDK para JavaScript (v3)**
Hay más información. GitHub Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/scenarios/basic#code-examples).
Para obtener la mejor experiencia, clone el GitHub repositorio y ejecute este ejemplo. El código siguiente es una muestra de la aplicación de ejemplo completa.
```
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { signUp } from "../../../actions/sign-up.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getSecondValuesFromEntries } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
const validateClient = (clientId) => {
if (!clientId) {
throw new Error(
`App client id is missing. Did you run 'create-user-pool'?`,
);
}
};
const validateUser = (username, password, email) => {
if (!(username && password && email)) {
throw new Error(
`Username, password, and email must be provided as arguments to the 'sign-up' command.`,
);
}
};
const signUpHandler = async (commands) => {
const [_, username, password, email] = commands;
try {
validateUser(username, password, email);
/**
* @type {string[]}
*/
const values = getSecondValuesFromEntries(FILE_USER_POOLS);
const clientId = values[0];
validateClient(clientId);
logger.log("Signing up.");
await signUp({ clientId, username, password, email });
logger.log(`Signed up. A confirmation email has been sent to: ${email}.`);
logger.log(
`Run 'confirm-sign-up ${username} ' to confirm your account.`,
);
} catch (err) {
logger.error(err);
}
};
export { signUpHandler };
const signUp = ({ clientId, username, password, email }) => {
const client = new CognitoIdentityProviderClient({});
const command = new SignUpCommand({
ClientId: clientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
});
return client.send(command);
};
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { confirmSignUp } from "../../../actions/confirm-sign-up.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getSecondValuesFromEntries } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
const validateClient = (clientId) => {
if (!clientId) {
throw new Error(
`App client id is missing. Did you run 'create-user-pool'?`,
);
}
};
const validateUser = (username) => {
if (!username) {
throw new Error(
`Username name is missing. It must be provided as an argument to the 'confirm-sign-up' command.`,
);
}
};
const validateCode = (code) => {
if (!code) {
throw new Error(
`Verification code is missing. It must be provided as an argument to the 'confirm-sign-up' command.`,
);
}
};
const confirmSignUpHandler = async (commands) => {
const [_, username, code] = commands;
try {
validateUser(username);
validateCode(code);
/**
* @type {string[]}
*/
const values = getSecondValuesFromEntries(FILE_USER_POOLS);
const clientId = values[0];
validateClient(clientId);
logger.log("Confirming user.");
await confirmSignUp({ clientId, username, code });
logger.log(
`User confirmed. Run 'admin-initiate-auth ${username} ' to sign in.`,
);
} catch (err) {
logger.error(err);
}
};
export { confirmSignUpHandler };
const confirmSignUp = ({ clientId, username, code }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmSignUpCommand({
ClientId: clientId,
Username: username,
ConfirmationCode: code,
});
return client.send(command);
};
import qrcode from "qrcode-terminal";
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { adminInitiateAuth } from "../../../actions/admin-initiate-auth.js";
import { associateSoftwareToken } from "../../../actions/associate-software-token.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getFirstEntry } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
const handleMfaSetup = async (session, username) => {
const { SecretCode, Session } = await associateSoftwareToken(session);
// Store the Session for use with 'VerifySoftwareToken'.
process.env.SESSION = Session;
console.log(
"Scan this code in your preferred authenticator app, then run 'verify-software-token' to finish the setup.",
);
qrcode.generate(
`otpauth://totp/${username}?secret=${SecretCode}`,
{ small: true },
console.log,
);
};
const handleSoftwareTokenMfa = (session) => {
// Store the Session for use with 'AdminRespondToAuthChallenge'.
process.env.SESSION = session;
};
const validateClient = (id) => {
if (!id) {
throw new Error(
`User pool client id is missing. Did you run 'create-user-pool'?`,
);
}
};
const validateId = (id) => {
if (!id) {
throw new Error(`User pool id is missing. Did you run 'create-user-pool'?`);
}
};
const validateUser = (username, password) => {
if (!(username && password)) {
throw new Error(
`Username and password must be provided as arguments to the 'admin-initiate-auth' command.`,
);
}
};
const adminInitiateAuthHandler = async (commands) => {
const [_, username, password] = commands;
try {
validateUser(username, password);
const [userPoolId, clientId] = getFirstEntry(FILE_USER_POOLS);
validateId(userPoolId);
validateClient(clientId);
logger.log("Signing in.");
const { ChallengeName, Session } = await adminInitiateAuth({
clientId,
userPoolId,
username,
password,
});
if (ChallengeName === "MFA_SETUP") {
logger.log("MFA setup is required.");
return handleMfaSetup(Session, username);
}
if (ChallengeName === "SOFTWARE_TOKEN_MFA") {
handleSoftwareTokenMfa(Session);
logger.log(`Run 'admin-respond-to-auth-challenge ${username} '`);
}
} catch (err) {
logger.error(err);
}
};
export { adminInitiateAuthHandler };
const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminInitiateAuthCommand({
ClientId: clientId,
UserPoolId: userPoolId,
AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
AuthParameters: { USERNAME: username, PASSWORD: password },
});
return client.send(command);
};
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { adminRespondToAuthChallenge } from "../../../actions/admin-respond-to-auth-challenge.js";
import { getFirstEntry } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
import { FILE_USER_POOLS } from "./constants.js";
const verifyUsername = (username) => {
if (!username) {
throw new Error(
`Username is missing. It must be provided as an argument to the 'admin-respond-to-auth-challenge' command.`,
);
}
};
const verifyTotp = (totp) => {
if (!totp) {
throw new Error(
`Time-based one-time password (TOTP) is missing. It must be provided as an argument to the 'admin-respond-to-auth-challenge' command.`,
);
}
};
const storeAccessToken = (token) => {
process.env.AccessToken = token;
};
const adminRespondToAuthChallengeHandler = async (commands) => {
const [_, username, totp] = commands;
try {
verifyUsername(username);
verifyTotp(totp);
const [userPoolId, clientId] = getFirstEntry(FILE_USER_POOLS);
const session = process.env.SESSION;
const { AuthenticationResult } = await adminRespondToAuthChallenge({
clientId,
userPoolId,
username,
totp,
session,
});
storeAccessToken(AuthenticationResult.AccessToken);
logger.log("Successfully authenticated.");
} catch (err) {
logger.error(err);
}
};
export { adminRespondToAuthChallengeHandler };
const respondToAuthChallenge = ({
clientId,
username,
session,
userPoolId,
code,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new RespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: code,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { verifySoftwareToken } from "../../../actions/verify-software-token.js";
const validateTotp = (totp) => {
if (!totp) {
throw new Error(
`Time-based one-time password (TOTP) must be provided to the 'validate-software-token' command.`,
);
}
};
const verifySoftwareTokenHandler = async (commands) => {
const [_, totp] = commands;
try {
validateTotp(totp);
logger.log("Verifying TOTP.");
await verifySoftwareToken(totp);
logger.log("TOTP Verified. Run 'admin-initiate-auth' again to sign-in.");
} catch (err) {
logger.error(err);
}
};
export { verifySoftwareTokenHandler };
const verifySoftwareToken = (totp) => {
const client = new CognitoIdentityProviderClient({});
// The 'Session' is provided in the response to 'AssociateSoftwareToken'.
const session = process.env.SESSION;
if (!session) {
throw new Error(
"Missing a valid Session. Did you run 'admin-initiate-auth'?",
);
}
const command = new VerifySoftwareTokenCommand({
Session: session,
UserCode: totp,
});
return client.send(command);
};
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para JavaScript *.
+ [AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)
+ [ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)
+ [ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)
+ [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)
+ [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)
+ [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)
------
#### [ Kotlin ]
**SDK para Kotlin**
Hay más información GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
/**
Before running this Kotlin code example, set up your development environment, including your credentials.
For more information, see the following documentation:
https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html
TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS CDK) script provided in this GitHub repo at resources/cdk/cognito_scenario_user_pool_with_mfa.
This code example performs the following operations:
1. Invokes the signUp method to sign up a user.
2. Invokes the adminGetUser method to get the user's confirmation status.
3. Invokes the ResendConfirmationCode method if the user requested another code.
4. Invokes the confirmSignUp method.
5. Invokes the initiateAuth to sign in. This results in being prompted to set up TOTP (time-based one-time password). (The response is “ChallengeName”: “MFA_SETUP”).
6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private key. This can be used with Google Authenticator.
7. Invokes the VerifySoftwareToken method to verify the TOTP and register for MFA.
8. Invokes the AdminInitiateAuth to sign in again. This results in being prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
9. Invokes the AdminRespondToAuthChallenge to get back a token.
*/
suspend fun main(args: Array) {
val usage = """
Usage:
Where:
clientId - The app client Id value that you can get from the AWS CDK script.
poolId - The pool Id that you can get from the AWS CDK script.
"""
if (args.size != 2) {
println(usage)
exitProcess(1)
}
val clientId = args[0]
val poolId = args[1]
// Use the console to get data from the user.
println("*** Enter your use name")
val inOb = Scanner(System.`in`)
val userName = inOb.nextLine()
println(userName)
println("*** Enter your password")
val password: String = inOb.nextLine()
println("*** Enter your email")
val email = inOb.nextLine()
println("*** Signing up $userName")
signUp(clientId, userName, password, email)
println("*** Getting $userName in the user pool")
getAdminUser(userName, poolId)
println("*** Conformation code sent to $userName. Would you like to send a new code? (Yes/No)")
val ans = inOb.nextLine()
if (ans.compareTo("Yes") == 0) {
println("*** Sending a new confirmation code")
resendConfirmationCode(clientId, userName)
}
println("*** Enter the confirmation code that was emailed")
val code = inOb.nextLine()
confirmSignUp(clientId, code, userName)
println("*** Rechecking the status of $userName in the user pool")
getAdminUser(userName, poolId)
val authResponse = checkAuthMethod(clientId, userName, password, poolId)
val mySession = authResponse.session
val newSession = getSecretForAppMFA(mySession)
println("*** Enter the 6-digit code displayed in Google Authenticator")
val myCode = inOb.nextLine()
// Verify the TOTP and register for MFA.
verifyTOTP(newSession, myCode)
println("*** Re-enter a 6-digit code displayed in Google Authenticator")
val mfaCode: String = inOb.nextLine()
val authResponse1 = checkAuthMethod(clientId, userName, password, poolId)
val session2 = authResponse1.session
adminRespondToAuthChallenge(userName, clientId, mfaCode, session2)
}
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para Kotlin*.
+ [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ConfirmDevice](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [InitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [RespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
------
#### [ Python ]
**SDK para Python (Boto3)**
Hay más información GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Cree una clase que incluya las funciones de Amazon Cognito que se utilizan en el escenario.
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def _secret_hash(self, user_name):
"""
Calculates a secret hash from a user name and a client secret.
:param user_name: The user name to use when calculating the hash.
:return: The secret hash.
"""
key = self.client_secret.encode()
msg = bytes(user_name + self.client_id, "utf-8")
secret_hash = base64.b64encode(
hmac.new(key, msg, digestmod=hashlib.sha256).digest()
).decode()
logger.info("Made secret hash for %s: %s.", user_name, secret_hash)
return secret_hash
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
def resend_confirmation(self, user_name):
"""
Prompts Amazon Cognito to resend an email with a new confirmation code.
:param user_name: The name of the user who will receive the email.
:return: Delivery information about where the email is sent.
"""
try:
kwargs = {"ClientId": self.client_id, "Username": user_name}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.resend_confirmation_code(**kwargs)
delivery = response["CodeDeliveryDetails"]
except ClientError as err:
logger.error(
"Couldn't resend confirmation to %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return delivery
def confirm_user_sign_up(self, user_name, confirmation_code):
"""
Confirms a previously created user. A user must be confirmed before they
can sign in to Amazon Cognito.
:param user_name: The name of the user to confirm.
:param confirmation_code: The confirmation code sent to the user's registered
email address.
:return: True when the confirmation succeeds.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"ConfirmationCode": confirmation_code,
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
self.cognito_idp_client.confirm_sign_up(**kwargs)
except ClientError as err:
logger.error(
"Couldn't confirm sign up for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return True
def list_users(self):
"""
Returns a list of the users in the current user pool.
:return: The list of users.
"""
try:
response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id)
users = response["Users"]
except ClientError as err:
logger.error(
"Couldn't list users for %s. Here's why: %s: %s",
self.user_pool_id,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return users
def start_sign_in(self, user_name, password):
"""
Starts the sign-in process for a user by using administrator credentials.
This method of signing in is appropriate for code running on a secure server.
If the user pool is configured to require MFA and this is the first sign-in
for the user, Amazon Cognito returns a challenge response to set up an
MFA application. When this occurs, this function gets an MFA secret from
Amazon Cognito and returns it to the caller.
:param user_name: The name of the user to sign in.
:param password: The user's password.
:return: The result of the sign-in attempt. When sign-in is successful, this
returns an access token that can be used to get AWS credentials. Otherwise,
Amazon Cognito returns a challenge to set up an MFA application,
or a challenge to enter an MFA code from a registered MFA application.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"AuthFlow": "ADMIN_USER_PASSWORD_AUTH",
"AuthParameters": {"USERNAME": user_name, "PASSWORD": password},
}
if self.client_secret is not None:
kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name)
response = self.cognito_idp_client.admin_initiate_auth(**kwargs)
challenge_name = response.get("ChallengeName", None)
if challenge_name == "MFA_SETUP":
if (
"SOFTWARE_TOKEN_MFA"
in response["ChallengeParameters"]["MFAS_CAN_SETUP"]
):
response.update(self.get_mfa_secret(response["Session"]))
else:
raise RuntimeError(
"The user pool requires MFA setup, but the user pool is not "
"configured for TOTP MFA. This example requires TOTP MFA."
)
except ClientError as err:
logger.error(
"Couldn't start sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
def get_mfa_secret(self, session):
"""
Gets a token that can be used to associate an MFA application with the user.
:param session: Session information returned from a previous call to initiate
authentication.
:return: An MFA token that can be used to set up an MFA application.
"""
try:
response = self.cognito_idp_client.associate_software_token(Session=session)
except ClientError as err:
logger.error(
"Couldn't get MFA secret. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
def verify_mfa(self, session, user_code):
"""
Verify a new MFA application that is associated with a user.
:param session: Session information returned from a previous call to initiate
authentication.
:param user_code: A code generated by the associated MFA application.
:return: Status that indicates whether the MFA application is verified.
"""
try:
response = self.cognito_idp_client.verify_software_token(
Session=session, UserCode=user_code
)
except ClientError as err:
logger.error(
"Couldn't verify MFA. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
def respond_to_mfa_challenge(self, user_name, session, mfa_code):
"""
Responds to a challenge for an MFA code. This completes the second step of
a two-factor sign-in. When sign-in is successful, it returns an access token
that can be used to get AWS credentials from Amazon Cognito.
:param user_name: The name of the user who is signing in.
:param session: Session information returned from a previous call to initiate
authentication.
:param mfa_code: A code generated by the associated MFA application.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": session,
"ChallengeResponses": {
"USERNAME": user_name,
"SOFTWARE_TOKEN_MFA_CODE": mfa_code,
},
}
if self.client_secret is not None:
kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash(
user_name
)
response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs)
auth_result = response["AuthenticationResult"]
except ClientError as err:
if err.response["Error"]["Code"] == "ExpiredCodeException":
logger.warning(
"Your MFA code has expired or has been used already. You might have "
"to wait a few seconds until your app shows you a new code."
)
else:
logger.error(
"Couldn't respond to mfa challenge for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_result
def confirm_mfa_device(
self,
user_name,
device_key,
device_group_key,
device_password,
access_token,
aws_srp,
):
"""
Confirms an MFA device to be tracked by Amazon Cognito. When a device is
tracked, its key and password can be used to sign in without requiring a new
MFA code from the MFA application.
:param user_name: The user that is associated with the device.
:param device_key: The key of the device, returned by Amazon Cognito.
:param device_group_key: The group key of the device, returned by Amazon Cognito.
:param device_password: The password that is associated with the device.
:param access_token: The user's access token.
:param aws_srp: A class that helps with Secure Remote Password (SRP)
calculations. The scenario associated with this example uses
the warrant package.
:return: True when the user must confirm the device. Otherwise, False. When
False, the device is automatically confirmed and tracked.
"""
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
device_and_pw = f"{device_group_key}{device_key}:{device_password}"
device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8"))
salt = aws_srp.pad_hex(aws_srp.get_random(16))
x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash))
verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n))
device_secret_verifier_config = {
"PasswordVerifier": base64.standard_b64encode(
bytearray.fromhex(verifier)
).decode("utf-8"),
"Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"),
}
try:
response = self.cognito_idp_client.confirm_device(
AccessToken=access_token,
DeviceKey=device_key,
DeviceSecretVerifierConfig=device_secret_verifier_config,
)
user_confirm = response["UserConfirmationNecessary"]
except ClientError as err:
logger.error(
"Couldn't confirm mfa device %s. Here's why: %s: %s",
device_key,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return user_confirm
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
Crear una clase que ejecute el escenario. En este ejemplo, también se registra un dispositivo MFA del que Amazon Cognito realiza un seguimiento y se muestra cómo iniciar sesión con una contraseña y la información del dispositivo del que se realiza el seguimiento. Esto evita la necesidad de introducir un nuevo código de MFA.
```
def run_scenario(cognito_idp_client, user_pool_id, client_id):
logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s")
print("-" * 88)
print("Welcome to the Amazon Cognito user signup with MFA demo.")
print("-" * 88)
cog_wrapper = CognitoIdentityProviderWrapper(
cognito_idp_client, user_pool_id, client_id
)
user_name = q.ask("Let's sign up a new user. Enter a user name: ", q.non_empty)
password = q.ask("Enter a password for the user: ", q.non_empty)
email = q.ask("Enter a valid email address that you own: ", q.non_empty)
confirmed = cog_wrapper.sign_up_user(user_name, password, email)
while not confirmed:
print(
f"User {user_name} requires confirmation. Check {email} for "
f"a verification code."
)
confirmation_code = q.ask("Enter the confirmation code from the email: ")
if not confirmation_code:
if q.ask("Do you need another confirmation code (y/n)? ", q.is_yesno):
delivery = cog_wrapper.resend_confirmation(user_name)
print(
f"Confirmation code sent by {delivery['DeliveryMedium']} "
f"to {delivery['Destination']}."
)
else:
confirmed = cog_wrapper.confirm_user_sign_up(user_name, confirmation_code)
print(f"User {user_name} is confirmed and ready to use.")
print("-" * 88)
print("Let's get a list of users in the user pool.")
q.ask("Press Enter when you're ready.")
users = cog_wrapper.list_users()
if users:
print(f"Found {len(users)} users:")
pp(users)
else:
print("No users found.")
print("-" * 88)
print("Let's sign in and get an access token.")
auth_tokens = None
challenge = "ADMIN_USER_PASSWORD_AUTH"
response = {}
while challenge is not None:
if challenge == "ADMIN_USER_PASSWORD_AUTH":
response = cog_wrapper.start_sign_in(user_name, password)
challenge = response["ChallengeName"]
elif response["ChallengeName"] == "MFA_SETUP":
print("First, we need to set up an MFA application.")
qr_img = qrcode.make(
f"otpauth://totp/{user_name}?secret={response['SecretCode']}"
)
qr_img.save("qr.png")
q.ask(
"Press Enter to see a QR code on your screen. Scan it into an MFA "
"application, such as Google Authenticator."
)
webbrowser.open("qr.png")
mfa_code = q.ask(
"Enter the verification code from your MFA application: ", q.non_empty
)
response = cog_wrapper.verify_mfa(response["Session"], mfa_code)
print(f"MFA device setup {response['Status']}")
print("Now that an MFA application is set up, let's sign in again.")
print(
"You might have to wait a few seconds for a new MFA code to appear in "
"your MFA application."
)
challenge = "ADMIN_USER_PASSWORD_AUTH"
elif response["ChallengeName"] == "SOFTWARE_TOKEN_MFA":
auth_tokens = None
while auth_tokens is None:
mfa_code = q.ask(
"Enter a verification code from your MFA application: ", q.non_empty
)
auth_tokens = cog_wrapper.respond_to_mfa_challenge(
user_name, response["Session"], mfa_code
)
print(f"You're signed in as {user_name}.")
print("Here's your access token:")
pp(auth_tokens["AccessToken"])
print("And your device information:")
pp(auth_tokens["NewDeviceMetadata"])
challenge = None
else:
raise Exception(f"Got unexpected challenge {response['ChallengeName']}")
print("-" * 88)
device_group_key = auth_tokens["NewDeviceMetadata"]["DeviceGroupKey"]
device_key = auth_tokens["NewDeviceMetadata"]["DeviceKey"]
device_password = base64.standard_b64encode(os.urandom(40)).decode("utf-8")
print("Let's confirm your MFA device so you don't have re-enter MFA tokens for it.")
q.ask("Press Enter when you're ready.")
cog_wrapper.confirm_mfa_device(
user_name,
device_key,
device_group_key,
device_password,
auth_tokens["AccessToken"],
aws_srp,
)
print(f"Your device {device_key} is confirmed.")
print("-" * 88)
print(
f"Now let's sign in as {user_name} from your confirmed device {device_key}.\n"
f"Because this device is tracked by Amazon Cognito, you won't have to re-enter an MFA code."
)
q.ask("Press Enter when ready.")
auth_tokens = cog_wrapper.sign_in_with_tracked_device(
user_name, password, device_key, device_group_key, device_password, aws_srp
)
print("You're signed in. Your access token is:")
pp(auth_tokens["AccessToken"])
print("-" * 88)
print("Don't forget to delete your user pool when you're done with this example.")
print("\nThanks for watching!")
print("-" * 88)
def main():
parser = argparse.ArgumentParser(
description="Shows how to sign up a new user with Amazon Cognito and associate "
"the user with an MFA application for multi-factor authentication."
)
parser.add_argument(
"user_pool_id", help="The ID of the user pool to use for the example."
)
parser.add_argument(
"client_id", help="The ID of the client application to use for the example."
)
args = parser.parse_args()
try:
run_scenario(boto3.client("cognito-idp"), args.user_pool_id, args.client_id)
except Exception:
logging.exception("Something went wrong with the demo.")
if __name__ == "__main__":
main()
```
+ Para obtener información sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para Python (Boto3)*.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ Swift ]
**SDK para Swift**
Hay más información GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
El archivo `Package.swift`.
```
// swift-tools-version: 5.9
//
// The swift-tools-version declares the minimum version of Swift required to
// build this package.
import PackageDescription
let package = Package(
name: "cognito-scenario",
// Let Xcode know the minimum Apple platforms supported.
platforms: [
.macOS(.v13),
.iOS(.v15)
],
dependencies: [
// Dependencies declare other packages that this package depends on.
.package(
url: "https://github.com/awslabs/aws-sdk-swift",
from: "1.0.0"),
.package(
url: "https://github.com/apple/swift-argument-parser.git",
branch: "main"
)
],
targets: [
// Targets are the basic building blocks of a package, defining a module or a test suite.
// Targets can depend on other targets in this package and products
// from dependencies.
.executableTarget(
name: "cognito-scenario",
dependencies: [
.product(name: "AWSCognitoIdentityProvider", package: "aws-sdk-swift"),
.product(name: "ArgumentParser", package: "swift-argument-parser")
],
path: "Sources")
]
)
```
El archivo de código de Swift.
```
// An example demonstrating various features of Amazon Cognito. Before running
// this Swift code example, set up your development environment, including
// your credentials.
//
// For more information, see the following documentation:
// https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html
//
// TIP: To set up the required user pool, run the AWS Cloud Development Kit
// (AWS CDK) script provided in this GitHub repo at
// resources/cdk/cognito_scenario_user_pool_with_mfa.
//
// This example performs the following functions:
//
// 1. Invokes the signUp method to sign up a user.
// 2. Invokes the adminGetUser method to get the user's confirmation status.
// 3. Invokes the ResendConfirmationCode method if the user requested another
// code.
// 4. Invokes the confirmSignUp method.
// 5. Invokes the initiateAuth to sign in. This results in being prompted to
// set up TOTP (time-based one-time password). (The response is
// “ChallengeName”: “MFA_SETUP”).
// 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private
// key. This can be used with Google Authenticator.
// 7. Invokes the VerifySoftwareToken method to verify the TOTP and register
// for MFA.
// 8. Invokes the AdminInitiateAuth to sign in again. This results in being
// prompted to submit a TOTP (Response: “ChallengeName”:
// “SOFTWARE_TOKEN_MFA”).
// 9. Invokes the AdminRespondToAuthChallenge to get back a token.
import ArgumentParser
import Foundation
import AWSClientRuntime
import AWSCognitoIdentityProvider
struct ExampleCommand: ParsableCommand {
@Argument(help: "The application clientId.")
var clientId: String
@Argument(help: "The user pool ID to use.")
var poolId: String
@Option(help: "Name of the Amazon Region to use")
var region = "us-east-1"
static var configuration = CommandConfiguration(
commandName: "cognito-scenario",
abstract: """
Demonstrates various features of Amazon Cognito.
""",
discussion: """
"""
)
/// Prompt for an input string of at least a minimum length.
///
/// - Parameters:
/// - prompt: The prompt string to display.
/// - minLength: The minimum number of characters to allow in the
/// response. Default value is 0.
///
/// - Returns: The entered string.
func stringRequest(_ prompt: String, minLength: Int = 1) -> String {
while true {
print(prompt, terminator: "")
let str = readLine()
guard let str else {
continue
}
if str.count >= minLength {
return str
} else {
print("*** Response must be at least \(minLength) character(s) long.")
}
}
}
/// Ask a yes/no question.
///
/// - Parameter prompt: A prompt string to print.
///
/// - Returns: `true` if the user answered "Y", otherwise `false`.
func yesNoRequest(_ prompt: String) -> Bool {
while true {
let answer = stringRequest(prompt).lowercased()
if answer == "y" || answer == "n" {
return answer == "y"
}
}
}
/// Get information about a specific user in a user pool.
///
/// - Parameters:
/// - cipClient: The Amazon Cognito Identity Provider client to use.
/// - userName: The user to retrieve information about.
/// - userPoolId: The user pool to search for the specified user.
///
/// - Returns: `true` if the user's information was successfully
/// retrieved. Otherwise returns `false`.
func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String,
userPoolId: String) async -> Bool {
do {
let output = try await cipClient.adminGetUser(
input: AdminGetUserInput(
userPoolId: userPoolId,
username: userName
)
)
guard let userStatus = output.userStatus else {
print("*** Unable to get the user's status.")
return false
}
print("User status: \(userStatus)")
return true
} catch {
return false
}
}
/// Create a new user in a user pool.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The ID of the app client to create a user for.
/// - userName: The username for the new user.
/// - password: The new user's password.
/// - email: The new user's email address.
///
/// - Returns: `true` if successful; otherwise `false`.
func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool {
let emailAttr = CognitoIdentityProviderClientTypes.AttributeType(
name: "email",
value: email
)
let userAttrsList = [emailAttr]
do {
_ = try await cipClient.signUp(
input: SignUpInput(
clientId: clientId,
password: password,
userAttributes: userAttrsList,
username: userName
)
)
print("=====> User \(userName) signed up.")
} catch _ as AWSCognitoIdentityProvider.UsernameExistsException {
print("*** The username \(userName) already exists. Please use a different one.")
return false
} catch let error as AWSCognitoIdentityProvider.InvalidPasswordException {
print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "").")
return false
} catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException {
print("*** Error: The specified client ID (\(clientId)) doesn't exist.")
return false
} catch {
print("*** Unexpected error: \(error)")
return false
}
return true
}
/// Requests a new confirmation code be sent to the given user's contact
/// method.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The application client ID.
/// - userName: The user to resend a code for.
///
/// - Returns: `true` if a new code was sent successfully, otherwise
/// `false`.
func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String) async -> Bool {
do {
let output = try await cipClient.resendConfirmationCode(
input: ResendConfirmationCodeInput(
clientId: clientId,
username: userName
)
)
guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else {
print("*** Unable to get the delivery method for the resent code.")
return false
}
print("=====> A new code has been sent by \(deliveryMedium)")
return true
} catch {
print("*** Unable to resend the confirmation code to user \(userName).")
return false
}
}
/// Submit a confirmation code for the specified user. This is the code as
/// entered by the user after they've received it by email or text
/// message.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The app client ID the user is signing up for.
/// - userName: The username of the user whose code is being sent.
/// - code: The user's confirmation code.
///
/// - Returns: `true` if the code was successfully confirmed; otherwise `false`.
func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, code: String) async -> Bool {
do {
_ = try await cipClient.confirmSignUp(
input: ConfirmSignUpInput(
clientId: clientId,
confirmationCode: code,
username: userName
)
)
print("=====> \(userName) has been confirmed.")
return true
} catch {
print("=====> \(userName)'s code was entered incorrectly.")
return false
}
}
/// Begin an authentication session.
///
/// - Parameters:
/// - cipClient: The `CongitoIdentityProviderClient` to use.
/// - clientId: The app client ID to use.
/// - userName: The username to check.
/// - password: The user's password.
/// - userPoolId: The user pool to use.
///
/// - Returns: The session token associated with this authentication
/// session.
func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, password: String,
userPoolId: String) async -> String? {
var authParams: [String: String] = [:]
authParams["USERNAME"] = userName
authParams["PASSWORD"] = password
do {
let output = try await cipClient.adminInitiateAuth(
input: AdminInitiateAuthInput(
authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth,
authParameters: authParams,
clientId: clientId,
userPoolId: userPoolId
)
)
guard let challengeName = output.challengeName else {
print("*** Invalid response from the auth service.")
return nil
}
print("=====> Response challenge is \(challengeName)")
return output.session
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return nil
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return nil
} catch {
print("*** An unexpected error occurred.")
return nil
}
}
/// Request and display an MFA secret token that the user should enter
/// into their authenticator to set it up for the user account.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - authSession: The authentication session to request an MFA secret
/// for.
///
/// - Returns: A string containing the MFA secret token that should be
/// entered into the authenticator software.
func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
do {
let output = try await cipClient.associateSoftwareToken(
input: AssociateSoftwareTokenInput(
session: authSession
)
)
guard let secretCode = output.secretCode else {
print("*** Unable to get the secret code")
return nil
}
print("=====> Enter this token into Google Authenticator: \(secretCode)")
return output.session
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return nil
} catch {
print("*** An unexpected error occurred getting the secret for the app's MFA.")
return nil
}
}
/// Confirm that the user's TOTP authenticator is configured correctly by
/// sending a code to it to check that it matches successfully.
///
/// - Parameters:
/// - cipClient: The `CongnitoIdentityProviderClient` to use.
/// - session: An authentication session previously returned by an
/// `associateSoftwareToken()` call.
/// - mfaCode: The 6-digit code currently displayed by the user's
/// authenticator, as provided by the user.
func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
do {
let output = try await cipClient.verifySoftwareToken(
input: VerifySoftwareTokenInput(
session: session,
userCode: mfaCode
)
)
guard let tokenStatus = output.status else {
print("*** Unable to get the token's status.")
return
}
print("=====> The token's status is: \(tokenStatus)")
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user has not been confirmed.")
return
} catch {
print("*** Error verifying the MFA token!")
return
}
}
/// Respond to the authentication challenge received from Cognito after
/// initiating an authentication session. This involves sending a current
/// MFA code to the service.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - userName: The user's username.
/// - clientId: The app client ID.
/// - userPoolId: The user pool to sign into.
/// - mfaCode: The 6-digit MFA code currently displayed by the user's
/// authenticator.
/// - session: The authentication session to continue processing.
func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String,
clientId: String, userPoolId: String, mfaCode: String,
session: String) async {
print("=====> SOFTWARE_TOKEN_MFA challenge is generated...")
var challengeResponsesOb: [String: String] = [:]
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
do {
let output = try await cipClient.adminRespondToAuthChallenge(
input: AdminRespondToAuthChallengeInput(
challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa,
challengeResponses: challengeResponsesOb,
clientId: clientId,
session: session,
userPoolId: userPoolId
)
)
guard let authenticationResult = output.authenticationResult else {
print("*** Unable to get authentication result.")
return
}
print("=====> Authentication result (JWTs are redacted):")
print(authenticationResult)
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return
} catch let error as NotAuthorizedException {
print("*** Unauthorized access. Reason: \(error.properties.message ?? "")")
} catch {
print("*** Error responding to the MFA challenge.")
return
}
}
/// Called by ``main()`` to run the bulk of the example.
func runAsync() async throws {
let config = try await CognitoIdentityProviderClient.CognitoIdentityProviderClientConfiguration(region: region)
let cipClient = CognitoIdentityProviderClient(config: config)
print("""
This example collects information about a user, then creates that user in the
specified user pool. Then, it enables Multi-Factor Authentication (MFA) for that
user by associating an authenticator application (such as Google Authenticator
or a password manager that supports TOTP). Then, the user uses a code from their
authenticator application to sign in.
""")
let userName = stringRequest("Please enter a new username: ")
let password = stringRequest("Enter a password: ")
let email = stringRequest("Enter your email address: ", minLength: 5)
// Submit the sign-up request to AWS.
print("==> Signing up user \(userName)...")
if await signUp(cipClient: cipClient, clientId: clientId,
userName: userName, password: password,
email: email) == false {
return
}
// Check the user's status. This time, it should come back "unconfirmed".
print("==> Getting the status of user \(userName) from the user pool (should be 'unconfirmed')...")
if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false {
return
}
// Ask the user if they want a replacement code sent, such as if the
// code hasn't arrived yet. If the user responds with a "yes," send a
// new code.
if yesNoRequest("==> A confirmation code was sent to \(userName). Would you like to send a new code (Y/N)? ") {
print("==> Sending a new confirmation code...")
if await resendConfirmationCode(cipClient: cipClient, clientId: clientId, userName: userName) == false {
return
}
}
// Ask the user to enter the confirmation code, then send it to Amazon
// Cognito to verify it.
let code = stringRequest("==> Enter the confirmation code sent to \(userName): ")
if await confirmSignUp(cipClient: cipClient, clientId: clientId, userName: userName, code: code) == false {
// The code didn't match. Your application may wish to offer to
// re-send the confirmation code here and try again.
return
}
// Check the user's status again. This time it should come back
// "confirmed".
print("==> Rechecking status of user \(userName) in the user pool (should be 'confirmed')...")
if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false {
return
}
// Check the challenge mode. Here, it should be "mfaSetup", indicating
// that the user needs to add MFA before using it. This returns a
// session that can be used to register MFA, or nil if an error occurs.
let authSession = await initiateAuth(cipClient: cipClient, clientId: clientId,
userName: userName, password: password,
userPoolId: poolId)
if authSession == nil {
return
}
// Ask Cognito for an MFA secret token that the user should enter into
// their authenticator software (such as Google Authenticator) or
// password manager to configure it for this user account. This
// returns a new session that should be used for the new stage of the
// authentication process.
let newSession = await getSecretForAppMFA(cipClient: cipClient, authSession: authSession)
if newSession == nil {
return
}
// Ask the user to enter the current 6-digit code displayed by their
// authenticator. Then verify that it matches the value expected for
// the session.
let mfaCode1 = stringRequest("==> Enter the 6-digit code displayed in your authenticator: ",
minLength: 6)
await verifyTOTP(cipClient: cipClient, session: newSession, mfaCode: mfaCode1)
// Ask the user to authenticate now that the authenticator has been
// configured. This creates a new session using the user's username
// and password as already entered.
print("\nNow starting the sign-in process for user \(userName)...\n")
let session2 = await initiateAuth(cipClient: cipClient, clientId: clientId,
userName: userName, password: password, userPoolId: poolId)
guard let session2 else {
return
}
// Now that we have a new auth session, `session2`, ask the user for a
// new 6-digit code from their authenticator, and send it to the auth
// session.
let mfaCode2 = stringRequest("==> Wait for your authenticator to show a new 6-digit code, then enter it: ",
minLength: 6)
await adminRespondToAuthChallenge(cipClient: cipClient, userName: userName,
clientId: clientId, userPoolId: poolId,
mfaCode: mfaCode2, session: session2)
}
}
/// The program's asynchronous entry point.
@main
struct Main {
static func main() async {
let args = Array(CommandLine.arguments.dropFirst())
do {
let command = try ExampleCommand.parse(args)
try await command.runAsync()
} catch {
ExampleCommand.exit(withError: error)
}
}
}
```
+ Para obtener información sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para Swift*.
+ [AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))
+ [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))
+ [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))
+ [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))
+ [ConfirmDevice](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmdevice(input:))
+ [ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))
+ [InitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/initiateauth(input:))
+ [ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))
+ [ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))
+ [RespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/respondtoauthchallenge(input:))
+ [SignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/signup(input:))
+ [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Uso de los grupos de identidades y los flujos de identidades de Amazon Cognito
El siguiente ejemplo de código muestra cómo crear una aplicación de demostración basada en web que muestre los flujos de autenticación de los grupos de identidades.
------
#### [ Python ]
**SDK para Python (Boto3)**
Podemos ver una aplicación de demostración basada en web que muestra los flujos de autenticación de los grupos de identidades de Amazon Cognito, lo que permite a los usuarios explorar de forma interactiva los flujos de autenticación básicos y mejorados con varios proveedores de identidad.
Para ver el código fuente completo y las instrucciones sobre cómo configurarlo y ejecutarlo, consulta el ejemplo completo en [ GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito/scenarios/identity_pools_example_demo).
**Servicios utilizados en este ejemplo**
+ Amazon Cognito Identity Provider
------
Para obtener una lista completa de las guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Escriba datos de actividad personalizados con una función Lambda tras la autenticación de usuarios de Amazon Cognito mediante un SDK AWS
En el siguiente ejemplo de código, se muestra cómo escribir datos de actividad personalizados con una función de Lambda tras la autenticación de usuarios de Amazon Cognito.
+ Utilice las funciones de administrador para añadir un usuario a un grupo de usuarios.
+ Configure un grupo de usuarios para que llame a una función de Lambda para el desencadenador `PostAuthentication`.
+ Inicie sesión con el nuevo usuario en Amazon Cognito.
+ La función Lambda escribe información personalizada en los CloudWatch registros y en una tabla de DynamoDB.
+ Obtenga y exhiba los datos personalizados de la tabla de DynamoDB y, a continuación, elimine los recursos.
------
#### [ Go ]
**SDK para Go V2**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples).
Ejecutar un escenario interactivo en un símbolo del sistema.
```
import (
"context"
"errors"
"log"
"strings"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// ActivityLog separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type ActivityLog struct {
helper IScenarioHelper
questioner demotools.IQuestioner
resources Resources
cognitoActor *actions.CognitoActions
}
// NewActivityLog constructs a new activity log runner.
func NewActivityLog(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) ActivityLog {
scenario := ActivityLog{
helper: helper,
questioner: questioner,
resources: Resources{},
cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
}
scenario.resources.init(scenario.cognitoActor, questioner)
return scenario
}
// AddUserToPool selects a user from the known users table and uses administrator credentials to add the user to the user pool.
func (runner *ActivityLog) AddUserToPool(ctx context.Context, userPoolId string, tableName string) (string, string) {
log.Println("To facilitate this example, let's add a user to the user pool using administrator privileges.")
users, err := runner.helper.GetKnownUsers(ctx, tableName)
if err != nil {
panic(err)
}
user := users.Users[0]
log.Printf("Adding known user %v to the user pool.\n", user.UserName)
err = runner.cognitoActor.AdminCreateUser(ctx, userPoolId, user.UserName, user.UserEmail)
if err != nil {
panic(err)
}
pwSet := false
password := runner.questioner.AskPassword("\nEnter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
"(the password will not display as you type):", 8)
for !pwSet {
log.Printf("\nSetting password for user '%v'.\n", user.UserName)
err = runner.cognitoActor.AdminSetUserPassword(ctx, userPoolId, user.UserName, password)
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
password = runner.questioner.AskPassword("\nEnter another password:", 8)
} else {
panic(err)
}
} else {
pwSet = true
}
}
log.Println(strings.Repeat("-", 88))
return user.UserName, password
}
// AddActivityLogTrigger adds a Lambda handler as an invocation target for the PostAuthentication trigger.
func (runner *ActivityLog) AddActivityLogTrigger(ctx context.Context, userPoolId string, activityLogArn string) {
log.Println("Let's add a Lambda function to handle the PostAuthentication trigger from Cognito.\n" +
"This trigger happens after a user is authenticated, and lets your function take action, such as logging\n" +
"the outcome.")
err := runner.cognitoActor.UpdateTriggers(
ctx, userPoolId,
actions.TriggerInfo{Trigger: actions.PostAuthentication, HandlerArn: aws.String(activityLogArn)})
if err != nil {
panic(err)
}
runner.resources.triggers = append(runner.resources.triggers, actions.PostAuthentication)
log.Printf("Lambda function %v added to user pool %v to handle PostAuthentication Cognito trigger.\n",
activityLogArn, userPoolId)
log.Println(strings.Repeat("-", 88))
}
// SignInUser signs in as the specified user.
func (runner *ActivityLog) SignInUser(ctx context.Context, clientId string, userName string, password string) {
log.Printf("Now we'll sign in user %v and check the results in the logs and the DynamoDB table.", userName)
runner.questioner.Ask("Press Enter when you're ready.")
authResult, err := runner.cognitoActor.SignIn(ctx, clientId, userName, password)
if err != nil {
panic(err)
}
log.Println("Sign in successful.",
"The PostAuthentication Lambda handler writes custom information to CloudWatch Logs.")
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
}
// GetKnownUserLastLogin gets the login info for a user from the Amazon DynamoDB table and displays it.
func (runner *ActivityLog) GetKnownUserLastLogin(ctx context.Context, tableName string, userName string) {
log.Println("The PostAuthentication handler also writes login data to the DynamoDB table.")
runner.questioner.Ask("Press Enter when you're ready to continue.")
users, err := runner.helper.GetKnownUsers(ctx, tableName)
if err != nil {
panic(err)
}
for _, user := range users.Users {
if user.UserName == userName {
log.Println("The last login info for the user in the known users table is:")
log.Printf("\t%+v", *user.LastLogin)
}
}
log.Println(strings.Repeat("-", 88))
}
// Run runs the scenario.
func (runner *ActivityLog) Run(ctx context.Context, stackName string) {
defer func() {
if r := recover(); r != nil {
log.Println("Something went wrong with the demo.")
runner.resources.Cleanup(ctx)
}
}()
log.Println(strings.Repeat("-", 88))
log.Printf("Welcome\n")
log.Println(strings.Repeat("-", 88))
stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
if err != nil {
panic(err)
}
runner.resources.userPoolId = stackOutputs["UserPoolId"]
runner.helper.PopulateUserTable(ctx, stackOutputs["TableName"])
userName, password := runner.AddUserToPool(ctx, stackOutputs["UserPoolId"], stackOutputs["TableName"])
runner.AddActivityLogTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["ActivityLogFunctionArn"])
runner.SignInUser(ctx, stackOutputs["UserPoolClientId"], userName, password)
runner.helper.ListRecentLogEvents(ctx, stackOutputs["ActivityLogFunction"])
runner.GetKnownUserLastLogin(ctx, stackOutputs["TableName"], userName)
runner.resources.Cleanup(ctx)
log.Println(strings.Repeat("-", 88))
log.Println("Thanks for watching!")
log.Println(strings.Repeat("-", 88))
}
```
Controle el desencadenador `PostAuthentication` con una función de Lambda.
```
import (
"context"
"fmt"
"log"
"os"
"time"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
const TABLE_NAME = "TABLE_NAME"
// LoginInfo defines structured login data that can be marshalled to a DynamoDB format.
type LoginInfo struct {
UserPoolId string `dynamodbav:"UserPoolId"`
ClientId string `dynamodbav:"ClientId"`
Time string `dynamodbav:"Time"`
}
// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
UserName string `dynamodbav:"UserName"`
UserEmail string `dynamodbav:"UserEmail"`
LastLogin LoginInfo `dynamodbav:"LastLogin"`
}
// GetKey marshals the user email value to a DynamoDB key format.
func (user UserInfo) GetKey() map[string]dynamodbtypes.AttributeValue {
userEmail, err := attributevalue.Marshal(user.UserEmail)
if err != nil {
panic(err)
}
return map[string]dynamodbtypes.AttributeValue{"UserEmail": userEmail}
}
type handler struct {
dynamoClient *dynamodb.Client
}
// HandleRequest handles the PostAuthentication event by writing custom data to the logs and
// to an Amazon DynamoDB table.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsPostAuthentication) (events.CognitoEventUserPoolsPostAuthentication, error) {
log.Printf("Received post authentication trigger from %v for user '%v'", event.TriggerSource, event.UserName)
tableName := os.Getenv(TABLE_NAME)
user := UserInfo{
UserName: event.UserName,
UserEmail: event.Request.UserAttributes["email"],
LastLogin: LoginInfo{
UserPoolId: event.UserPoolID,
ClientId: event.CallerContext.ClientID,
Time: time.Now().Format(time.UnixDate),
},
}
// Write to CloudWatch Logs.
fmt.Printf("%#v", user)
// Also write to an external system. This examples uses DynamoDB to demonstrate.
userMap, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshal to DynamoDB map. Here's why: %v\n", err)
} else if len(userMap) == 0 {
log.Printf("User info marshaled to an empty map.")
} else {
_, err := h.dynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userMap,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't write to DynamoDB. Here's why: %v\n", err)
} else {
log.Printf("Wrote user info to DynamoDB table %v.\n", tableName)
}
}
return event, nil
}
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
log.Panicln(err)
}
h := handler{
dynamoClient: dynamodb.NewFromConfig(sdkConfig),
}
lambda.Start(h.HandleRequest)
}
```
Cree una estructura que lleve a cabo las tareas habituales.
```
import (
"context"
"log"
"strings"
"time"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
Pause(secs int)
GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
PopulateUserTable(ctx context.Context, tableName string)
GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
AddKnownUser(ctx context.Context, tableName string, user actions.User)
ListRecentLogEvents(ctx context.Context, functionName string)
}
// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
questioner demotools.IQuestioner
dynamoActor *actions.DynamoActions
cfnActor *actions.CloudFormationActions
cwlActor *actions.CloudWatchLogsActions
isTestRun bool
}
// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
scenario := ScenarioHelper{
questioner: questioner,
dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
}
return scenario
}
// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
if !helper.isTestRun {
time.Sleep(time.Duration(secs) * time.Second)
}
}
// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
return helper.cfnActor.GetOutputs(ctx, stackName), nil
}
// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
err := helper.dynamoActor.PopulateTable(ctx, tableName)
if err != nil {
panic(err)
}
}
// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
if err != nil {
log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
}
return knownUsers, err
}
// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
user.UserName, user.UserEmail)
err := helper.dynamoActor.AddUser(ctx, tableName, user)
if err != nil {
panic(err)
}
}
// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
helper.Pause(10)
log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
if err != nil {
panic(err)
}
log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
if err != nil {
panic(err)
}
for _, event := range events {
log.Printf("\t%v", *event.Message)
}
log.Println(strings.Repeat("-", 88))
}
```
Cree una estructura que ajuste las acciones de Amazon Cognito.
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
Cree una estructura que ajuste las acciones de DynamoDB.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
DynamoClient *dynamodb.Client
}
// User defines structured user data.
type User struct {
UserName string
UserEmail string
LastLogin *LoginInfo `dynamodbav:",omitempty"`
}
// LoginInfo defines structured custom login data.
type LoginInfo struct {
UserPoolId string
ClientId string
Time string
}
// UserList defines a list of users.
type UserList struct {
Users []User
}
// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
names := make([]string, len(users.Users))
for i := 0; i < len(users.Users); i++ {
names[i] = users.Users[i].UserName
}
return names
}
// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
var err error
var item map[string]types.AttributeValue
var writeReqs []types.WriteRequest
for i := 1; i < 4; i++ {
item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
if err != nil {
log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
return err
}
writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
}
_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
})
if err != nil {
log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
}
return err
}
// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
var userList UserList
output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
} else {
err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
if err != nil {
log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
}
}
return userList, err
}
// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
userItem, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
}
_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userItem,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
}
return err
}
```
Crea una estructura que abarque las acciones de CloudWatch Logs.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)
type CloudWatchLogsActions struct {
CwlClient *cloudwatchlogs.Client
}
// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
var logStream types.LogStream
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
Descending: aws.Bool(true),
Limit: aws.Int32(1),
LogGroupName: aws.String(logGroupName),
OrderBy: types.OrderByLastEventTime,
})
if err != nil {
log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
} else {
logStream = output.LogStreams[0]
}
return logStream, err
}
// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
[]types.OutputLogEvent, error) {
var events []types.OutputLogEvent
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
LogStreamName: aws.String(logStreamName),
Limit: aws.Int32(eventCount),
LogGroupName: aws.String(logGroupName),
})
if err != nil {
log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
} else {
events = output.Events
}
return events, err
}
```
Crea una estructura que agrupe las acciones. CloudFormation
```
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)
// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string
type CloudFormationActions struct {
CfnClient *cloudformation.Client
}
// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(stackName),
})
if err != nil || len(output.Stacks) == 0 {
log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
}
stackOutputs := StackOutputs{}
for _, out := range output.Stacks[0].Outputs {
stackOutputs[*out.OutputKey] = *out.OutputValue
}
return stackOutputs
}
```
Eliminación de recursos.
```
import (
"context"
"log"
"user_pools_and_lambda_triggers/actions"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
userPoolId string
userAccessTokens []string
triggers []actions.Trigger
cognitoActor *actions.CognitoActions
questioner demotools.IQuestioner
}
func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
resources.userAccessTokens = []string{}
resources.triggers = []actions.Trigger{}
resources.cognitoActor = cognitoActor
resources.questioner = questioner
}
// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
defer func() {
if r := recover(); r != nil {
log.Printf("Something went wrong during cleanup.\n%v\n", r)
log.Println("Use the AWS Management Console to remove any remaining resources \n" +
"that were created for this scenario.")
}
}()
wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
"during this demo (y/n)?", "y")
if wantDelete {
for _, accessToken := range resources.userAccessTokens {
err := resources.cognitoActor.DeleteUser(ctx, accessToken)
if err != nil {
log.Println("Couldn't delete user during cleanup.")
panic(err)
}
log.Println("Deleted user.")
}
triggerList := make([]actions.TriggerInfo, len(resources.triggers))
for i := 0; i < len(resources.triggers); i++ {
triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
}
err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
if err != nil {
log.Println("Couldn't update Cognito triggers during cleanup.")
panic(err)
}
log.Println("Removed Cognito triggers from user pool.")
} else {
log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
}
}
```
+ Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK para Go *.
+ [AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)
+ [AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)
+ [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
+ [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
+ [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte. [Uso de este servicio con un SDK AWS](sdk-general-information-section.md) En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
# Ejemplos de código para Amazon Cognito Sync mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo utilizar Amazon Cognito Sync con un kit de desarrollo de AWS software (SDK).
Las *acciones* son extractos de código de programas más grandes y deben ejecutarse en contexto. Mientras las acciones muestran cómo llamar a las distintas funciones de servicio, es posible ver las acciones en contexto en los escenarios relacionados.
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.
**Contents**
+ [Conceptos básicos](service_code_examples_cognito-sync_basics.md)
+ [Acciones](service_code_examples_cognito-sync_actions.md)
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Ejemplos básicos de Amazon Cognito Sync mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo utilizar los aspectos básicos de Amazon Cognito Sync con. AWS SDKs
**Contents**
+ [Acciones](service_code_examples_cognito-sync_actions.md)
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Acciones para Amazon Cognito Sync mediante AWS SDKs
Los siguientes ejemplos de código muestran cómo realizar acciones individuales de Amazon Cognito Sync con. AWS SDKs Cada ejemplo incluye un enlace a GitHub, donde puede encontrar instrucciones para configurar y ejecutar el código.
Los siguientes ejemplos incluyen solo las acciones que se utilizan con mayor frecuencia. Para consultar la lista completa, vea la [Amazon Cognito Sync API Reference](https://docs.aws.amazon.com/cognitosync/latest/APIReference/Welcome.html) (Referencia de la API de Amazon Cognito Sync).
**Topics**
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# `ListIdentityPoolUsage`Úselo con un AWS SDK
En el siguiente ejemplo de código, se muestra cómo utilizar `ListIdentityPoolUsage`.
------
#### [ Rust ]
**SDK para Rust**
Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitosync#code-examples).
```
async fn show_pools(client: &Client) -> Result<(), Error> {
let response = client
.list_identity_pool_usage()
.max_results(10)
.send()
.await?;
let pools = response.identity_pool_usages();
println!("Identity pools:");
for pool in pools {
println!(
" Identity pool ID: {}",
pool.identity_pool_id().unwrap_or_default()
);
println!(
" Data storage: {}",
pool.data_storage().unwrap_or_default()
);
println!(
" Sync sessions count: {}",
pool.sync_sessions_count().unwrap_or_default()
);
println!(
" Last modified: {}",
pool.last_modified_date().unwrap().to_chrono_utc()?
);
println!();
}
println!("Next token: {}", response.next_token().unwrap_or_default());
Ok(())
}
```
+ Para obtener más información sobre la API, consulta [ListIdentityPoolUsage](https://docs.rs/aws-sdk-cognitosync/latest/aws_sdk_cognitosync/client/struct.Client.html#method.list_identity_pool_usage)la *referencia sobre la API de AWS SDK para Rust*.
------
Para obtener una lista completa de guías para desarrolladores del AWS SDK y ejemplos de código, consulte[Uso de este servicio con un SDK AWS](sdk-general-information-section.md). En este tema también se incluye información sobre cómo comenzar a utilizar el SDK y detalles sobre sus versiones anteriores.