Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
# Exemples de code pour Amazon Cognito à l'aide d'Amazon Cognito AWS SDKs
Les exemples de code suivants montrent comment utiliser Amazon Cognito avec un kit de développement AWS logiciel (SDK).
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit de développement logiciel (SDK).
**Contents**
+ [Amazon Cognito Identity](service_code_examples_cognito-identity.md)
+ [Principes de base](service_code_examples_cognito-identity_basics.md)
+ [Actions](service_code_examples_cognito-identity_actions.md)
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
+ [Scénarios](service_code_examples_cognito-identity_scenarios.md)
+ [Créer une application Amazon Textract Explorer](cognito-identity_example_cross_TextractExplorer_section.md)
+ [Fournisseur d’identité Amazon Cognito](service_code_examples_cognito-identity-provider.md)
+ [Principes de base](service_code_examples_cognito-identity-provider_basics.md)
+ [Bonjour Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [Actions](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
+ [Scénarios](service_code_examples_cognito-identity-provider_scenarios.md)
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Utiliser les pools d'identités Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md)
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
+ [Amazon Cognito Sync](service_code_examples_cognito-sync.md)
+ [Principes de base](service_code_examples_cognito-sync_basics.md)
+ [Actions](service_code_examples_cognito-sync_actions.md)
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Exemples de code pour Amazon Cognito Identity à l'aide d'Amazon Cognito Identity AWS SDKs
Les exemples de code suivants montrent comment utiliser Amazon Cognito Identity avec un kit de développement AWS logiciel (SDK).
Les *actions* sont des extraits de code de programmes plus larges et doivent être exécutées dans leur contexte. Alors que les actions vous indiquent comment appeler des fonctions de service individuelles, vous pouvez les voir en contexte dans leurs scénarios associés.
Les *scénarios* sont des exemples de code qui vous montrent comment accomplir des tâches spécifiques en appelant plusieurs fonctions au sein d’un même service ou combinés à d’autres Services AWS.
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
**Contents**
+ [Principes de base](service_code_examples_cognito-identity_basics.md)
+ [Actions](service_code_examples_cognito-identity_actions.md)
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
+ [Scénarios](service_code_examples_cognito-identity_scenarios.md)
+ [Créer une application Amazon Textract Explorer](cognito-identity_example_cross_TextractExplorer_section.md)
# Exemples de base pour l'utilisation d'Amazon Cognito Identity AWS SDKs
Les exemples de code suivants montrent comment utiliser les bases d'Amazon Cognito Identity avec. AWS SDKs
**Contents**
+ [Actions](service_code_examples_cognito-identity_actions.md)
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
# Actions pour Amazon Cognito Identity à l'aide d'Amazon Cognito Identity AWS SDKs
Les exemples de code suivants montrent comment effectuer des actions Amazon Cognito Identity individuelles avec. AWS SDKs Chaque exemple inclut un lien vers GitHub, où vous pouvez trouver des instructions pour configurer et exécuter le code.
Ces extraits appellent l’API Identité Amazon Cognito et sont des extraits de code de programmes de plus grande envergure qui doivent être exécutés en contexte. Vous pouvez voir les actions dans leur contexte dans [Scénarios d'utilisation d'Amazon Cognito Identity AWS SDKs](service_code_examples_cognito-identity_scenarios.md).
Les exemples suivants incluent uniquement les actions les plus couramment utilisées. Pour obtenir la liste complète, consultez [Amazon Cognito Identity API Reference](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/Welcome.html) (Référence de l’API Identité Amazon Cognito).
**Topics**
+ [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md)
+ [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md)
+ [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md)
+ [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md)
+ [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md)
+ [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md)
+ [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md)
+ [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md)
# Utilisation `CreateIdentityPool` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `CreateIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Pour créer une réserve d’identités avec le fournisseur de réserves d’identités Cognito**
Cet exemple crée un pool d'identités nommé MyIdentityPool. Il dispose d’un fournisseur de réserve d’identités Cognito. Les identités non authentifiées ne sont pas autorisées.
Commande :
```
aws cognito-identity create-identity-pool --identity-pool-name MyIdentityPool --no-allow-unauthenticated-identities --cognito-identity-providers ProviderName="cognito-idp.us-west-2.amazonaws.com/us-west-2_aaaaaaaaa",ClientId="3n4b5urk1ft4fl3mg5e62d9ado",ServerSideTokenCheck=false
```
Sortie :
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",
"ClientId": "3n4b5urk1ft4fl3mg5e62d9ado",
"ServerSideTokenCheck": false
}
]
}
```
+ Pour plus de détails sur l'API, reportez-vous [CreateIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/create-identity-pool.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolRequest;
import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateIdentityPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
identityPoolName - The name to give your identity pool.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String identityPoolName = args[0];
CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.build();
String identityPoolId = createIdPool(cognitoClient, identityPoolName);
System.out.println("Unity pool ID " + identityPoolId);
cognitoClient.close();
}
public static String createIdPool(CognitoIdentityClient cognitoClient, String identityPoolName) {
try {
CreateIdentityPoolRequest poolRequest = CreateIdentityPoolRequest.builder()
.allowUnauthenticatedIdentities(false)
.identityPoolName(identityPoolName)
.build();
CreateIdentityPoolResponse response = cognitoClient.createIdentityPool(poolRequest);
return response.identityPoolId();
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
}
```
+ Pour plus de détails sur l'API, voir [CreateIdentityPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/CreateIdentityPool)la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : crée un nouveau groupe d’identités qui autorise les identités non authentifiées.**
```
New-CGIIdentityPool -AllowUnauthenticatedIdentities $true -IdentityPoolName CommonTests13
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:56:07 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3
IdentityPoolName : CommonTests13
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 136
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [CreateIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : crée un nouveau groupe d’identités qui autorise les identités non authentifiées.**
```
New-CGIIdentityPool -AllowUnauthenticatedIdentities $true -IdentityPoolName CommonTests13
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:56:07 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3
IdentityPoolName : CommonTests13
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 136
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [CreateIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples).
```
import AWSCognitoIdentity
/// Create a new identity pool and return its ID.
///
/// - Parameters:
/// - name: The name to give the new identity pool.
///
/// - Returns: A string containing the newly created pool's ID, or `nil`
/// if an error occurred.
///
func createIdentityPool(name: String) async throws -> String? {
do {
let cognitoInputCall = CreateIdentityPoolInput(developerProviderName: "com.exampleco.CognitoIdentityDemo",
identityPoolName: name)
let result = try await cognitoIdentityClient.createIdentityPool(input: cognitoInputCall)
guard let poolId = result.identityPoolId else {
return nil
}
return poolId
} catch {
print("ERROR: createIdentityPool:", dump(error))
throw error
}
}
```
+ Pour plus d’informations, consultez [Guide du développeur du kit AWS SDK pour Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html).
+ Pour plus de détails sur l'API, reportez-vous [CreateIdentityPool](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/createidentitypool(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `DeleteIdentityPool` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `DeleteIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Pour supprimer une réserve d’identités**
L’exemple `delete-identity-pool` suivant supprime la réserve d’identités spécifiée.
Commande :
```
aws cognito-identity delete-identity-pool \
--identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111"
```
Cette commande ne produit aucune sortie.
+ Pour plus de détails sur l'API, reportez-vous [DeleteIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/delete-identity-pool.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.DeleteIdentityPoolRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class DeleteIdentityPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
identityPoolId - The Id value of your identity pool.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String identityPoold = args[0];
CognitoIdentityClient cognitoIdClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.credentialsProvider(ProfileCredentialsProvider.create())
.build();
deleteIdPool(cognitoIdClient, identityPoold);
cognitoIdClient.close();
}
public static void deleteIdPool(CognitoIdentityClient cognitoIdClient, String identityPoold) {
try {
DeleteIdentityPoolRequest identityPoolRequest = DeleteIdentityPoolRequest.builder()
.identityPoolId(identityPoold)
.build();
cognitoIdClient.deleteIdentityPool(identityPoolRequest);
System.out.println("Done");
} catch (AwsServiceException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, voir [DeleteIdentityPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/DeleteIdentityPool)la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : supprime un groupe d’identités spécifique.**
```
Remove-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
+ Pour plus de détails sur l'API, reportez-vous [DeleteIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : supprime un groupe d’identités spécifique.**
```
Remove-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
+ Pour plus de détails sur l'API, reportez-vous [DeleteIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples).
```
import AWSCognitoIdentity
/// Delete the specified identity pool.
///
/// - Parameters:
/// - id: The ID of the identity pool to delete.
///
func deleteIdentityPool(id: String) async throws {
do {
let input = DeleteIdentityPoolInput(
identityPoolId: id
)
_ = try await cognitoIdentityClient.deleteIdentityPool(input: input)
} catch {
print("ERROR: deleteIdentityPool:", dump(error))
throw error
}
}
```
+ Pour plus d’informations, consultez [Guide du développeur du kit AWS SDK pour Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html).
+ Pour plus de détails sur l'API, reportez-vous [DeleteIdentityPool](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/deleteidentitypool(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation de `DescribeIdentityPool` avec une CLI
Les exemples de code suivants illustrent comment utiliser `DescribeIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Pour décrire un groupe d’identités**
Cet exemple décrit un groupe d’identités.
Commande :
```
aws cognito-identity describe-identity-pool --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111"
```
Sortie :
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",
"ClientId": "3n4b5urk1ft4fl3mg5e62d9ado",
"ServerSideTokenCheck": false
}
]
}
```
+ Pour plus de détails sur l'API, reportez-vous [DescribeIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/describe-identity-pool.html)à la section *Référence des AWS CLI commandes*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : extrait les informations relatives à un groupe d’identités spécifique par son ID.**
```
Get-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:29:40 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : CommonTests1
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 142
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [DescribeIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : extrait les informations relatives à un groupe d’identités spécifique par son ID.**
```
Get-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:29:40 PM
AllowUnauthenticatedIdentities : True
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : CommonTests1
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 142
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [DescribeIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `GetCredentialsForIdentity` avec un AWS SDK
L'exemple de code suivant montre comment utiliser`GetCredentialsForIdentity`.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class GetIdentityCredentials {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
identityId - The Id of an existing identity in the format REGION:GUID.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String identityId = args[0];
CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.build();
getCredsForIdentity(cognitoClient, identityId);
cognitoClient.close();
}
public static void getCredsForIdentity(CognitoIdentityClient cognitoClient, String identityId) {
try {
GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = GetCredentialsForIdentityRequest
.builder()
.identityId(identityId)
.build();
GetCredentialsForIdentityResponse response = cognitoClient
.getCredentialsForIdentity(getCredentialsForIdentityRequest);
System.out.println(
"Identity ID " + response.identityId() + ", Access key ID " + response.credentials().accessKeyId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, voir [GetCredentialsForIdentity](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/GetCredentialsForIdentity)la section *Référence des AWS SDK for Java 2.x API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation de `GetIdentityPoolRoles` avec une CLI
Les exemples de code suivants illustrent comment utiliser `GetIdentityPoolRoles`.
------
#### [ CLI ]
**AWS CLI**
**Pour obtenir des rôles du groupe d’identités**
Cet exemple répertorie les rôles du groupe d’identités.
Commande :
```
aws cognito-identity get-identity-pool-roles --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111"
```
Sortie :
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"Roles": {
"authenticated": "arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolAuth_Role",
"unauthenticated": "arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolUnauth_Role"
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [GetIdentityPoolRoles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/get-identity-pool-roles.html)à la section *Référence des AWS CLI commandes*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : obtient les informations sur les rôles pour un groupe d’identités spécifique.**
```
Get-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:33:51 PM
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
Roles : {[unauthenticated, arn:aws:iam::123456789012:role/CommonTests1Role]}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 165
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [GetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : obtient les informations sur les rôles pour un groupe d’identités spécifique.**
```
Get-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:33:51 PM
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
Roles : {[unauthenticated, arn:aws:iam::123456789012:role/CommonTests1Role]}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 165
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [GetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ListIdentityPools` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ListIdentityPools`.
------
#### [ CLI ]
**AWS CLI**
**Pour afficher les réserves d’identités**
Cet exemple répertorie les réserves d’identités. Un maximum de 20 identités sont répertoriées.
Commande :
```
aws cognito-identity list-identity-pools --max-results 20
```
Sortie :
```
{
"IdentityPools": [
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool"
},
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "AnotherIdentityPool"
},
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "IdentityPoolRegionA"
}
]
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListIdentityPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/list-identity-pools.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient;
import software.amazon.awssdk.services.cognitoidentity.model.ListIdentityPoolsRequest;
import software.amazon.awssdk.services.cognitoidentity.model.ListIdentityPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListIdentityPools {
public static void main(String[] args) {
CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder()
.region(Region.US_EAST_1)
.build();
listIdPools(cognitoClient);
cognitoClient.close();
}
public static void listIdPools(CognitoIdentityClient cognitoClient) {
try {
ListIdentityPoolsRequest poolsRequest = ListIdentityPoolsRequest.builder()
.maxResults(15)
.build();
ListIdentityPoolsResponse response = cognitoClient.listIdentityPools(poolsRequest);
response.identityPools().forEach(pool -> {
System.out.println("Pool ID: " + pool.identityPoolId());
System.out.println("Pool name: " + pool.identityPoolName());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, voir [ListIdentityPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/ListIdentityPools)la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : extrait une liste de groupes d’identités existants.**
```
Get-CGIIdentityPoolList
```
**Sortie** :
```
IdentityPoolId IdentityPoolName
-------------- ----------------
us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 CommonTests1
us-east-1:118d242d-204e-4b88-b803-EXAMPLEGUID2 Tests2
us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 CommonTests13
```
+ Pour plus de détails sur l'API, reportez-vous [ListIdentityPools](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : extrait une liste de groupes d’identités existants.**
```
Get-CGIIdentityPoolList
```
**Sortie** :
```
IdentityPoolId IdentityPoolName
-------------- ----------------
us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 CommonTests1
us-east-1:118d242d-204e-4b88-b803-EXAMPLEGUID2 Tests2
us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 CommonTests13
```
+ Pour plus de détails sur l'API, reportez-vous [ListIdentityPools](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples).
```
import AWSCognitoIdentity
/// Return the ID of the identity pool with the specified name.
///
/// - Parameters:
/// - name: The name of the identity pool whose ID should be returned.
///
/// - Returns: A string containing the ID of the specified identity pool
/// or `nil` on error or if not found.
///
func getIdentityPoolID(name: String) async throws -> String? {
let listPoolsInput = ListIdentityPoolsInput(maxResults: 25)
// Use "Paginated" to get all the objects.
// This lets the SDK handle the 'nextToken' field in "ListIdentityPoolsOutput".
let pages = cognitoIdentityClient.listIdentityPoolsPaginated(input: listPoolsInput)
do {
for try await page in pages {
guard let identityPools = page.identityPools else {
print("ERROR: listIdentityPoolsPaginated returned nil contents.")
continue
}
/// Read pages of identity pools from Cognito until one is found
/// whose name matches the one specified in the `name` parameter.
/// Return the matching pool's ID.
for pool in identityPools {
if pool.identityPoolName == name {
return pool.identityPoolId!
}
}
}
} catch {
print("ERROR: getIdentityPoolID:", dump(error))
throw error
}
return nil
}
```
Obtenez l’ID d’un groupe d’identités existant ou créez-le s’il n’existe pas encore.
```
import AWSCognitoIdentity
/// Return the ID of the identity pool with the specified name.
///
/// - Parameters:
/// - name: The name of the identity pool whose ID should be returned
///
/// - Returns: A string containing the ID of the specified identity pool.
/// Returns `nil` if there's an error or if the pool isn't found.
///
public func getOrCreateIdentityPoolID(name: String) async throws -> String? {
// See if the pool already exists. If it doesn't, create it.
do {
guard let poolId = try await getIdentityPoolID(name: name) else {
return try await createIdentityPool(name: name)
}
return poolId
} catch {
print("ERROR: getOrCreateIdentityPoolID:", dump(error))
throw error
}
}
```
+ Pour plus d’informations, consultez [Guide du développeur du kit AWS SDK pour Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html).
+ Pour plus de détails sur l'API, reportez-vous [ListIdentityPools](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/listidentitypools(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation de `SetIdentityPoolRoles` avec une CLI
Les exemples de code suivants illustrent comment utiliser `SetIdentityPoolRoles`.
------
#### [ CLI ]
**AWS CLI**
**Pour définir les rôles du groupe d’identités**
L’exemple `set-identity-pool-roles` suivant définit le rôle d’un groupe d’identités.
```
aws cognito-identity set-identity-pool-roles \
--identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" \
--roles authenticated="arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolAuth_Role"
```
+ Pour plus de détails sur l'API, reportez-vous [SetIdentityPoolRoles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/set-identity-pool-roles.html)à la section *Référence des AWS CLI commandes*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : configure le groupe d’identités spécifique pour qu’il ait un rôle IAM non authentifié.**
```
Set-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -Role @{ "unauthenticated" = "arn:aws:iam::123456789012:role/CommonTests1Role" }
```
+ Pour plus de détails sur l'API, reportez-vous [SetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : configure le groupe d’identités spécifique pour qu’il ait un rôle IAM non authentifié.**
```
Set-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -Role @{ "unauthenticated" = "arn:aws:iam::123456789012:role/CommonTests1Role" }
```
+ Pour plus de détails sur l'API, reportez-vous [SetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation de `UpdateIdentityPool` avec une CLI
Les exemples de code suivants illustrent comment utiliser `UpdateIdentityPool`.
------
#### [ CLI ]
**AWS CLI**
**Pour mettre à jour un groupe d’identités**
Cet exemple met à jour un groupe d’identités. Il définit le nom sur MyIdentityPool. Il ajoute Cognito comme fournisseur d’identités. Il interdit les identités non authentifiées.
Commande :
```
aws cognito-identity update-identity-pool --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" --identity-pool-name "MyIdentityPool" --no-allow-unauthenticated-identities --cognito-identity-providers ProviderName="cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",ClientId="3n4b5urk1ft4fl3mg5e62d9ado",ServerSideTokenCheck=false
```
Sortie :
```
{
"IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111",
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",
"ClientId": "3n4b5urk1ft4fl3mg5e62d9ado",
"ServerSideTokenCheck": false
}
]
}
```
+ Pour plus de détails sur l'API, reportez-vous [UpdateIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/update-identity-pool.html)à la section *Référence des AWS CLI commandes*.
------
#### [ PowerShell ]
**Outils pour PowerShell V4**
**Exemple 1 : met à jour certaines propriétés du groupe d’identités, en l’occurrence le nom du groupe d’identités.**
```
Update-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -IdentityPoolName NewPoolName
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:53:33 PM
AllowUnauthenticatedIdentities : False
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : NewPoolName
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 135
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [UpdateIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V4)*.
**Outils pour PowerShell V5**
**Exemple 1 : met à jour certaines propriétés du groupe d’identités, en l’occurrence le nom du groupe d’identités.**
```
Update-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -IdentityPoolName NewPoolName
```
**Sortie** :
```
LoggedAt : 8/12/2015 4:53:33 PM
AllowUnauthenticatedIdentities : False
DeveloperProviderName :
IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1
IdentityPoolName : NewPoolName
OpenIdConnectProviderARNs : {}
SupportedLoginProviders : {}
ResponseMetadata : Amazon.Runtime.ResponseMetadata
ContentLength : 135
HttpStatusCode : OK
```
+ Pour plus de détails sur l'API, reportez-vous [UpdateIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)à la section *Référence des Outils AWS pour PowerShell applets de commande (V5)*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Scénarios d'utilisation d'Amazon Cognito Identity AWS SDKs
Les exemples de code suivants vous montrent comment implémenter des scénarios courants dans Amazon Cognito Identity avec. AWS SDKs Ces scénarios vous montrent comment accomplir des tâches spécifiques en appelant plusieurs fonctions dans Amazon Cognito Identity ou en les combinant avec d’autres Services AWS. Chaque exemple inclut un lien vers le code source complet, où vous trouverez des instructions sur la configuration et l’exécution du code.
Les scénarios ciblent un niveau d’expérience intermédiaire pour vous aider à comprendre les actions de service dans leur contexte.
**Topics**
+ [Créer une application Amazon Textract Explorer](cognito-identity_example_cross_TextractExplorer_section.md)
# Créer une application Amazon Textract Explorer
Les exemples de code suivants expliquent comment explorer la sortie Amazon Textract via une application interactive.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Montre comment utiliser le AWS SDK pour JavaScript pour créer une application React qui utilise Amazon Textract pour extraire des données d'une image de document et les afficher sur une page Web interactive. Cet exemple s’exécute dans un navigateur Web et nécessite une identité Amazon Cognito authentifiée pour les informations d’identification. Il utilise Amazon Simple Storage Service (Amazon S3) pour le stockage et, pour les notifications, il interroge une file d’attente Amazon Simple Queue Service (Amazon SQS) abonnée à une rubrique Amazon Simple Notification Service (Amazon SNS).
Pour obtenir le code source complet et les instructions de configuration et d'exécution, consultez l'exemple complet sur [GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/textract-react).
**Les services utilisés dans cet exemple**
+ Amazon Cognito Identity
+ Amazon S3
+ Amazon SNS
+ Amazon SQS
+ Amazon Textract
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Montre comment utiliser Amazon Textract pour détecter des éléments de texte, de formulaire et de tableau dans une image de document. AWS SDK pour Python (Boto3) L’image d’entrée et la sortie d’Amazon Textract sont affichées dans une application Tkinter qui vous permet d’explorer les éléments détectés.
+ Soumettez une image de document à Amazon Textract et explorez la sortie des éléments détectés.
+ Soumettez des images directement à Amazon Textract ou via un compartiment Amazon Simple Storage Service (Amazon S3).
+ Utilisez le mode asynchrone APIs pour démarrer une tâche qui publie une notification dans une rubrique Amazon Simple Notification Service (Amazon SNS) une fois la tâche terminée.
+ Interrogez un service Amazon Simple Queue Service (Amazon SQS) pour obtenir un message de fin de tâche et affichez les résultats.
Pour obtenir le code source complet et les instructions de configuration et d'exécution, consultez l'exemple complet sur [GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/cross_service/textract_explorer).
**Les services utilisés dans cet exemple**
+ Amazon Cognito Identity
+ Amazon S3
+ Amazon SNS
+ Amazon SQS
+ Amazon Textract
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Exemples de code pour le fournisseur d'identité Amazon Cognito utilisant AWS SDKs
Les exemples de code suivants montrent comment utiliser le fournisseur d'identité Amazon Cognito avec un kit de développement AWS logiciel (SDK).
Les *actions* sont des extraits de code de programmes plus larges et doivent être exécutées dans leur contexte. Alors que les actions vous indiquent comment appeler des fonctions de service individuelles, vous pouvez les voir en contexte dans leurs scénarios associés.
Les *scénarios* sont des exemples de code qui vous montrent comment accomplir des tâches spécifiques en appelant plusieurs fonctions au sein d’un même service ou combinés à d’autres Services AWS.
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
**Contents**
+ [Principes de base](service_code_examples_cognito-identity-provider_basics.md)
+ [Bonjour Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [Actions](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
+ [Scénarios](service_code_examples_cognito-identity-provider_scenarios.md)
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Utiliser les pools d'identités Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md)
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
# Exemples de base pour le fournisseur d'identité Amazon Cognito utilisant AWS SDKs
Les exemples de code suivants montrent comment utiliser les bases du fournisseur d'identité Amazon Cognito avec. AWS SDKs
**Contents**
+ [Bonjour Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [Actions](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
# Bonjour Amazon Cognito
Les exemples de code suivants montrent comment bien démarrer avec Amazon Cognito.
------
#### [ C\$1\$1 ]
**Kit de développement logiciel (SDK) for C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito/hello_cognito#code-examples).
Code du CMake fichier CMake Lists.txt.
```
# Set the minimum required version of CMake for this project.
cmake_minimum_required(VERSION 3.13)
# Set the AWS service components used by this project.
set(SERVICE_COMPONENTS cognito-idp)
# Set this project's name.
project("hello_cognito")
# Set the C++ standard to use to build this target.
# At least C++ 11 is required for the AWS SDK for C++.
set(CMAKE_CXX_STANDARD 11)
# Use the MSVC variable to determine if this is a Windows build.
set(WINDOWS_BUILD ${MSVC})
if (WINDOWS_BUILD) # Set the location where CMake can find the installed libraries for the AWS SDK.
string(REPLACE ";" "/aws-cpp-sdk-all;" SYSTEM_MODULE_PATH "${CMAKE_SYSTEM_PREFIX_PATH}/aws-cpp-sdk-all")
list(APPEND CMAKE_PREFIX_PATH ${SYSTEM_MODULE_PATH})
endif ()
# Find the AWS SDK for C++ package.
find_package(AWSSDK REQUIRED COMPONENTS ${SERVICE_COMPONENTS})
if (WINDOWS_BUILD AND AWSSDK_INSTALL_AS_SHARED_LIBS)
# Copy relevant AWS SDK for C++ libraries into the current binary directory for running and debugging.
# set(BIN_SUB_DIR "/Debug") # If you are building from the command line, you may need to uncomment this
# and set the proper subdirectory to the executables' location.
AWSSDK_CPY_DYN_LIBS(SERVICE_COMPONENTS "" ${CMAKE_CURRENT_BINARY_DIR}${BIN_SUB_DIR})
endif ()
add_executable(${PROJECT_NAME}
hello_cognito.cpp)
target_link_libraries(${PROJECT_NAME}
${AWSSDK_LINK_LIBRARIES})
```
Code pour le fichier source hello\$1cognito.cpp.
```
#include
#include
#include
#include
/*
* A "Hello Cognito" starter application which initializes an Amazon Cognito client and lists the Amazon Cognito
* user pools.
*
* main function
*
* Usage: 'hello_cognito'
*
*/
int main(int argc, char **argv) {
Aws::SDKOptions options;
// Optionally change the log level for debugging.
// options.loggingOptions.logLevel = Utils::Logging::LogLevel::Debug;
Aws::InitAPI(options); // Should only be called once.
int result = 0;
{
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient cognitoClient(clientConfig);
Aws::String nextToken; // Used for pagination.
std::vector userPools;
do {
Aws::CognitoIdentityProvider::Model::ListUserPoolsRequest listUserPoolsRequest;
if (!nextToken.empty()) {
listUserPoolsRequest.SetNextToken(nextToken);
}
Aws::CognitoIdentityProvider::Model::ListUserPoolsOutcome listUserPoolsOutcome =
cognitoClient.ListUserPools(listUserPoolsRequest);
if (listUserPoolsOutcome.IsSuccess()) {
for (auto &userPool: listUserPoolsOutcome.GetResult().GetUserPools()) {
userPools.push_back(userPool.GetName());
}
nextToken = listUserPoolsOutcome.GetResult().GetNextToken();
} else {
std::cerr << "ListUserPools error: " << listUserPoolsOutcome.GetError().GetMessage() << std::endl;
result = 1;
break;
}
} while (!nextToken.empty());
std::cout << userPools.size() << " user pools found." << std::endl;
for (auto &userPool: userPools) {
std::cout << " user pool: " << userPool << std::endl;
}
}
Aws::ShutdownAPI(options); // Should only be called once.
return result;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPools)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
// main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service
// (Amazon SNS) client and list the topics in your account.
// This example uses the default settings specified in your shared credentials
// and config files.
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
fmt.Println("Couldn't load default configuration. Have you set up your AWS account?")
fmt.Println(err)
return
}
cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig)
fmt.Println("Let's list the user pools for your account.")
var pools []types.UserPoolDescriptionType
paginator := cognitoidentityprovider.NewListUserPoolsPaginator(
cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)})
for paginator.HasMorePages() {
output, err := paginator.NextPage(ctx)
if err != nil {
log.Printf("Couldn't get user pools. Here's why: %v\n", err)
} else {
pools = append(pools, output.UserPools...)
}
}
if len(pools) == 0 {
fmt.Println("You don't have any user pools!")
} else {
for _, pool := range pools {
fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id)
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)à la section *Référence des AWS SDK pour Go API*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
import {
paginateListUserPools,
CognitoIdentityProviderClient,
} from "@aws-sdk/client-cognito-identity-provider";
const client = new CognitoIdentityProviderClient({});
export const helloCognito = async () => {
const paginator = paginateListUserPools({ client }, {});
const userPoolNames = [];
for await (const page of paginator) {
const names = page.UserPools.map((pool) => pool.Name);
userPoolNames.push(...names);
}
console.log("User pool names: ");
console.log(userPoolNames.join("\n"));
return userPoolNames;
};
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUserPoolsCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
import boto3
# Create a Cognito Identity Provider client
cognitoidp = boto3.client("cognito-idp")
# Initialize a paginator for the list_user_pools operation
paginator = cognitoidp.get_paginator("list_user_pools")
# Create a PageIterator from the paginator
page_iterator = paginator.paginate(MaxResults=10)
# Initialize variables for pagination
user_pools = []
# Handle pagination
for page in page_iterator:
user_pools.extend(page.get("UserPools", []))
# Print the list of user pools
print("User Pools for the account:")
if user_pools:
for pool in user_pools:
print(f"Name: {pool['Name']}, ID: {pool['Id']}")
else:
print("No user pools found.")
```
+ Pour plus de détails sur l'API, consultez [ListUserPools](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserPools)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ Ruby ]
**Kit SDK pour Ruby**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/cognito#code-examples).
```
require 'aws-sdk-cognitoidentityprovider'
require 'logger'
# CognitoManager is a class responsible for managing AWS Cognito operations
# such as listing all user pools in the current AWS account.
class CognitoManager
def initialize(client)
@client = client
@logger = Logger.new($stdout)
end
# Lists and prints all user pools associated with the AWS account.
def list_user_pools
paginator = @client.list_user_pools(max_results: 10)
user_pools = []
paginator.each_page do |page|
user_pools.concat(page.user_pools)
end
if user_pools.empty?
@logger.info('No Cognito user pools found.')
else
user_pools.each do |user_pool|
@logger.info("User pool ID: #{user_pool.id}")
@logger.info("User pool name: #{user_pool.name}")
@logger.info("User pool status: #{user_pool.status}")
@logger.info('---')
end
end
end
end
if $PROGRAM_NAME == __FILE__
cognito_client = Aws::CognitoIdentityProvider::Client.new
manager = CognitoManager.new(cognito_client)
manager.list_user_pools
end
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://docs.aws.amazon.com/goto/SdkForRubyV3/cognito-idp-2016-04-18/ListUserPools)à la section *Référence des AWS SDK pour Ruby API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Actions pour le fournisseur d'identité Amazon Cognito utilisant AWS SDKs
Les exemples de code suivants montrent comment effectuer des actions individuelles du fournisseur d'identité Amazon Cognito avec. AWS SDKs Chaque exemple inclut un lien vers GitHub, où vous pouvez trouver des instructions pour configurer et exécuter le code.
Ces extraits appellent l’API Fournisseur d’identité Amazon Cognito et sont des extraits de code de programmes de plus grande envergure qui doivent être exécutés en contexte. Vous pouvez voir les actions dans leur contexte dans [Scénarios pour le fournisseur d'identité Amazon Cognito utilisant AWS SDKs](service_code_examples_cognito-identity-provider_scenarios.md).
Les exemples suivants incluent uniquement les actions les plus couramment utilisées. Pour obtenir la liste complète, consultez [Amazon Cognito Identity Provider API Reference](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/Welcome.html) (Référence de l’API Fournisseur d’identité Amazon Cognito).
**Topics**
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
# Utilisation `AdminCreateUser` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `AdminCreateUser`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**Pour créer un utilisateur**
L’exemple `admin-create-user` suivant crée un utilisateur avec l’adresse e-mail et le numéro de téléphone spécifiés dans les paramètres.
```
aws cognito-idp admin-create-user \
--user-pool-id us-west-2_aaaaaaaaa \
--username diego \
--user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \
--message-action SUPPRESS
```
Sortie :
```
{
"User": {
"Username": "diego",
"Attributes": [
{
"Name": "sub",
"Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2"
},
{
"Name": "phone_number",
"Value": "+15555551212"
},
{
"Name": "email",
"Value": "diego@example.com"
}
],
"UserCreateDate": 1548099495.428,
"UserLastModifiedDate": 1548099495.428,
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD"
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminCreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-create-user.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)à la section *Référence des AWS SDK pour Go API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `AdminGetUser` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `AdminGetUser`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Get the specified user from an Amazon Cognito user pool with administrator access.
///
/// The name of the user.
/// The Id of the Amazon Cognito user pool.
/// Async task.
public async Task GetAdminUserAsync(string userName, string poolId)
{
AdminGetUserRequest userRequest = new AdminGetUserRequest
{
Username = userName,
UserPoolId = poolId,
};
var response = await _cognitoService.AdminGetUserAsync(userRequest);
Console.WriteLine($"User status {response.UserStatus}");
return response.UserStatus;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour obtenir un utilisateur**
Cet exemple permet d’obtenir les informations sur le nom d’utilisateur jane@example.com.
Commande :
```
aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com
```
Sortie :
```
{
"Username": "4320de44-2322-4620-999b-5e2e1c8df013",
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD",
"UserCreateDate": 1548108509.537,
"UserAttributes": [
{
"Name": "sub",
"Value": "4320de44-2322-4620-999b-5e2e1c8df013"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "phone_number_verified",
"Value": "true"
},
{
"Name": "phone_number",
"Value": "+01115551212"
},
{
"Name": "email",
"Value": "jane@example.com"
}
],
"UserLastModifiedDate": 1548108509.537
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-user.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples).
```
const adminGetUser = ({ userPoolId, username }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminGetUserCommand({
UserPoolId: userPoolId,
Username: username,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
```
+ Pour plus de détails sur l'API, consultez [AdminGetUser](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Get information about a specific user in a user pool.
///
/// - Parameters:
/// - cipClient: The Amazon Cognito Identity Provider client to use.
/// - userName: The user to retrieve information about.
/// - userPoolId: The user pool to search for the specified user.
///
/// - Returns: `true` if the user's information was successfully
/// retrieved. Otherwise returns `false`.
func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String,
userPoolId: String) async -> Bool {
do {
let output = try await cipClient.adminGetUser(
input: AdminGetUserInput(
userPoolId: userPoolId,
username: userName
)
)
guard let userStatus = output.userStatus else {
print("*** Unable to get the user's status.")
return false
}
print("User status: \(userStatus)")
return true
} catch {
return false
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `AdminInitiateAuth` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `AdminInitiateAuth`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Initiate an admin auth request.
///
/// The client ID to use.
/// The ID of the user pool.
/// The username to authenticate.
/// The user's password.
/// The session to use in challenge-response.
public async Task AdminInitiateAuthAsync(string clientId, string userPoolId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var request = new AdminInitiateAuthRequest
{
ClientId = clientId,
UserPoolId = userPoolId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
};
var response = await _cognitoService.AdminInitiateAuthAsync(request);
return response.Session;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour vous connecter en tant qu’administrateur**
L’exemple `admin-initiate-auth` suivant connecte l’utilisateur diego@example.com. Cet exemple inclut également des métadonnées pour la protection contre les menaces et ClientMetadata pour les déclencheurs Lambda. L’utilisateur est configuré pour l’authentification MFA par TOTP et est invité à fournir un code depuis son application d’authentification avant de pouvoir terminer l’authentification.
```
aws cognito-idp admin-initiate-auth \
--user-pool-id us-west-2_EXAMPLE \
--client-id 1example23456789 \
--auth-flow ADMIN_USER_PASSWORD_AUTH \
--auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \
--context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \
--client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}"
```
Sortie :
```
{
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": "AYABeExample...",
"ChallengeParameters": {
"FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp",
"USER_ID_FOR_SRP": "diego@example.com"
}
}
```
Pour plus d’informations, consultez [Flux d’authentification de l’administration](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-initiate-auth.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples).
```
const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminInitiateAuthCommand({
ClientId: clientId,
UserPoolId: userPoolId,
AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
AuthParameters: { USERNAME: username, PASSWORD: password },
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def start_sign_in(self, user_name, password):
"""
Starts the sign-in process for a user by using administrator credentials.
This method of signing in is appropriate for code running on a secure server.
If the user pool is configured to require MFA and this is the first sign-in
for the user, Amazon Cognito returns a challenge response to set up an
MFA application. When this occurs, this function gets an MFA secret from
Amazon Cognito and returns it to the caller.
:param user_name: The name of the user to sign in.
:param password: The user's password.
:return: The result of the sign-in attempt. When sign-in is successful, this
returns an access token that can be used to get AWS credentials. Otherwise,
Amazon Cognito returns a challenge to set up an MFA application,
or a challenge to enter an MFA code from a registered MFA application.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"AuthFlow": "ADMIN_USER_PASSWORD_AUTH",
"AuthParameters": {"USERNAME": user_name, "PASSWORD": password},
}
if self.client_secret is not None:
kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name)
response = self.cognito_idp_client.admin_initiate_auth(**kwargs)
challenge_name = response.get("ChallengeName", None)
if challenge_name == "MFA_SETUP":
if (
"SOFTWARE_TOKEN_MFA"
in response["ChallengeParameters"]["MFAS_CAN_SETUP"]
):
response.update(self.get_mfa_secret(response["Session"]))
else:
raise RuntimeError(
"The user pool requires MFA setup, but the user pool is not "
"configured for TOTP MFA. This example requires TOTP MFA."
)
except ClientError as err:
logger.error(
"Couldn't start sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ Pour plus de détails sur l'API, consultez [AdminInitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**Kit SDK pour SAP ABAP**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
" Set up authentication parameters
DATA(lt_auth_params) = VALUE /aws1/cl_cgpauthparamstype_w=>tt_authparameterstype(
( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow(
key = 'USERNAME'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_user_name ) ) )
( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow(
key = 'PASSWORD'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_password ) ) )
).
" Add SECRET_HASH if provided
IF iv_secret_hash IS NOT INITIAL.
INSERT VALUE #(
key = 'SECRET_HASH'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_secret_hash )
) INTO TABLE lt_auth_params.
ENDIF.
oo_result = lo_cgp->admininitiateauth(
iv_userpoolid = iv_user_pool_id
iv_clientid = iv_client_id
iv_authflow = 'ADMIN_USER_PASSWORD_AUTH'
it_authparameters = lt_auth_params
).
DATA(lv_challenge) = oo_result->get_challengename( ).
IF lv_challenge IS INITIAL.
MESSAGE 'User successfully signed in.' TYPE 'I'.
ELSE.
MESSAGE |Authentication challenge required: { lv_challenge }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpusernotfoundex INTO DATA(lo_user_ex).
MESSAGE |User { iv_user_name } not found.| TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized. Check credentials.' TYPE 'E'.
ENDTRY.
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)à la section de référence du *AWS SDK pour l'API SAP ABAP*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Begin an authentication session.
///
/// - Parameters:
/// - cipClient: The `CongitoIdentityProviderClient` to use.
/// - clientId: The app client ID to use.
/// - userName: The username to check.
/// - password: The user's password.
/// - userPoolId: The user pool to use.
///
/// - Returns: The session token associated with this authentication
/// session.
func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, password: String,
userPoolId: String) async -> String? {
var authParams: [String: String] = [:]
authParams["USERNAME"] = userName
authParams["PASSWORD"] = password
do {
let output = try await cipClient.adminInitiateAuth(
input: AdminInitiateAuthInput(
authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth,
authParameters: authParams,
clientId: clientId,
userPoolId: userPoolId
)
)
guard let challengeName = output.challengeName else {
print("*** Invalid response from the auth service.")
return nil
}
print("=====> Response challenge is \(challengeName)")
return output.session
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return nil
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return nil
} catch {
print("*** An unexpected error occurred.")
return nil
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `AdminRespondToAuthChallenge` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `AdminRespondToAuthChallenge`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Respond to an admin authentication challenge.
///
/// The name of the user.
/// The client ID.
/// The multi-factor authentication code.
/// The current application session.
/// The user pool ID.
/// The result of the authentication response.
public async Task AdminRespondToAuthChallengeAsync(
string userName,
string clientId,
string mfaCode,
string session,
string userPoolId)
{
Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated");
var challengeResponses = new Dictionary();
challengeResponses.Add("USERNAME", userName);
challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
var respondToAuthChallengeRequest = new AdminRespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA,
ClientId = clientId,
ChallengeResponses = challengeResponses,
Session = session,
UserPoolId = userPoolId,
};
var response = await _cognitoService.AdminRespondToAuthChallengeAsync(respondToAuthChallengeRequest);
Console.WriteLine($"Response to Authentication {response.AuthenticationResult.TokenType}");
return response.AuthenticationResult;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour répondre à une stimulation d’authentification**
Il existe de nombreuses manières de répondre aux différentes stimulations d’authentification, en fonction de votre flux d’authentification, de la configuration du groupe d’utilisateurs et des paramètres utilisateur. L’exemple `admin-respond-to-auth-challenge` suivant fournit un code d’authentification MFA par TOTP pour diego@example.com et termine la connexion. La mémorisation des appareils de ce groupe d’utilisateurs est activée, de sorte que le résultat de l’authentification renvoie également une nouvelle clé d’appareil.
```
aws cognito-idp admin-respond-to-auth-challenge \
--user-pool-id us-west-2_EXAMPLE \
--client-id 1example23456789 \
--challenge-name SOFTWARE_TOKEN_MFA \
--challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \
--session AYABeExample...
```
Sortie :
```
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-ExAmPlE1"
}
}
}
```
Pour plus d’informations, consultez [Flux d’authentification de l’administration](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const adminRespondToAuthChallenge = ({
userPoolId,
clientId,
username,
totp,
session,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminRespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: totp,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Répondez à une stimulation MFA en fournissant un code généré par une application MFA associée.
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def respond_to_mfa_challenge(self, user_name, session, mfa_code):
"""
Responds to a challenge for an MFA code. This completes the second step of
a two-factor sign-in. When sign-in is successful, it returns an access token
that can be used to get AWS credentials from Amazon Cognito.
:param user_name: The name of the user who is signing in.
:param session: Session information returned from a previous call to initiate
authentication.
:param mfa_code: A code generated by the associated MFA application.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": session,
"ChallengeResponses": {
"USERNAME": user_name,
"SOFTWARE_TOKEN_MFA_CODE": mfa_code,
},
}
if self.client_secret is not None:
kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash(
user_name
)
response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs)
auth_result = response["AuthenticationResult"]
except ClientError as err:
if err.response["Error"]["Code"] == "ExpiredCodeException":
logger.warning(
"Your MFA code has expired or has been used already. You might have "
"to wait a few seconds until your app shows you a new code."
)
else:
logger.error(
"Couldn't respond to mfa challenge for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_result
```
+ Pour plus de détails sur l'API, consultez [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**Kit SDK pour SAP ABAP**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
" Build challenge responses
DATA(lt_challenge_responses) = VALUE /aws1/cl_cgpchallengerspstyp00=>tt_challengeresponsestype(
( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow(
key = 'USERNAME'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_user_name ) ) )
( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow(
key = 'SOFTWARE_TOKEN_MFA_CODE'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_mfa_code ) ) )
).
" Add SECRET_HASH if provided
IF iv_secret_hash IS NOT INITIAL.
INSERT VALUE #(
key = 'SECRET_HASH'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_secret_hash )
) INTO TABLE lt_challenge_responses.
ENDIF.
DATA(lo_result) = lo_cgp->adminrespondtoauthchallenge(
iv_userpoolid = iv_user_pool_id
iv_clientid = iv_client_id
iv_challengename = 'SOFTWARE_TOKEN_MFA'
it_challengeresponses = lt_challenge_responses
iv_session = iv_session
).
oo_auth_result = lo_result->get_authenticationresult( ).
IF oo_auth_result IS BOUND.
MESSAGE 'MFA challenge completed successfully.' TYPE 'I'.
ELSE.
" Another challenge might be required
DATA(lv_next_challenge) = lo_result->get_challengename( ).
MESSAGE |Additional challenge required: { lv_next_challenge }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex).
MESSAGE 'Invalid MFA code provided.' TYPE 'E'.
CATCH /aws1/cx_cgpexpiredcodeex INTO DATA(lo_expired_ex).
MESSAGE 'MFA code has expired.' TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized. Check MFA configuration.' TYPE 'E'.
ENDTRY.
```
+ Pour plus de détails sur l'API, consultez [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la section de référence du *AWS SDK pour l'API SAP ABAP*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Respond to the authentication challenge received from Cognito after
/// initiating an authentication session. This involves sending a current
/// MFA code to the service.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - userName: The user's username.
/// - clientId: The app client ID.
/// - userPoolId: The user pool to sign into.
/// - mfaCode: The 6-digit MFA code currently displayed by the user's
/// authenticator.
/// - session: The authentication session to continue processing.
func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String,
clientId: String, userPoolId: String, mfaCode: String,
session: String) async {
print("=====> SOFTWARE_TOKEN_MFA challenge is generated...")
var challengeResponsesOb: [String: String] = [:]
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
do {
let output = try await cipClient.adminRespondToAuthChallenge(
input: AdminRespondToAuthChallengeInput(
challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa,
challengeResponses: challengeResponsesOb,
clientId: clientId,
session: session,
userPoolId: userPoolId
)
)
guard let authenticationResult = output.authenticationResult else {
print("*** Unable to get authentication result.")
return
}
print("=====> Authentication result (JWTs are redacted):")
print(authenticationResult)
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return
} catch let error as NotAuthorizedException {
print("*** Unauthorized access. Reason: \(error.properties.message ?? "")")
} catch {
print("*** Error responding to the MFA challenge.")
return
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `AdminSetUserPassword` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `AdminSetUserPassword`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**Pour définir un mot de passe utilisateur en tant qu’administrateur**
L’exemple `admin-set-user-password` suivant définit définitivement le mot de passe pour diego@example.com.
```
aws cognito-idp admin-set-user-password \
--user-pool-id us-west-2_EXAMPLE \
--username diego@example.com \
--password MyExamplePassword1! \
--permanent
```
Cette commande ne produit aucune sortie.
Pour plus d’informations, consultez [Passwords, password recovery, and password policies](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [AdminSetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-password.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
+ Pour plus de détails sur l'API, reportez-vous [AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)à la section *Référence des AWS SDK pour Go API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `AssociateSoftwareToken` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `AssociateSoftwareToken`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Get an MFA token to authenticate the user with the authenticator.
///
/// The session name.
/// The session name.
public async Task AssociateSoftwareTokenAsync(string session)
{
var softwareTokenRequest = new AssociateSoftwareTokenRequest
{
Session = session,
};
var tokenResponse = await _cognitoService.AssociateSoftwareTokenAsync(softwareTokenRequest);
var secretCode = tokenResponse.SecretCode;
Console.WriteLine($"Use the following secret code to set up the authenticator: {secretCode}");
return tokenResponse.Session;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour générer une clé secrète pour une application d’authentification MFA**
L’exemple `associate-software-token` suivant génère une clé privée TOTP pour un utilisateur qui s’est connecté et a reçu un jeton d’accès. La clé privée qui en résulte peut être saisie manuellement dans une application d’authentification, ou les applications peuvent la restituer sous forme de code QR que l’utilisateur peut scanner.
```
aws cognito-idp associate-software-token \
--access-token eyJra456defEXAMPLE
```
Sortie :
```
{
"SecretCode": "QWERTYUIOP123456EXAMPLE"
}
```
Pour plus d’informations, consultez [Authentification MFA par jeton logiciel TOTP](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/associate-software-token.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
```
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const associateSoftwareToken = (session) => {
const client = new CognitoIdentityProviderClient({});
const command = new AssociateSoftwareTokenCommand({
Session: session,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def get_mfa_secret(self, session):
"""
Gets a token that can be used to associate an MFA application with the user.
:param session: Session information returned from a previous call to initiate
authentication.
:return: An MFA token that can be used to set up an MFA application.
"""
try:
response = self.cognito_idp_client.associate_software_token(Session=session)
except ClientError as err:
logger.error(
"Couldn't get MFA secret. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ Pour plus de détails sur l'API, consultez [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**Kit SDK pour SAP ABAP**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
DATA(lo_result) = lo_cgp->associatesoftwaretoken(
iv_session = iv_session
).
ov_secret_code = lo_result->get_secretcode( ).
MESSAGE 'MFA secret code generated successfully.' TYPE 'I'.
CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex).
MESSAGE 'Session not found or expired.' TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized to associate software token.' TYPE 'E'.
ENDTRY.
```
+ Pour plus de détails sur l'API, consultez [AssociateSoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la section de référence du *AWS SDK pour l'API SAP ABAP*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Request and display an MFA secret token that the user should enter
/// into their authenticator to set it up for the user account.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - authSession: The authentication session to request an MFA secret
/// for.
///
/// - Returns: A string containing the MFA secret token that should be
/// entered into the authenticator software.
func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
do {
let output = try await cipClient.associateSoftwareToken(
input: AssociateSoftwareTokenInput(
session: authSession
)
)
guard let secretCode = output.secretCode else {
print("*** Unable to get the secret code")
return nil
}
print("=====> Enter this token into Google Authenticator: \(secretCode)")
return output.session
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return nil
} catch {
print("*** An unexpected error occurred getting the secret for the app's MFA.")
return nil
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ConfirmDevice` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ConfirmDevice`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Initiates and confirms tracking of the device.
///
/// The user's access token.
/// The key of the device from Amazon Cognito.
/// The device name.
///
public async Task ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName)
{
var request = new ConfirmDeviceRequest
{
AccessToken = accessToken,
DeviceKey = deviceKey,
DeviceName = deviceName
};
var response = await _cognitoService.ConfirmDeviceAsync(request);
return response.UserConfirmationNecessary;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ CLI ]
**AWS CLI**
**Pour confirmer l’appareil d’un utilisateur**
L’exemple `confirm-device` suivant ajoute un nouvel appareil mémorisé pour l’utilisateur actuel.
```
aws cognito-idp confirm-device \
--access-token eyJra456defEXAMPLE \
--device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \
--device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0
```
Sortie :
```
{
"UserConfirmationNecessary": false
}
```
Pour plus d’informations, consultez [Utilisation d’appareils utilisateur dans votre groupe d’utilisateurs](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [ConfirmDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-device.html)à la section *Référence des AWS CLI commandes*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const confirmDevice = ({ deviceKey, accessToken, passwordVerifier, salt }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmDeviceCommand({
DeviceKey: deviceKey,
AccessToken: accessToken,
DeviceSecretVerifierConfig: {
PasswordVerifier: passwordVerifier,
Salt: salt,
},
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def confirm_mfa_device(
self,
user_name,
device_key,
device_group_key,
device_password,
access_token,
aws_srp,
):
"""
Confirms an MFA device to be tracked by Amazon Cognito. When a device is
tracked, its key and password can be used to sign in without requiring a new
MFA code from the MFA application.
:param user_name: The user that is associated with the device.
:param device_key: The key of the device, returned by Amazon Cognito.
:param device_group_key: The group key of the device, returned by Amazon Cognito.
:param device_password: The password that is associated with the device.
:param access_token: The user's access token.
:param aws_srp: A class that helps with Secure Remote Password (SRP)
calculations. The scenario associated with this example uses
the warrant package.
:return: True when the user must confirm the device. Otherwise, False. When
False, the device is automatically confirmed and tracked.
"""
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
device_and_pw = f"{device_group_key}{device_key}:{device_password}"
device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8"))
salt = aws_srp.pad_hex(aws_srp.get_random(16))
x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash))
verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n))
device_secret_verifier_config = {
"PasswordVerifier": base64.standard_b64encode(
bytearray.fromhex(verifier)
).decode("utf-8"),
"Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"),
}
try:
response = self.cognito_idp_client.confirm_device(
AccessToken=access_token,
DeviceKey=device_key,
DeviceSecretVerifierConfig=device_secret_verifier_config,
)
user_confirm = response["UserConfirmationNecessary"]
except ClientError as err:
logger.error(
"Couldn't confirm mfa device %s. Here's why: %s: %s",
device_key,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return user_confirm
```
+ Pour plus de détails sur l'API, consultez [ConfirmDevice](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ConfirmForgotPassword` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ConfirmForgotPassword`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
------
#### [ CLI ]
**AWS CLI**
**Pour confirmer un mot de passe oublié**
Cet exemple confirme un mot de passe oublié pour le nom d’utilisateur diego@example.com.
Commande :
```
aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-forgot-password.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword)à la section *Référence des AWS SDK pour Go API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ConfirmSignUp` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ConfirmSignUp`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Confirm that the user has signed up.
///
/// The Id of this application.
/// The confirmation code sent to the user.
/// The username.
/// True if successful.
public async Task ConfirmSignupAsync(string clientId, string code, string userName)
{
var signUpRequest = new ConfirmSignUpRequest
{
ClientId = clientId,
ConfirmationCode = code,
Username = userName,
};
var response = await _cognitoService.ConfirmSignUpAsync(signUpRequest);
if (response.HttpStatusCode == HttpStatusCode.OK)
{
Console.WriteLine($"{userName} was confirmed");
return true;
}
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour confirmer l’inscription**
Cet exemple confirme l’inscription pour le nom d’utilisateur diego@example.com.
Commande :
```
aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-sign-up.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const confirmSignUp = ({ clientId, username, code }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmSignUpCommand({
ClientId: clientId,
Username: username,
ConfirmationCode: code,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def confirm_user_sign_up(self, user_name, confirmation_code):
"""
Confirms a previously created user. A user must be confirmed before they
can sign in to Amazon Cognito.
:param user_name: The name of the user to confirm.
:param confirmation_code: The confirmation code sent to the user's registered
email address.
:return: True when the confirmation succeeds.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"ConfirmationCode": confirmation_code,
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
self.cognito_idp_client.confirm_sign_up(**kwargs)
except ClientError as err:
logger.error(
"Couldn't confirm sign up for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return True
```
+ Pour plus de détails sur l'API, consultez [ConfirmSignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Submit a confirmation code for the specified user. This is the code as
/// entered by the user after they've received it by email or text
/// message.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The app client ID the user is signing up for.
/// - userName: The username of the user whose code is being sent.
/// - code: The user's confirmation code.
///
/// - Returns: `true` if the code was successfully confirmed; otherwise `false`.
func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, code: String) async -> Bool {
do {
_ = try await cipClient.confirmSignUp(
input: ConfirmSignUpInput(
clientId: clientId,
confirmationCode: code,
username: userName
)
)
print("=====> \(userName) has been confirmed.")
return true
} catch {
print("=====> \(userName)'s code was entered incorrectly.")
return false
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `CreateUserPool` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `CreateUserPool`.
------
#### [ CLI ]
**AWS CLI**
**Pour créer un groupe d’utilisateurs configuré de manière minimale**
Cet exemple crée un groupe d'utilisateurs nommé à MyUserPool l'aide des valeurs par défaut. Il n’y a aucun attribut obligatoire ni aucun client d’application. La MFA et la sécurité avancée sont désactivés.
Commande :
```
aws cognito-idp create-user-pool --pool-name MyUserPool
```
Sortie :
```
{
"UserPool": {
"SchemaAttributes": [
{
"Name": "sub",
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": true,
"AttributeDataType": "String",
"Mutable": false
},
{
"Name": "name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "given_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "family_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "middle_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "nickname",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "preferred_username",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "profile",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "picture",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "website",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "email",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "email_verified",
"Mutable": true
},
{
"Name": "gender",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "birthdate",
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "zoneinfo",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "locale",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "phone_number",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "phone_number_verified",
"Mutable": true
},
{
"Name": "address",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "updated_at",
"NumberAttributeConstraints": {
"MinValue": "0"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "Number",
"Mutable": true
}
],
"MfaConfiguration": "OFF",
"Name": "MyUserPool",
"LastModifiedDate": 1547833345.777,
"AdminCreateUserConfig": {
"UnusedAccountValidityDays": 7,
"AllowAdminCreateUserOnly": false
},
"EmailConfiguration": {},
"Policies": {
"PasswordPolicy": {
"RequireLowercase": true,
"RequireSymbols": true,
"RequireNumbers": true,
"MinimumLength": 8,
"RequireUppercase": true
}
},
"CreationDate": 1547833345.777,
"EstimatedNumberOfUsers": 0,
"Id": "us-west-2_aaaaaaaaa",
"LambdaConfig": {}
}
}
```
**Pour créer un groupe d’utilisateurs avec deux attributs requis**
Cet exemple crée un groupe d'utilisateurs MyUserPool. Le groupe est configuré pour accepter l’e-mail en tant qu’attribut de nom d’utilisateur. Il définit également l’adresse e-mail source sur une adresse validée à l’aide d’Amazon Simple Email Service.
Commande :
```
aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com"
```
Sortie :
```
{
"UserPool": {
"SchemaAttributes": [
{
"Name": "sub",
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": true,
"AttributeDataType": "String",
"Mutable": false
},
{
"Name": "name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "given_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "family_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "middle_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "nickname",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "preferred_username",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "profile",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "picture",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "website",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "email",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "email_verified",
"Mutable": true
},
{
"Name": "gender",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "birthdate",
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "zoneinfo",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "locale",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "phone_number",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "phone_number_verified",
"Mutable": true
},
{
"Name": "address",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "updated_at",
"NumberAttributeConstraints": {
"MinValue": "0"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "Number",
"Mutable": true
}
],
"MfaConfiguration": "OFF",
"Name": "MyUserPool",
"LastModifiedDate": 1547837788.189,
"AdminCreateUserConfig": {
"UnusedAccountValidityDays": 7,
"AllowAdminCreateUserOnly": false
},
"EmailConfiguration": {
"ReplyToEmailAddress": "jane@example.com",
"SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com"
},
"Policies": {
"PasswordPolicy": {
"RequireLowercase": true,
"RequireSymbols": true,
"RequireNumbers": true,
"MinimumLength": 8,
"RequireUppercase": true
}
},
"UsernameAttributes": [
"email"
],
"CreationDate": 1547837788.189,
"EstimatedNumberOfUsers": 0,
"Id": "us-west-2_aaaaaaaaa",
"LambdaConfig": {}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [CreateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolName - The name to give your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolName = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
String id = createPool(cognitoClient, userPoolName);
System.out.println("User pool ID: " + id);
cognitoClient.close();
}
public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName) {
try {
CreateUserPoolRequest request = CreateUserPoolRequest.builder()
.poolName(userPoolName)
.build();
CreateUserPoolResponse response = cognitoClient.createUserPool(request);
return response.userPool().id();
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [CreateUserPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPool)à la section *Référence des AWS SDK for Java 2.x API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `CreateUserPoolClient` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `CreateUserPoolClient`.
------
#### [ CLI ]
**AWS CLI**
**Pour créer un client de groupe d’utilisateurs**
L'`create-user-pool-client`exemple suivant crée un nouveau client de groupe d'utilisateurs avec un secret client, des attributs de lecture et d'écriture explicites, une connexion avec un nom d'utilisateur-mot de passe et des flux SRP, une connexion avec trois, un accès à un sous-ensemble de champs d'application IdPs, des PinPoint analyses et une durée de OAuth validité de session d'authentification étendue.
```
aws cognito-idp create-user-pool-client \
--user-pool-id us-west-2_EXAMPLE \
--client-name MyTestClient \
--generate-secret \
--refresh-token-validity 10 \
--access-token-validity 60 \
--id-token-validity 60 \
--token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \
--read-attributes email phone_number email_verified phone_number_verified \
--write-attributes email phone_number \
--explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \
--supported-identity-providers Google Facebook MyOIDC \
--callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \
--allowed-o-auth-flows code implicit \
--allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \
--allowed-o-auth-flows-user-pool-client \
--analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \
--prevent-user-existence-errors ENABLED \
--enable-token-revocation \
--enable-propagate-additional-user-context-data \
--auth-session-validity 4
```
Sortie :
```
{
"UserPoolClient": {
"UserPoolId": "us-west-2_EXAMPLE",
"ClientName": "MyTestClient",
"ClientId": "123abc456defEXAMPLE",
"ClientSecret": "this1234is5678my91011example1213client1415secret",
"LastModifiedDate": 1726788459.464,
"CreationDate": 1726788459.464,
"RefreshTokenValidity": 10,
"AccessTokenValidity": 60,
"IdTokenValidity": 60,
"TokenValidityUnits": {
"AccessToken": "minutes",
"IdToken": "minutes",
"RefreshToken": "days"
},
"ReadAttributes": [
"email_verified",
"phone_number_verified",
"phone_number",
"email"
],
"WriteAttributes": [
"phone_number",
"email"
],
"ExplicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"SupportedIdentityProviders": [
"Google",
"MyOIDC",
"Facebook"
],
"CallbackURLs": [
"https://example.com",
"https://www.amazon.com",
"myapp://example",
"http://localhost:8001"
],
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthScopes": [
"aws.cognito.signin.user.admin",
"openid",
"profile",
"solar-system-data/asteroids.add"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AnalyticsConfiguration": {
"ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid",
"RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp",
"UserDataShared": true
},
"PreventUserExistenceErrors": "ENABLED",
"EnableTokenRevocation": true,
"EnablePropagateAdditionalUserContextData": true,
"AuthSessionValidity": 4
}
}
```
Pour plus d’informations, consultez [Paramètres spécifiques à l’application avec des clients de l’application](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
/**
* A user pool client app is an application that authenticates with Amazon
* Cognito user pools.
* When you create a user pool, you can configure app clients that allow mobile
* or web applications
* to call API operations to authenticate users, manage user attributes and
* profiles,
* and implement sign-up and sign-in flows.
*
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPoolClient {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
clientName - The name for the user pool client to create.
userPoolId - The ID for the user pool.
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientName = args[0];
String userPoolId = args[1];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
createPoolClient(cognitoClient, clientName, userPoolId);
cognitoClient.close();
}
public static void createPoolClient(CognitoIdentityProviderClient cognitoClient, String clientName,
String userPoolId) {
try {
CreateUserPoolClientRequest request = CreateUserPoolClientRequest.builder()
.clientName(clientName)
.userPoolId(userPoolId)
.build();
CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient(request);
System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: "
+ response.userPoolClient().clientId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [CreateUserPoolClient](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPoolClient)à la section *Référence des AWS SDK for Java 2.x API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `DeleteUser` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `DeleteUser`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action dans son contexte dans les exemples de code suivants :
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ Pour plus de détails sur l'API, reportez-vous [DeleteUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUser)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour supprimer un utilisateur**
Cet exemple supprime un utilisateur.
Commande :
```
aws cognito-idp delete-user --access-token ACCESS_TOKEN
```
+ Pour plus de détails sur l'API, reportez-vous [DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
```
+ Pour plus de détails sur l'API, reportez-vous [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)à la section *Référence des AWS SDK pour Go API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples).
```
/**
* Delete the signed-in user. Useful for allowing a user to delete their
* own profile.
* @param {{ region: string, accessToken: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>}
*/
export const deleteUser = async ({ region, accessToken }) => {
try {
const client = new CognitoIdentityProviderClient({ region });
const response = await client.send(
new DeleteUserCommand({ AccessToken: accessToken }),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ Pour plus de détails sur l'API, reportez-vous [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ForgotPassword` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ForgotPassword`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
------
#### [ CLI ]
**AWS CLI**
**Pour forcer la modification d’un mot de passe**
L’exemple `forgot-password` suivant envoie un message à jane@example.com pour modifier son mot de passe.
```
aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com
```
Sortie :
```
{
"CodeDeliveryDetails": {
"Destination": "j***@e***.com",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forgot-password.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
```
+ Pour plus de détails sur l'API, reportez-vous [ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword)à la section *Référence des AWS SDK pour Go API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `InitiateAuth` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `InitiateAuth`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans les exemples de code suivants :
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Initiate authorization.
///
/// The client Id of the application.
/// The name of the user who is authenticating.
/// The password for the user who is authenticating.
/// The response from the initiate auth request.
public async Task InitiateAuthAsync(string clientId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var authRequest = new InitiateAuthRequest
{
ClientId = clientId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
};
var response = await _cognitoService.InitiateAuthAsync(authRequest);
Console.WriteLine($"Result Challenge is : {response.ChallengeName}");
return response;
}
```
+ Pour plus de détails sur l'API, reportez-vous [InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ CLI ]
**AWS CLI**
**Pour connecter un utilisateur**
L’exemple `initiate-auth` suivant connecte un utilisateur avec le flux de base nom d’utilisateur/mot de passe, sans difficulté supplémentaire.
```
aws cognito-idp initiate-auth \
--auth-flow USER_PASSWORD_AUTH \
--client-id 1example23456789 \
--analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \
--auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue
```
Sortie :
```
{
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-v7w9UcY6"
}
}
}
```
Pour plus d’informations, consultez [Authentification](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [InitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/initiate-auth.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
```
+ Pour plus de détails sur l'API, reportez-vous [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)à la section *Référence des AWS SDK pour Go API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const initiateAuth = ({ username, password, clientId }) => {
const client = new CognitoIdentityProviderClient({});
const command = new InitiateAuthCommand({
AuthFlow: AuthFlowType.USER_PASSWORD_AUTH,
AuthParameters: {
USERNAME: username,
PASSWORD: password,
},
ClientId: clientId,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Cet exemple vous montre comment démarrer l’authentification avec un appareil suivi. Pour terminer la connexion, le client doit répondre correctement aux stimulations SRP (Secure Remote Password).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
+ Pour plus de détails sur l'API, consultez [InitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ListUserPools` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ListUserPools`.
------
#### [ .NET ]
**SDK pour .NET (v4)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/Cognito#code-examples).
```
///
/// List the Amazon Cognito user pools for an account.
///
/// A list of UserPoolDescriptionType objects.
public async Task> ListUserPoolsAsync()
{
var userPools = new List();
var userPoolsPaginator = _cognitoService.Paginators.ListUserPools(new ListUserPoolsRequest());
await foreach (var response in userPoolsPaginator.Responses)
{
userPools.AddRange(response.UserPools);
}
return userPools;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://docs.aws.amazon.com/goto/DotNetSDKV4/cognito-idp-2016-04-18/ListUserPools)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ CLI ]
**AWS CLI**
**Pour afficher les groupes d’utilisateurs**
L'`list-user-pools`exemple suivant répertorie 3 des groupes d'utilisateurs disponibles dans le AWS compte des informations d'identification CLI actuelles.
```
aws cognito-idp list-user-pools \
--max-results 3
```
Sortie :
```
{
"NextToken": "[Pagination token]",
"UserPools": [
{
"CreationDate": 1681502497.741,
"Id": "us-west-2_EXAMPLE1",
"LambdaConfig": {
"CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreTokenGenerationConfig": {
"LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"LambdaVersion": "V1_0"
}
},
"LastModifiedDate": 1681502497.741,
"Name": "user pool 1"
},
{
"CreationDate": 1686064178.717,
"Id": "us-west-2_EXAMPLE2",
"LambdaConfig": {
},
"LastModifiedDate": 1686064178.873,
"Name": "user pool 2"
},
{
"CreationDate": 1627681712.237,
"Id": "us-west-2_EXAMPLE3",
"LambdaConfig": {
"UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction"
},
"LastModifiedDate": 1678486942.479,
"Name": "user pool 3"
}
]
}
```
Pour plus d’informations sur les [Groupes d’utilisateurs Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html), veuillez consulter le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pools.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
// main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service
// (Amazon SNS) client and list the topics in your account.
// This example uses the default settings specified in your shared credentials
// and config files.
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
fmt.Println("Couldn't load default configuration. Have you set up your AWS account?")
fmt.Println(err)
return
}
cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig)
fmt.Println("Let's list the user pools for your account.")
var pools []types.UserPoolDescriptionType
paginator := cognitoidentityprovider.NewListUserPoolsPaginator(
cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)})
for paginator.HasMorePages() {
output, err := paginator.NextPage(ctx)
if err != nil {
log.Printf("Couldn't get user pools. Here's why: %v\n", err)
} else {
pools = append(pools, output.UserPools...)
}
}
if len(pools) == 0 {
fmt.Println("You don't have any user pools!")
} else {
for _, pool := range pools {
fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id)
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)à la section *Référence des AWS SDK pour Go API*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ Rust ]
**SDK pour Rust**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitoidentityprovider#code-examples).
```
async fn show_pools(client: &Client) -> Result<(), Error> {
let response = client.list_user_pools().max_results(10).send().await?;
let pools = response.user_pools();
println!("User pools:");
for pool in pools {
println!(" ID: {}", pool.id().unwrap_or_default());
println!(" Name: {}", pool.name().unwrap_or_default());
println!(" Lambda Config: {:?}", pool.lambda_config().unwrap());
println!(
" Last modified: {}",
pool.last_modified_date().unwrap().to_chrono_utc()?
);
println!(
" Creation date: {:?}",
pool.creation_date().unwrap().to_chrono_utc()
);
println!();
}
println!("Next token: {}", response.next_token().unwrap_or_default());
Ok(())
}
```
+ Pour plus de détails sur l'API, voir [ListUserPools](https://docs.rs/aws-sdk-cognitoidentityprovider/latest/aws_sdk_cognitoidentityprovider/client/struct.Client.html#method.list_user_pools)la section de *référence de l'API AWS SDK for Rust*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ListUsers` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ListUsers`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Get a list of users for the Amazon Cognito user pool.
///
/// The user pool ID.
/// A list of users.
public async Task> ListUsersAsync(string userPoolId)
{
var request = new ListUsersRequest
{
UserPoolId = userPoolId
};
var users = new List();
var usersPaginator = _cognitoService.Paginators.ListUsers(request);
await foreach (var response in usersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ CLI ]
**AWS CLI**
**Exemple 1 : pour répertorier les utilisateurs à l’aide d’un filtre côté serveur**
L’exemple `list-users` suivant répertorie 3 utilisateurs du groupe d’utilisateurs demandé dont les adresses e-mail commencent par `testuser`.
```
aws cognito-idp list-users \
--user-pool-id us-west-2_EXAMPLE \
--filter email^=\"testuser\" \
--max-items 3
```
Sortie :
```
{
"PaginationToken": "efgh5678EXAMPLE",
"Users": [
{
"Attributes": [
{
"Name": "sub",
"Value": "eaad0219-2117-439f-8d46-4db20e59268f"
},
{
"Name": "email",
"Value": "testuser@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1682955829.578,
"UserLastModifiedDate": 1689030181.63,
"UserStatus": "CONFIRMED",
"Username": "testuser"
},
{
"Attributes": [
{
"Name": "sub",
"Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90"
},
{
"Name": "email",
"Value": "testuser2@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1684427979.201,
"UserLastModifiedDate": 1684427979.201,
"UserStatus": "UNCONFIRMED",
"Username": "testuser2"
},
{
"Attributes": [
{
"Name": "sub",
"Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7"
},
{
"Name": "email",
"Value": "testuser3@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1684427823.641,
"UserLastModifiedDate": 1684427823.641,
"UserStatus": "UNCONFIRMED",
"Username": "testuser3@example.com"
}
]
}
```
Pour plus d’informations, consultez [Gestion et recherche d’utilisateurs](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) dans le *Guide du développeur Amazon Cognito*.
**Exemple 2 : pour répertorier les utilisateurs à l’aide d’un filtre côté client**
L’exemple `list-users` suivant répertorie les attributs de trois utilisateurs dont un attribut, en l’occurrence leur adresse e-mail, contient le domaine de messagerie « @example.com ». Si d’autres attributs contenaient cette chaîne, ils seraient également affichés. Le second utilisateur n’a aucun attribut correspondant à la requête et est exclu de la sortie affichée, mais pas de la réponse du serveur.
```
aws cognito-idp list-users \
--user-pool-id us-west-2_EXAMPLE \
--max-items 3
--query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\]
```
Sortie :
```
[
[
{
"Name": "email",
"Value": "admin@example.com"
}
],
[],
[
{
"Name": "email",
"Value": "operator@example.com"
}
]
]
```
Pour plus d’informations, consultez [Gestion et recherche d’utilisateurs](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUsers {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolId - The ID given to your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolId = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUsers(cognitoClient, userPoolId);
listUsersFilter(cognitoClient, userPoolId);
cognitoClient.close();
}
public static void listAllUsers(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User " + user.username() + " Status " + user.userStatus() + " Created "
+ user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
// Shows how to list users by using a filter.
public static void listUsersFilter(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
String filter = "email = \"tblue@noserver.com\"";
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.filter(filter)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User with filter applied " + user.username() + " Status " + user.userStatus()
+ " Created " + user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const listUsers = ({ userPoolId }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ListUsersCommand({
UserPoolId: userPoolId,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun listAllUsers(userPoolId: String) {
val request =
ListUsersRequest {
this.userPoolId = userPoolId
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { cognitoClient ->
val response = cognitoClient.listUsers(request)
response.users?.forEach { user ->
println("The user name is ${user.username}")
}
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def list_users(self):
"""
Returns a list of the users in the current user pool.
:return: The list of users.
"""
try:
response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id)
users = response["Users"]
except ClientError as err:
logger.error(
"Couldn't list users for %s. Here's why: %s: %s",
self.user_pool_id,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return users
```
+ Pour plus de détails sur l'API, consultez [ListUsers](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**Kit SDK pour SAP ABAP**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
DATA(lo_result) = lo_cgp->listusers(
iv_userpoolid = iv_user_pool_id
).
ot_users = lo_result->get_users( ).
MESSAGE |Found { lines( ot_users ) } users in the pool.| TYPE 'I'.
CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex).
MESSAGE |User pool { iv_user_pool_id } not found.| TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized to list users.' TYPE 'E'.
ENDTRY.
```
+ Pour plus de détails sur l'API, consultez [ListUsers](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la section de référence du *AWS SDK pour l'API SAP ABAP*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
do {
let output = try await cognitoClient.listUsers(
input: ListUsersInput(
userPoolId: poolId
)
)
guard let users = output.users else {
print("No users found.")
return
}
print("\(users.count) user(s) found.")
for user in users {
print(" \(user.username ?? "")")
}
} catch _ as NotAuthorizedException {
print("*** Please authenticate with AWS before using this command.")
return
} catch _ as ResourceNotFoundException {
print("*** The specified User Pool was not found.")
return
} catch {
print("*** An unexpected type of error occurred.")
return
}
```
+ Pour plus de détails sur l'API, reportez-vous [ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `ResendConfirmationCode` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `ResendConfirmationCode`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Send a new confirmation code to a user.
///
/// The Id of the client application.
/// The username of user who will receive the code.
/// The delivery details.
public async Task ResendConfirmationCodeAsync(string clientId, string userName)
{
var codeRequest = new ResendConfirmationCodeRequest
{
ClientId = clientId,
Username = userName,
};
var response = await _cognitoService.ResendConfirmationCodeAsync(codeRequest);
Console.WriteLine($"Method of delivery is {response.CodeDeliveryDetails.DeliveryMedium}");
return response.CodeDeliveryDetails;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour renvoyer un code de confirmation**
L’exemple `resend-confirmation-code` suivant envoie un code de confirmation à l’utilisateur `jane`.
```
aws cognito-idp resend-confirmation-code \
--client-id 12a3b456c7de890f11g123hijk \
--username jane
```
Sortie :
```
{
"CodeDeliveryDetails": {
"Destination": "j***@e***.com",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
}
```
Pour plus d’informations, consultez [Inscription et confirmation de comptes utilisateur](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/resend-confirmation-code.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const resendConfirmationCode = ({ clientId, username }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ResendConfirmationCodeCommand({
ClientId: clientId,
Username: username,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def resend_confirmation(self, user_name):
"""
Prompts Amazon Cognito to resend an email with a new confirmation code.
:param user_name: The name of the user who will receive the email.
:return: Delivery information about where the email is sent.
"""
try:
kwargs = {"ClientId": self.client_id, "Username": user_name}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.resend_confirmation_code(**kwargs)
delivery = response["CodeDeliveryDetails"]
except ClientError as err:
logger.error(
"Couldn't resend confirmation to %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return delivery
```
+ Pour plus de détails sur l'API, consultez [ResendConfirmationCode](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Requests a new confirmation code be sent to the given user's contact
/// method.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The application client ID.
/// - userName: The user to resend a code for.
///
/// - Returns: `true` if a new code was sent successfully, otherwise
/// `false`.
func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String) async -> Bool {
do {
let output = try await cipClient.resendConfirmationCode(
input: ResendConfirmationCodeInput(
clientId: clientId,
username: userName
)
)
guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else {
print("*** Unable to get the delivery method for the resent code.")
return false
}
print("=====> A new code has been sent by \(deliveryMedium)")
return true
} catch {
print("*** Unable to resend the confirmation code to user \(userName).")
return false
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `RespondToAuthChallenge` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `RespondToAuthChallenge`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ CLI ]
**AWS CLI**
**Exemple 1 : pour répondre à un défi NEW\$1PASSWORD\$1REQUIRED**
L’exemple `respond-to-auth-challenge` suivant répond à un défi NEW\$1PASSWORD\$1REQUIRED renvoyé par initiate-auth. Il définit un mot de passe pour l’utilisateur `jane@example.com`.
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789 \
--challenge-name NEW_PASSWORD_REQUIRED \
--challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \
--session AYABeEv5HklEXAMPLE
```
Sortie :
```
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "ACCESS_TOKEN",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "REFRESH_TOKEN",
"IdToken": "ID_TOKEN",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-wt2ha1Zd"
}
}
}
```
Pour plus d’informations, consultez [Authentification](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) dans le *Guide du développeur Amazon Cognito*.
**Exemple 2 : pour répondre à un défi SELECT\$1MFA\$1TYPE**
L’exemple `respond-to-auth-challenge` suivant choisit l’authentification MFA par TOTP comme option MFA pour l’utilisateur actuel. L’utilisateur a été invité à sélectionner un type d’authentification MFA et sera ensuite invité à saisir son code MFA.
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789
--session AYABeEv5HklEXAMPLE
--challenge-name SELECT_MFA_TYPE
--challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA
```
Sortie :
```
{
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": "AYABeEv5HklEXAMPLE",
"ChallengeParameters": {
"FRIENDLY_DEVICE_NAME": "transparent"
}
}
```
Pour plus d’informations, consultez [Ajout de l’authentification MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) dans le *Guide du développeur Amazon Cognito*.
**Exemple 3 : pour répondre à un défi SOFTWARE\$1TOKEN\$1MFA**
L’exemple `respond-to-auth-challenge` suivant fournit un code d’authentification MFA par TOTP et termine la connexion.
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789 \
--session AYABeEv5HklEXAMPLE \
--challenge-name SOFTWARE_TOKEN_MFA \
--challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456
```
Sortie :
```
{
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-v7w9UcY6"
}
}
}
```
Pour plus d’informations, consultez [Ajout de l’authentification MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [RespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)à la section *Référence des AWS CLI commandes*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const respondToAuthChallenge = ({
clientId,
username,
session,
userPoolId,
code,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new RespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: code,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Connectez-vous à l’aide d’un appareil suivi. Pour terminer la connexion, le client doit répondre correctement aux stimulations SRP (Secure Remote Password).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
+ Pour plus de détails sur l'API, consultez [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `SignUp` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `SignUp`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans les exemples de code suivants :
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Sign up a new user.
///
/// The client Id of the application.
/// The username to use.
/// The user's password.
/// The email address of the user.
/// A Boolean value indicating whether the user was confirmed.
public async Task SignUpAsync(string clientId, string userName, string password, string email)
{
var userAttrs = new AttributeType
{
Name = "email",
Value = email,
};
var userAttrsList = new List();
userAttrsList.Add(userAttrs);
var signUpRequest = new SignUpRequest
{
UserAttributes = userAttrsList,
Username = userName,
ClientId = clientId,
Password = password
};
var response = await _cognitoService.SignUpAsync(signUpRequest);
return response.HttpStatusCode == HttpStatusCode.OK;
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour inscrire un utilisateur**
Cet exemple inscrit jane@example.com.
Commande :
```
aws cognito-idp sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username jane@example.com --password PASSWORD --user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane"
```
Sortie :
```
{
"UserConfirmed": false,
"UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862"
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/sign-up.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)à la section *Référence des AWS SDK pour Go API*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const signUp = ({ clientId, username, password, email }) => {
const client = new CognitoIdentityProviderClient({});
const command = new SignUpCommand({
ClientId: clientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
```
+ Pour plus de détails sur l'API, consultez [SignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Create a new user in a user pool.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The ID of the app client to create a user for.
/// - userName: The username for the new user.
/// - password: The new user's password.
/// - email: The new user's email address.
///
/// - Returns: `true` if successful; otherwise `false`.
func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool {
let emailAttr = CognitoIdentityProviderClientTypes.AttributeType(
name: "email",
value: email
)
let userAttrsList = [emailAttr]
do {
_ = try await cipClient.signUp(
input: SignUpInput(
clientId: clientId,
password: password,
userAttributes: userAttrsList,
username: userName
)
)
print("=====> User \(userName) signed up.")
} catch _ as AWSCognitoIdentityProvider.UsernameExistsException {
print("*** The username \(userName) already exists. Please use a different one.")
return false
} catch let error as AWSCognitoIdentityProvider.InvalidPasswordException {
print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "").")
return false
} catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException {
print("*** Error: The specified client ID (\(clientId)) doesn't exist.")
return false
} catch {
print("*** Unexpected error: \(error)")
return false
}
return true
}
```
+ Pour plus de détails sur l'API, reportez-vous [SignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/signup(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `UpdateUserPool` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `UpdateUserPool`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans les exemples de code suivants :
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**Pour mettre à jour un groupe d’utilisateurs**
L’exemple `update-user-pool` suivant modifie un groupe d’utilisateurs avec un exemple de syntaxe pour chacune des options de configuration disponibles. Pour mettre à jour un groupe d’utilisateurs, vous devez spécifier toutes les options précédemment configurées, sinon elles seront réinitialisées à une valeur par défaut.
```
aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \
--policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \
--deletion-protection ACTIVE \
--lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \
--auto-verified-attributes "phone_number" "email" \
--verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \
--sms-authentication-message "Your code is {####}" \
--user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \
--mfa-configuration "OPTIONAL" \
--device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \
--email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \
--sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-add-ons AdvancedSecurityMode="AUDIT" \
--account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\]
```
Cette commande ne produit aucune sortie.
Pour plus d’informations, consultez [Mise à jour de la configuration d’un groupe d’utilisateurs](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [UpdateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples).
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
```
+ Pour plus de détails sur l'API, reportez-vous [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)à la section *Référence des AWS SDK pour Go API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples).
```
/**
* Connect a Lambda function to the PreSignUp trigger for a Cognito user pool
* @param {{ region: string, userPoolId: string, handlerArn: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").UpdateUserPoolCommandOutput | null, unknown]>}
*/
export const addPreSignUpHandler = async ({
region,
userPoolId,
handlerArn,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const command = new UpdateUserPoolCommand({
UserPoolId: userPoolId,
LambdaConfig: {
PreSignUp: handlerArn,
},
});
const response = await cognitoClient.send(command);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ Pour plus de détails sur l'API, reportez-vous [UpdateUserPool](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/UpdateUserPoolCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utilisation `VerifySoftwareToken` avec un AWS SDK ou une CLI
Les exemples de code suivants illustrent comment utiliser `VerifySoftwareToken`.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
///
/// Verify the TOTP and register for MFA.
///
/// The name of the session.
/// The MFA code.
/// The status of the software token.
public async Task VerifySoftwareTokenAsync(string session, string code)
{
var tokenRequest = new VerifySoftwareTokenRequest
{
UserCode = code,
Session = session,
};
var verifyResponse = await _cognitoService.VerifySoftwareTokenAsync(tokenRequest);
return verifyResponse.Status;
}
```
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken)à la section *Référence des AWS SDK pour .NET API*.
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)à la section *Référence des AWS SDK pour C\$1\$1 API*.
------
#### [ CLI ]
**AWS CLI**
**Pour confirmer l’enregistrement d’un authentificateur TOTP**
L’exemple `verify-software-token` suivant termine l’enregistrement TOTP pour l’utilisateur actuel.
```
aws cognito-idp verify-software-token \
--access-token eyJra456defEXAMPLE \
--user-code 123456
```
Sortie :
```
{
"Status": "SUCCESS"
}
```
Pour plus d’informations, consultez [Ajout de l’authentification MFA à un groupe d’utilisateurs](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) dans le *Guide du développeur Amazon Cognito*.
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-software-token.html)à la section *Référence des AWS CLI commandes*.
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)à la section *Référence des AWS SDK for Java 2.x API*.
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples).
```
const verifySoftwareToken = (totp) => {
const client = new CognitoIdentityProviderClient({});
// The 'Session' is provided in the response to 'AssociateSoftwareToken'.
const session = process.env.SESSION;
if (!session) {
throw new Error(
"Missing a valid Session. Did you run 'admin-initiate-auth'?",
);
}
const command = new VerifySoftwareTokenCommand({
Session: session,
UserCode: totp,
});
return client.send(command);
};
```
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)à la section *Référence des AWS SDK pour JavaScript API*.
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)à la section *AWS SDK pour la référence de l'API Kotlin*.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def verify_mfa(self, session, user_code):
"""
Verify a new MFA application that is associated with a user.
:param session: Session information returned from a previous call to initiate
authentication.
:param user_code: A code generated by the associated MFA application.
:return: Status that indicates whether the MFA application is verified.
"""
try:
response = self.cognito_idp_client.verify_software_token(
Session=session, UserCode=user_code
)
except ClientError as err:
logger.error(
"Couldn't verify MFA. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ Pour plus de détails sur l'API, consultez [VerifySoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)le *AWS manuel de référence de l'API SDK for Python (Boto3*).
------
#### [ SAP ABAP ]
**Kit SDK pour SAP ABAP**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples).
```
TRY.
DATA(lo_result) = lo_cgp->verifysoftwaretoken(
iv_session = iv_session
iv_usercode = iv_user_code
).
ov_status = lo_result->get_status( ).
IF ov_status = 'SUCCESS'.
MESSAGE 'MFA token verified successfully.' TYPE 'I'.
ELSE.
MESSAGE |MFA verification status: { ov_status }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex).
MESSAGE 'Invalid MFA code provided.' TYPE 'E'.
CATCH /aws1/cx_cgpenbsoftwaretokmf00 INTO DATA(lo_enabled_ex).
MESSAGE 'Software token MFA is already enabled.' TYPE 'E'.
ENDTRY.
```
+ Pour plus de détails sur l'API, consultez [VerifySoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)la section de référence du *AWS SDK pour l'API SAP ABAP*.
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Confirm that the user's TOTP authenticator is configured correctly by
/// sending a code to it to check that it matches successfully.
///
/// - Parameters:
/// - cipClient: The `CongnitoIdentityProviderClient` to use.
/// - session: An authentication session previously returned by an
/// `associateSoftwareToken()` call.
/// - mfaCode: The 6-digit code currently displayed by the user's
/// authenticator, as provided by the user.
func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
do {
let output = try await cipClient.verifySoftwareToken(
input: VerifySoftwareTokenInput(
session: session,
userCode: mfaCode
)
)
guard let tokenStatus = output.status else {
print("*** Unable to get the token's status.")
return
}
print("=====> The token's status is: \(tokenStatus)")
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user has not been confirmed.")
return
} catch {
print("*** Error verifying the MFA token!")
return
}
}
```
+ Pour plus de détails sur l'API, reportez-vous [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))à la section *AWS SDK pour la référence de l'API Swift*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Scénarios pour le fournisseur d'identité Amazon Cognito utilisant AWS SDKs
Les exemples de code suivants vous montrent comment implémenter des scénarios courants dans le fournisseur d'identité Amazon Cognito avec. AWS SDKs Ces scénarios vous montrent comment accomplir des tâches spécifiques en appelant plusieurs fonctions dans le fournisseur d’identité Amazon Cognito ou en les combinant avec d’autres Services AWS. Chaque exemple inclut un lien vers le code source complet, où vous trouverez des instructions sur la configuration et l’exécution du code.
Les scénarios ciblent un niveau d’expérience intermédiaire pour vous aider à comprendre les actions de service dans leur contexte.
**Topics**
+ [Confirmation automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [Migration automatique des utilisateurs connus avec une fonction Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [Inscription d’un utilisateur auprès d’un groupe d’utilisateurs nécessitant l’authentification MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [Utiliser les pools d'identités Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md)
+ [Rédaction de données d’activité personnalisées à l’aide d’une fonction Lambda après authentification de l’utilisateur Amazon Cognito](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
# Confirmez automatiquement les utilisateurs Amazon Cognito connus à l'aide d'une fonction Lambda à l'aide d'un SDK AWS
Les exemples de code suivants illustrent comment confirmer automatiquement les utilisateurs Amazon Cognito connus avec une fonction Lambda.
+ Configurez un groupe d’utilisateurs pour appeler une fonction Lambda pour le déclencheur `PreSignUp`.
+ Inscription d’un utilisateur avec Amazon Cognito.
+ La fonction Lambda analyse une table DynamoDB et confirme automatiquement les utilisateurs connus.
+ Connectez-vous en tant que nouvel utilisateur, puis nettoyez les ressources.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples).
Exécutez un scénario interactif à une invite de commande.
```
import (
"context"
"errors"
"log"
"strings"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// AutoConfirm separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type AutoConfirm struct {
helper IScenarioHelper
questioner demotools.IQuestioner
resources Resources
cognitoActor *actions.CognitoActions
}
// NewAutoConfirm constructs a new auto confirm runner.
func NewAutoConfirm(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) AutoConfirm {
scenario := AutoConfirm{
helper: helper,
questioner: questioner,
resources: Resources{},
cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
}
scenario.resources.init(scenario.cognitoActor, questioner)
return scenario
}
// AddPreSignUpTrigger adds a Lambda handler as an invocation target for the PreSignUp trigger.
func (runner *AutoConfirm) AddPreSignUpTrigger(ctx context.Context, userPoolId string, functionArn string) {
log.Printf("Let's add a Lambda function to handle the PreSignUp trigger from Cognito.\n" +
"This trigger happens when a user signs up, and lets your function take action before the main Cognito\n" +
"sign up processing occurs.\n")
err := runner.cognitoActor.UpdateTriggers(
ctx, userPoolId,
actions.TriggerInfo{Trigger: actions.PreSignUp, HandlerArn: aws.String(functionArn)})
if err != nil {
panic(err)
}
log.Printf("Lambda function %v added to user pool %v to handle the PreSignUp trigger.\n",
functionArn, userPoolId)
}
// SignUpUser signs up a user from the known user table with a password you specify.
func (runner *AutoConfirm) SignUpUser(ctx context.Context, clientId string, usersTable string) (string, string) {
log.Println("Let's sign up a user to your Cognito user pool. When the user's email matches an email in the\n" +
"DynamoDB known users table, it is automatically verified and the user is confirmed.")
knownUsers, err := runner.helper.GetKnownUsers(ctx, usersTable)
if err != nil {
panic(err)
}
userChoice := runner.questioner.AskChoice("Which user do you want to use?\n", knownUsers.UserNameList())
user := knownUsers.Users[userChoice]
var signedUp bool
var userConfirmed bool
password := runner.questioner.AskPassword("Enter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
"(the password will not display as you type):", 8)
for !signedUp {
log.Printf("Signing up user '%v' with email '%v' to Cognito.\n", user.UserName, user.UserEmail)
userConfirmed, err = runner.cognitoActor.SignUp(ctx, clientId, user.UserName, password, user.UserEmail)
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
password = runner.questioner.AskPassword("Enter another password:", 8)
} else {
panic(err)
}
} else {
signedUp = true
}
}
log.Printf("User %v signed up, confirmed = %v.\n", user.UserName, userConfirmed)
log.Println(strings.Repeat("-", 88))
return user.UserName, password
}
// SignInUser signs in a user.
func (runner *AutoConfirm) SignInUser(ctx context.Context, clientId string, userName string, password string) string {
runner.questioner.Ask("Press Enter when you're ready to continue.")
log.Printf("Let's sign in as %v...\n", userName)
authResult, err := runner.cognitoActor.SignIn(ctx, clientId, userName, password)
if err != nil {
panic(err)
}
log.Printf("Successfully signed in. Your access token starts with: %v...\n", (*authResult.AccessToken)[:10])
log.Println(strings.Repeat("-", 88))
return *authResult.AccessToken
}
// Run runs the scenario.
func (runner *AutoConfirm) Run(ctx context.Context, stackName string) {
defer func() {
if r := recover(); r != nil {
log.Println("Something went wrong with the demo.")
runner.resources.Cleanup(ctx)
}
}()
log.Println(strings.Repeat("-", 88))
log.Printf("Welcome\n")
log.Println(strings.Repeat("-", 88))
stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
if err != nil {
panic(err)
}
runner.resources.userPoolId = stackOutputs["UserPoolId"]
runner.helper.PopulateUserTable(ctx, stackOutputs["TableName"])
runner.AddPreSignUpTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["AutoConfirmFunctionArn"])
runner.resources.triggers = append(runner.resources.triggers, actions.PreSignUp)
userName, password := runner.SignUpUser(ctx, stackOutputs["UserPoolClientId"], stackOutputs["TableName"])
runner.helper.ListRecentLogEvents(ctx, stackOutputs["AutoConfirmFunction"])
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens,
runner.SignInUser(ctx, stackOutputs["UserPoolClientId"], userName, password))
runner.resources.Cleanup(ctx)
log.Println(strings.Repeat("-", 88))
log.Println("Thanks for watching!")
log.Println(strings.Repeat("-", 88))
}
```
Gérez le déclencheur `PreSignUp` avec une fonction Lambda.
```
import (
"context"
"log"
"os"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
const TABLE_NAME = "TABLE_NAME"
// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
UserName string `dynamodbav:"UserName"`
UserEmail string `dynamodbav:"UserEmail"`
}
// GetKey marshals the user email value to a DynamoDB key format.
func (user UserInfo) GetKey() map[string]dynamodbtypes.AttributeValue {
userEmail, err := attributevalue.Marshal(user.UserEmail)
if err != nil {
panic(err)
}
return map[string]dynamodbtypes.AttributeValue{"UserEmail": userEmail}
}
type handler struct {
dynamoClient *dynamodb.Client
}
// HandleRequest handles the PreSignUp event by looking up a user in an Amazon DynamoDB table and
// specifying whether they should be confirmed and verified.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsPreSignup) (events.CognitoEventUserPoolsPreSignup, error) {
log.Printf("Received presignup from %v for user '%v'", event.TriggerSource, event.UserName)
if event.TriggerSource != "PreSignUp_SignUp" {
// Other trigger sources, such as PreSignUp_AdminInitiateAuth, ignore the response from this handler.
return event, nil
}
tableName := os.Getenv(TABLE_NAME)
user := UserInfo{
UserEmail: event.Request.UserAttributes["email"],
}
log.Printf("Looking up email %v in table %v.\n", user.UserEmail, tableName)
output, err := h.dynamoClient.GetItem(ctx, &dynamodb.GetItemInput{
Key: user.GetKey(),
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Error looking up email %v.\n", user.UserEmail)
return event, err
}
if output.Item == nil {
log.Printf("Email %v not found. Email verification is required.\n", user.UserEmail)
return event, err
}
err = attributevalue.UnmarshalMap(output.Item, &user)
if err != nil {
log.Printf("Couldn't unmarshal DynamoDB item. Here's why: %v\n", err)
return event, err
}
if user.UserName != event.UserName {
log.Printf("UserEmail %v found, but stored UserName '%v' does not match supplied UserName '%v'. Verification is required.\n",
user.UserEmail, user.UserName, event.UserName)
} else {
log.Printf("UserEmail %v found with matching UserName %v. User is confirmed.\n", user.UserEmail, user.UserName)
event.Response.AutoConfirmUser = true
event.Response.AutoVerifyEmail = true
}
return event, err
}
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
log.Panicln(err)
}
h := handler{
dynamoClient: dynamodb.NewFromConfig(sdkConfig),
}
lambda.Start(h.HandleRequest)
}
```
Créez une structure qui exécute les tâches courantes.
```
import (
"context"
"log"
"strings"
"time"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
Pause(secs int)
GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
PopulateUserTable(ctx context.Context, tableName string)
GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
AddKnownUser(ctx context.Context, tableName string, user actions.User)
ListRecentLogEvents(ctx context.Context, functionName string)
}
// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
questioner demotools.IQuestioner
dynamoActor *actions.DynamoActions
cfnActor *actions.CloudFormationActions
cwlActor *actions.CloudWatchLogsActions
isTestRun bool
}
// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
scenario := ScenarioHelper{
questioner: questioner,
dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
}
return scenario
}
// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
if !helper.isTestRun {
time.Sleep(time.Duration(secs) * time.Second)
}
}
// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
return helper.cfnActor.GetOutputs(ctx, stackName), nil
}
// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
err := helper.dynamoActor.PopulateTable(ctx, tableName)
if err != nil {
panic(err)
}
}
// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
if err != nil {
log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
}
return knownUsers, err
}
// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
user.UserName, user.UserEmail)
err := helper.dynamoActor.AddUser(ctx, tableName, user)
if err != nil {
panic(err)
}
}
// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
helper.Pause(10)
log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
if err != nil {
panic(err)
}
log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
if err != nil {
panic(err)
}
for _, event := range events {
log.Printf("\t%v", *event.Message)
}
log.Println(strings.Repeat("-", 88))
}
```
Créez une structure qui encapsule les actions Amazon Cognito.
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
Créez une structure qui encapsule les actions DynamoDB.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
DynamoClient *dynamodb.Client
}
// User defines structured user data.
type User struct {
UserName string
UserEmail string
LastLogin *LoginInfo `dynamodbav:",omitempty"`
}
// LoginInfo defines structured custom login data.
type LoginInfo struct {
UserPoolId string
ClientId string
Time string
}
// UserList defines a list of users.
type UserList struct {
Users []User
}
// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
names := make([]string, len(users.Users))
for i := 0; i < len(users.Users); i++ {
names[i] = users.Users[i].UserName
}
return names
}
// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
var err error
var item map[string]types.AttributeValue
var writeReqs []types.WriteRequest
for i := 1; i < 4; i++ {
item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
if err != nil {
log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
return err
}
writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
}
_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
})
if err != nil {
log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
}
return err
}
// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
var userList UserList
output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
} else {
err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
if err != nil {
log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
}
}
return userList, err
}
// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
userItem, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
}
_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userItem,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
}
return err
}
```
Créez une structure qui englobe les actions CloudWatch Logs.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)
type CloudWatchLogsActions struct {
CwlClient *cloudwatchlogs.Client
}
// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
var logStream types.LogStream
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
Descending: aws.Bool(true),
Limit: aws.Int32(1),
LogGroupName: aws.String(logGroupName),
OrderBy: types.OrderByLastEventTime,
})
if err != nil {
log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
} else {
logStream = output.LogStreams[0]
}
return logStream, err
}
// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
[]types.OutputLogEvent, error) {
var events []types.OutputLogEvent
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
LogStreamName: aws.String(logStreamName),
Limit: aws.Int32(eventCount),
LogGroupName: aws.String(logGroupName),
})
if err != nil {
log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
} else {
events = output.Events
}
return events, err
}
```
Créez une structure qui englobe les actions. CloudFormation
```
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)
// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string
type CloudFormationActions struct {
CfnClient *cloudformation.Client
}
// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(stackName),
})
if err != nil || len(output.Stacks) == 0 {
log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
}
stackOutputs := StackOutputs{}
for _, out := range output.Stacks[0].Outputs {
stackOutputs[*out.OutputKey] = *out.OutputValue
}
return stackOutputs
}
```
Nettoyez les ressources.
```
import (
"context"
"log"
"user_pools_and_lambda_triggers/actions"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
userPoolId string
userAccessTokens []string
triggers []actions.Trigger
cognitoActor *actions.CognitoActions
questioner demotools.IQuestioner
}
func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
resources.userAccessTokens = []string{}
resources.triggers = []actions.Trigger{}
resources.cognitoActor = cognitoActor
resources.questioner = questioner
}
// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
defer func() {
if r := recover(); r != nil {
log.Printf("Something went wrong during cleanup.\n%v\n", r)
log.Println("Use the AWS Management Console to remove any remaining resources \n" +
"that were created for this scenario.")
}
}()
wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
"during this demo (y/n)?", "y")
if wantDelete {
for _, accessToken := range resources.userAccessTokens {
err := resources.cognitoActor.DeleteUser(ctx, accessToken)
if err != nil {
log.Println("Couldn't delete user during cleanup.")
panic(err)
}
log.Println("Deleted user.")
}
triggerList := make([]actions.TriggerInfo, len(resources.triggers))
for i := 0; i < len(resources.triggers); i++ {
triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
}
err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
if err != nil {
log.Println("Couldn't update Cognito triggers during cleanup.")
panic(err)
}
log.Println("Removed Cognito triggers from user pool.")
} else {
log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour Go *.
+ [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
+ [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
+ [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)
+ [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples).
Configurez une exécution interactive de type « Scénario ». Les exemples JavaScript (v3) partagent un générateur de scénarios pour rationaliser les exemples complexes. Le code source complet est activé GitHub.
```
import { AutoConfirm } from "./scenario-auto-confirm.js";
/**
* The context is passed to every scenario. Scenario steps
* will modify the context.
*/
const context = {
errors: [],
users: [
{
UserName: "test_user_1",
UserEmail: "test_email_1@example.com",
},
{
UserName: "test_user_2",
UserEmail: "test_email_2@example.com",
},
{
UserName: "test_user_3",
UserEmail: "test_email_3@example.com",
},
],
};
/**
* Three Scenarios are created for the workflow. A Scenario is an orchestration class
* that simplifies running a series of steps.
*/
export const scenarios = {
// Demonstrate automatically confirming known users in a database.
"auto-confirm": AutoConfirm(context),
};
// Call function if run directly
import { fileURLToPath } from "node:url";
import { parseScenarioArgs } from "@aws-doc-sdk-examples/lib/scenario/index.js";
if (process.argv[1] === fileURLToPath(import.meta.url)) {
parseScenarioArgs(scenarios, {
name: "Cognito user pools and triggers",
description:
"Demonstrate how to use the AWS SDKs to customize Amazon Cognito authentication behavior.",
});
}
```
Ce scénario illustre la confirmation automatique d’un utilisateur connu. Il orchestre les étapes de l’exemple.
```
import { wait } from "@aws-doc-sdk-examples/lib/utils/util-timers.js";
import {
Scenario,
ScenarioAction,
ScenarioInput,
ScenarioOutput,
} from "@aws-doc-sdk-examples/lib/scenario/scenario.js";
import {
getStackOutputs,
logCleanUpReminder,
promptForStackName,
promptForStackRegion,
skipWhenErrors,
} from "./steps-common.js";
import { populateTable } from "./actions/dynamodb-actions.js";
import {
addPreSignUpHandler,
deleteUser,
getUser,
signIn,
signUpUser,
} from "./actions/cognito-actions.js";
import {
getLatestLogStreamForLambda,
getLogEvents,
} from "./actions/cloudwatch-logs-actions.js";
/**
* @typedef {{
* errors: Error[],
* password: string,
* users: { UserName: string, UserEmail: string }[],
* selectedUser?: string,
* stackName?: string,
* stackRegion?: string,
* token?: string,
* confirmDeleteSignedInUser?: boolean,
* TableName?: string,
* UserPoolClientId?: string,
* UserPoolId?: string,
* UserPoolArn?: string,
* AutoConfirmHandlerArn?: string,
* AutoConfirmHandlerName?: string
* }} State
*/
const greeting = new ScenarioOutput(
"greeting",
(/** @type {State} */ state) => `This demo will populate some users into the \
database created as part of the "${state.stackName}" stack. \
Then the AutoConfirmHandler will be linked to the PreSignUp \
trigger from Cognito. Finally, you will choose a user to sign up.`,
{ skipWhen: skipWhenErrors },
);
const logPopulatingUsers = new ScenarioOutput(
"logPopulatingUsers",
"Populating the DynamoDB table with some users.",
{ skipWhenErrors: skipWhenErrors },
);
const logPopulatingUsersComplete = new ScenarioOutput(
"logPopulatingUsersComplete",
"Done populating users.",
{ skipWhen: skipWhenErrors },
);
const populateUsers = new ScenarioAction(
"populateUsers",
async (/** @type {State} */ state) => {
const [_, err] = await populateTable({
region: state.stackRegion,
tableName: state.TableName,
items: state.users,
});
if (err) {
state.errors.push(err);
}
},
{
skipWhen: skipWhenErrors,
},
);
const logSetupSignUpTrigger = new ScenarioOutput(
"logSetupSignUpTrigger",
"Setting up the PreSignUp trigger for the Cognito User Pool.",
{ skipWhen: skipWhenErrors },
);
const setupSignUpTrigger = new ScenarioAction(
"setupSignUpTrigger",
async (/** @type {State} */ state) => {
const [_, err] = await addPreSignUpHandler({
region: state.stackRegion,
userPoolId: state.UserPoolId,
handlerArn: state.AutoConfirmHandlerArn,
});
if (err) {
state.errors.push(err);
}
},
{
skipWhen: skipWhenErrors,
},
);
const logSetupSignUpTriggerComplete = new ScenarioOutput(
"logSetupSignUpTriggerComplete",
(
/** @type {State} */ state,
) => `The lambda function "${state.AutoConfirmHandlerName}" \
has been configured as the PreSignUp trigger handler for the user pool "${state.UserPoolId}".`,
{ skipWhen: skipWhenErrors },
);
const selectUser = new ScenarioInput(
"selectedUser",
"Select a user to sign up.",
{
type: "select",
choices: (/** @type {State} */ state) => state.users.map((u) => u.UserName),
skipWhen: skipWhenErrors,
default: (/** @type {State} */ state) => state.users[0].UserName,
},
);
const checkIfUserAlreadyExists = new ScenarioAction(
"checkIfUserAlreadyExists",
async (/** @type {State} */ state) => {
const [user, err] = await getUser({
region: state.stackRegion,
userPoolId: state.UserPoolId,
username: state.selectedUser,
});
if (err?.name === "UserNotFoundException") {
// Do nothing. We're not expecting the user to exist before
// sign up is complete.
return;
}
if (err) {
state.errors.push(err);
return;
}
if (user) {
state.errors.push(
new Error(
`The user "${state.selectedUser}" already exists in the user pool "${state.UserPoolId}".`,
),
);
}
},
{
skipWhen: skipWhenErrors,
},
);
const createPassword = new ScenarioInput(
"password",
"Enter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.",
{ type: "password", skipWhen: skipWhenErrors, default: "Abcd1234!" },
);
const logSignUpExistingUser = new ScenarioOutput(
"logSignUpExistingUser",
(/** @type {State} */ state) => `Signing up user "${state.selectedUser}".`,
{ skipWhen: skipWhenErrors },
);
const signUpExistingUser = new ScenarioAction(
"signUpExistingUser",
async (/** @type {State} */ state) => {
const signUp = (password) =>
signUpUser({
region: state.stackRegion,
userPoolClientId: state.UserPoolClientId,
username: state.selectedUser,
email: state.users.find((u) => u.UserName === state.selectedUser)
.UserEmail,
password,
});
let [_, err] = await signUp(state.password);
while (err?.name === "InvalidPasswordException") {
console.warn("The password you entered was invalid.");
await createPassword.handle(state);
[_, err] = await signUp(state.password);
}
if (err) {
state.errors.push(err);
}
},
{ skipWhen: skipWhenErrors },
);
const logSignUpExistingUserComplete = new ScenarioOutput(
"logSignUpExistingUserComplete",
(/** @type {State} */ state) =>
`"${state.selectedUser} was signed up successfully.`,
{ skipWhen: skipWhenErrors },
);
const logLambdaLogs = new ScenarioAction(
"logLambdaLogs",
async (/** @type {State} */ state) => {
console.log(
"Waiting a few seconds to let Lambda write to CloudWatch Logs...\n",
);
await wait(10);
const [logStream, logStreamErr] = await getLatestLogStreamForLambda({
functionName: state.AutoConfirmHandlerName,
region: state.stackRegion,
});
if (logStreamErr) {
state.errors.push(logStreamErr);
return;
}
console.log(
`Getting some recent events from log stream "${logStream.logStreamName}"`,
);
const [logEvents, logEventsErr] = await getLogEvents({
functionName: state.AutoConfirmHandlerName,
region: state.stackRegion,
eventCount: 10,
logStreamName: logStream.logStreamName,
});
if (logEventsErr) {
state.errors.push(logEventsErr);
return;
}
console.log(logEvents.map((ev) => `\t${ev.message}`).join(""));
},
{ skipWhen: skipWhenErrors },
);
const logSignInUser = new ScenarioOutput(
"logSignInUser",
(/** @type {State} */ state) => `Let's sign in as ${state.selectedUser}`,
{ skipWhen: skipWhenErrors },
);
const signInUser = new ScenarioAction(
"signInUser",
async (/** @type {State} */ state) => {
const [response, err] = await signIn({
region: state.stackRegion,
clientId: state.UserPoolClientId,
username: state.selectedUser,
password: state.password,
});
if (err?.name === "PasswordResetRequiredException") {
state.errors.push(new Error("Please reset your password."));
return;
}
if (err) {
state.errors.push(err);
return;
}
state.token = response?.AuthenticationResult?.AccessToken;
},
{ skipWhen: skipWhenErrors },
);
const logSignInUserComplete = new ScenarioOutput(
"logSignInUserComplete",
(/** @type {State} */ state) =>
`Successfully signed in. Your access token starts with: ${state.token.slice(0, 11)}`,
{ skipWhen: skipWhenErrors },
);
const confirmDeleteSignedInUser = new ScenarioInput(
"confirmDeleteSignedInUser",
"Do you want to delete the currently signed in user?",
{ type: "confirm", skipWhen: skipWhenErrors },
);
const deleteSignedInUser = new ScenarioAction(
"deleteSignedInUser",
async (/** @type {State} */ state) => {
const [_, err] = await deleteUser({
region: state.stackRegion,
accessToken: state.token,
});
if (err) {
state.errors.push(err);
}
},
{
skipWhen: (/** @type {State} */ state) =>
skipWhenErrors(state) || !state.confirmDeleteSignedInUser,
},
);
const logErrors = new ScenarioOutput(
"logErrors",
(/** @type {State}*/ state) => {
const errorList = state.errors
.map((err) => ` - ${err.name}: ${err.message}`)
.join("\n");
return `Scenario errors found:\n${errorList}`;
},
{
// Don't log errors when there aren't any!
skipWhen: (/** @type {State} */ state) => state.errors.length === 0,
},
);
export const AutoConfirm = (context) =>
new Scenario(
"AutoConfirm",
[
promptForStackName,
promptForStackRegion,
getStackOutputs,
greeting,
logPopulatingUsers,
populateUsers,
logPopulatingUsersComplete,
logSetupSignUpTrigger,
setupSignUpTrigger,
logSetupSignUpTriggerComplete,
selectUser,
checkIfUserAlreadyExists,
createPassword,
logSignUpExistingUser,
signUpExistingUser,
logSignUpExistingUserComplete,
logLambdaLogs,
logSignInUser,
signInUser,
logSignInUserComplete,
confirmDeleteSignedInUser,
deleteSignedInUser,
logCleanUpReminder,
logErrors,
],
context,
);
```
Ces étapes sont partagées avec d’autres scénarios.
```
import {
ScenarioAction,
ScenarioInput,
ScenarioOutput,
} from "@aws-doc-sdk-examples/lib/scenario/scenario.js";
import { getCfnOutputs } from "@aws-doc-sdk-examples/lib/sdk/cfn-outputs.js";
export const skipWhenErrors = (state) => state.errors.length > 0;
export const getStackOutputs = new ScenarioAction(
"getStackOutputs",
async (state) => {
if (!state.stackName || !state.stackRegion) {
state.errors.push(
new Error(
"No stack name or region provided. The stack name and \
region are required to fetch CFN outputs relevant to this example.",
),
);
return;
}
const outputs = await getCfnOutputs(state.stackName, state.stackRegion);
Object.assign(state, outputs);
},
);
export const promptForStackName = new ScenarioInput(
"stackName",
"Enter the name of the stack you deployed earlier.",
{ type: "input", default: "PoolsAndTriggersStack" },
);
export const promptForStackRegion = new ScenarioInput(
"stackRegion",
"Enter the region of the stack you deployed earlier.",
{ type: "input", default: "us-east-1" },
);
export const logCleanUpReminder = new ScenarioOutput(
"logCleanUpReminder",
"All done. Remember to run 'cdk destroy' to teardown the stack.",
{ skipWhen: skipWhenErrors },
);
```
Un gestionnaire pour le déclencheur `PreSignUp` avec une fonction Lambda.
```
import type { PreSignUpTriggerEvent, Handler } from "aws-lambda";
import type { UserRepository } from "./user-repository";
import { DynamoDBUserRepository } from "./user-repository";
export class PreSignUpHandler {
private userRepository: UserRepository;
constructor(userRepository: UserRepository) {
this.userRepository = userRepository;
}
private isPreSignUpTriggerSource(event: PreSignUpTriggerEvent): boolean {
return event.triggerSource === "PreSignUp_SignUp";
}
private getEventUserEmail(event: PreSignUpTriggerEvent): string {
return event.request.userAttributes.email;
}
async handlePreSignUpTriggerEvent(
event: PreSignUpTriggerEvent,
): Promise {
console.log(
`Received presignup from ${event.triggerSource} for user '${event.userName}'`,
);
if (!this.isPreSignUpTriggerSource(event)) {
return event;
}
const eventEmail = this.getEventUserEmail(event);
console.log(`Looking up email ${eventEmail}.`);
const storedUserInfo =
await this.userRepository.getUserInfoByEmail(eventEmail);
if (!storedUserInfo) {
console.log(
`Email ${eventEmail} not found. Email verification is required.`,
);
return event;
}
if (storedUserInfo.UserName !== event.userName) {
console.log(
`UserEmail ${eventEmail} found, but stored UserName '${storedUserInfo.UserName}' does not match supplied UserName '${event.userName}'. Verification is required.`,
);
} else {
console.log(
`UserEmail ${eventEmail} found with matching UserName ${storedUserInfo.UserName}. User is confirmed.`,
);
event.response.autoConfirmUser = true;
event.response.autoVerifyEmail = true;
}
return event;
}
}
const createPreSignUpHandler = (): PreSignUpHandler => {
const tableName = process.env.TABLE_NAME;
if (!tableName) {
throw new Error("TABLE_NAME environment variable is not set");
}
const userRepository = new DynamoDBUserRepository(tableName);
return new PreSignUpHandler(userRepository);
};
export const handler: Handler = async (event: PreSignUpTriggerEvent) => {
const preSignUpHandler = createPreSignUpHandler();
return preSignUpHandler.handlePreSignUpTriggerEvent(event);
};
```
Module d'actions de CloudWatch journalisation.
```
import {
CloudWatchLogsClient,
GetLogEventsCommand,
OrderBy,
paginateDescribeLogStreams,
} from "@aws-sdk/client-cloudwatch-logs";
/**
* Get the latest log stream for a Lambda function.
* @param {{ functionName: string, region: string }} config
* @returns {Promise<[import("@aws-sdk/client-cloudwatch-logs").LogStream | null, unknown]>}
*/
export const getLatestLogStreamForLambda = async ({ functionName, region }) => {
try {
const logGroupName = `/aws/lambda/${functionName}`;
const cwlClient = new CloudWatchLogsClient({ region });
const paginator = paginateDescribeLogStreams(
{ client: cwlClient },
{
descending: true,
limit: 1,
orderBy: OrderBy.LastEventTime,
logGroupName,
},
);
for await (const page of paginator) {
return [page.logStreams[0], null];
}
} catch (err) {
return [null, err];
}
};
/**
* Get the log events for a Lambda function's log stream.
* @param {{
* functionName: string,
* logStreamName: string,
* eventCount: number,
* region: string
* }} config
* @returns {Promise<[import("@aws-sdk/client-cloudwatch-logs").OutputLogEvent[] | null, unknown]>}
*/
export const getLogEvents = async ({
functionName,
logStreamName,
eventCount,
region,
}) => {
try {
const cwlClient = new CloudWatchLogsClient({ region });
const logGroupName = `/aws/lambda/${functionName}`;
const response = await cwlClient.send(
new GetLogEventsCommand({
logStreamName: logStreamName,
limit: eventCount,
logGroupName: logGroupName,
}),
);
return [response.events, null];
} catch (err) {
return [null, err];
}
};
```
Module d’actions Amazon Cognito.
```
import {
AdminGetUserCommand,
CognitoIdentityProviderClient,
DeleteUserCommand,
InitiateAuthCommand,
SignUpCommand,
UpdateUserPoolCommand,
} from "@aws-sdk/client-cognito-identity-provider";
/**
* Connect a Lambda function to the PreSignUp trigger for a Cognito user pool
* @param {{ region: string, userPoolId: string, handlerArn: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").UpdateUserPoolCommandOutput | null, unknown]>}
*/
export const addPreSignUpHandler = async ({
region,
userPoolId,
handlerArn,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const command = new UpdateUserPoolCommand({
UserPoolId: userPoolId,
LambdaConfig: {
PreSignUp: handlerArn,
},
});
const response = await cognitoClient.send(command);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Attempt to register a user to a user pool with a given username and password.
* @param {{
* region: string,
* userPoolClientId: string,
* username: string,
* email: string,
* password: string
* }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").SignUpCommandOutput | null, unknown]>}
*/
export const signUpUser = async ({
region,
userPoolClientId,
username,
email,
password,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const response = await cognitoClient.send(
new SignUpCommand({
ClientId: userPoolClientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Sign in a user to Amazon Cognito using a username and password authentication flow.
* @param {{ region: string, clientId: string, username: string, password: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").InitiateAuthCommandOutput | null, unknown]>}
*/
export const signIn = async ({ region, clientId, username, password }) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({ region });
const response = await cognitoClient.send(
new InitiateAuthCommand({
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: clientId,
AuthParameters: { USERNAME: username, PASSWORD: password },
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Retrieve an existing user from a user pool.
* @param {{ region: string, userPoolId: string, username: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").AdminGetUserCommandOutput | null, unknown]>}
*/
export const getUser = async ({ region, userPoolId, username }) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({ region });
const response = await cognitoClient.send(
new AdminGetUserCommand({
UserPoolId: userPoolId,
Username: username,
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
/**
* Delete the signed-in user. Useful for allowing a user to delete their
* own profile.
* @param {{ region: string, accessToken: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>}
*/
export const deleteUser = async ({ region, accessToken }) => {
try {
const client = new CognitoIdentityProviderClient({ region });
const response = await client.send(
new DeleteUserCommand({ AccessToken: accessToken }),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
Module d’actions DynamoDB.
```
import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
import {
BatchWriteCommand,
DynamoDBDocumentClient,
} from "@aws-sdk/lib-dynamodb";
/**
* Populate a DynamoDB table with provide items.
* @param {{ region: string, tableName: string, items: Record[] }} config
* @returns {Promise<[import("@aws-sdk/lib-dynamodb").BatchWriteCommandOutput | null, unknown]>}
*/
export const populateTable = async ({ region, tableName, items }) => {
try {
const ddbClient = new DynamoDBClient({ region });
const docClient = DynamoDBDocumentClient.from(ddbClient);
const response = await docClient.send(
new BatchWriteCommand({
RequestItems: {
[tableName]: items.map((item) => ({
PutRequest: {
Item: item,
},
})),
},
}),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour JavaScript *.
+ [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand)
+ [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)
+ [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)
+ [UpdateUserPool](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/UpdateUserPoolCommand)
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Migrez automatiquement les utilisateurs connus d'Amazon Cognito à l'aide d'une fonction Lambda à l'aide d'un SDK AWS
L’exemple de code suivant illustre comment effectuer automatiquement une migration des utilisateurs Amazon Cognito connus avec une fonction Lambda.
+ Configurez un groupe d’utilisateurs pour appeler une fonction Lambda pour le déclencheur `MigrateUser`.
+ Connectez-vous à Amazon Cognito avec un nom d’utilisateur et une adresse e-mail qui ne figurent pas dans le groupe d’utilisateurs.
+ La fonction Lambda analyse une table DynamoDB et transfère automatiquement les utilisateurs connus vers le groupe d’utilisateurs.
+ Exécutez le flux de mots de passe oubliés pour réinitialiser le mot de passe de l’utilisateur soumis à la migration.
+ Connectez-vous en tant que nouvel utilisateur, puis nettoyez les ressources.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples).
Exécutez un scénario interactif à une invite de commande.
```
import (
"context"
"errors"
"fmt"
"log"
"strings"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// MigrateUser separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type MigrateUser struct {
helper IScenarioHelper
questioner demotools.IQuestioner
resources Resources
cognitoActor *actions.CognitoActions
}
// NewMigrateUser constructs a new migrate user runner.
func NewMigrateUser(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) MigrateUser {
scenario := MigrateUser{
helper: helper,
questioner: questioner,
resources: Resources{},
cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
}
scenario.resources.init(scenario.cognitoActor, questioner)
return scenario
}
// AddMigrateUserTrigger adds a Lambda handler as an invocation target for the MigrateUser trigger.
func (runner *MigrateUser) AddMigrateUserTrigger(ctx context.Context, userPoolId string, functionArn string) {
log.Printf("Let's add a Lambda function to handle the MigrateUser trigger from Cognito.\n" +
"This trigger happens when an unknown user signs in, and lets your function take action before Cognito\n" +
"rejects the user.\n\n")
err := runner.cognitoActor.UpdateTriggers(
ctx, userPoolId,
actions.TriggerInfo{Trigger: actions.UserMigration, HandlerArn: aws.String(functionArn)})
if err != nil {
panic(err)
}
log.Printf("Lambda function %v added to user pool %v to handle the MigrateUser trigger.\n",
functionArn, userPoolId)
log.Println(strings.Repeat("-", 88))
}
// SignInUser adds a new user to the known users table and signs that user in to Amazon Cognito.
func (runner *MigrateUser) SignInUser(ctx context.Context, usersTable string, clientId string) (bool, actions.User) {
log.Println("Let's sign in a user to your Cognito user pool. When the username and email matches an entry in the\n" +
"DynamoDB known users table, the email is automatically verified and the user is migrated to the Cognito user pool.")
user := actions.User{}
user.UserName = runner.questioner.Ask("\nEnter a username:")
user.UserEmail = runner.questioner.Ask("\nEnter an email that you own. This email will be used to confirm user migration\n" +
"during this example:")
runner.helper.AddKnownUser(ctx, usersTable, user)
var err error
var resetRequired *types.PasswordResetRequiredException
var authResult *types.AuthenticationResultType
signedIn := false
for !signedIn && resetRequired == nil {
log.Printf("Signing in to Cognito as user '%v'. The expected result is a PasswordResetRequiredException.\n\n", user.UserName)
authResult, err = runner.cognitoActor.SignIn(ctx, clientId, user.UserName, "_")
if err != nil {
if errors.As(err, &resetRequired) {
log.Printf("\nUser '%v' is not in the Cognito user pool but was found in the DynamoDB known users table.\n"+
"User migration is started and a password reset is required.", user.UserName)
} else {
panic(err)
}
} else {
log.Printf("User '%v' successfully signed in. This is unexpected and probably means you have not\n"+
"cleaned up a previous run of this scenario, so the user exist in the Cognito user pool.\n"+
"You can continue this example and select to clean up resources, or manually remove\n"+
"the user from your user pool and try again.", user.UserName)
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
signedIn = true
}
}
log.Println(strings.Repeat("-", 88))
return resetRequired != nil, user
}
// ResetPassword starts a password recovery flow.
func (runner *MigrateUser) ResetPassword(ctx context.Context, clientId string, user actions.User) {
wantCode := runner.questioner.AskBool(fmt.Sprintf("In order to migrate the user to Cognito, you must be able to receive a confirmation\n"+
"code by email at %v. Do you want to send a code (y/n)?", user.UserEmail), "y")
if !wantCode {
log.Println("To complete this example and successfully migrate a user to Cognito, you must enter an email\n" +
"you own that can receive a confirmation code.")
return
}
codeDelivery, err := runner.cognitoActor.ForgotPassword(ctx, clientId, user.UserName)
if err != nil {
panic(err)
}
log.Printf("\nA confirmation code has been sent to %v.", *codeDelivery.Destination)
code := runner.questioner.Ask("Check your email and enter it here:")
confirmed := false
password := runner.questioner.AskPassword("\nEnter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
"(the password will not display as you type):", 8)
for !confirmed {
log.Printf("\nConfirming password reset for user '%v'.\n", user.UserName)
err = runner.cognitoActor.ConfirmForgotPassword(ctx, clientId, code, user.UserName, password)
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
password = runner.questioner.AskPassword("\nEnter another password:", 8)
} else {
panic(err)
}
} else {
confirmed = true
}
}
log.Printf("User '%v' successfully confirmed and migrated.\n", user.UserName)
log.Println("Signing in with your username and password...")
authResult, err := runner.cognitoActor.SignIn(ctx, clientId, user.UserName, password)
if err != nil {
panic(err)
}
log.Printf("Successfully signed in. Your access token starts with: %v...\n", (*authResult.AccessToken)[:10])
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
log.Println(strings.Repeat("-", 88))
}
// Run runs the scenario.
func (runner *MigrateUser) Run(ctx context.Context, stackName string) {
defer func() {
if r := recover(); r != nil {
log.Println("Something went wrong with the demo.")
runner.resources.Cleanup(ctx)
}
}()
log.Println(strings.Repeat("-", 88))
log.Printf("Welcome\n")
log.Println(strings.Repeat("-", 88))
stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
if err != nil {
panic(err)
}
runner.resources.userPoolId = stackOutputs["UserPoolId"]
runner.AddMigrateUserTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["MigrateUserFunctionArn"])
runner.resources.triggers = append(runner.resources.triggers, actions.UserMigration)
resetNeeded, user := runner.SignInUser(ctx, stackOutputs["TableName"], stackOutputs["UserPoolClientId"])
if resetNeeded {
runner.helper.ListRecentLogEvents(ctx, stackOutputs["MigrateUserFunction"])
runner.ResetPassword(ctx, stackOutputs["UserPoolClientId"], user)
}
runner.resources.Cleanup(ctx)
log.Println(strings.Repeat("-", 88))
log.Println("Thanks for watching!")
log.Println(strings.Repeat("-", 88))
}
```
Gérez le déclencheur `MigrateUser` avec une fonction Lambda.
```
import (
"context"
"log"
"os"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
)
const TABLE_NAME = "TABLE_NAME"
// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
UserName string `dynamodbav:"UserName"`
UserEmail string `dynamodbav:"UserEmail"`
}
type handler struct {
dynamoClient *dynamodb.Client
}
// HandleRequest handles the MigrateUser event by looking up a user in an Amazon DynamoDB table and
// specifying whether they should be migrated to the user pool.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsMigrateUser) (events.CognitoEventUserPoolsMigrateUser, error) {
log.Printf("Received migrate trigger from %v for user '%v'", event.TriggerSource, event.UserName)
if event.TriggerSource != "UserMigration_Authentication" {
return event, nil
}
tableName := os.Getenv(TABLE_NAME)
user := UserInfo{
UserName: event.UserName,
}
log.Printf("Looking up user '%v' in table %v.\n", user.UserName, tableName)
filterEx := expression.Name("UserName").Equal(expression.Value(user.UserName))
expr, err := expression.NewBuilder().WithFilter(filterEx).Build()
if err != nil {
log.Printf("Error building expression to query for user '%v'.\n", user.UserName)
return event, err
}
output, err := h.dynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
FilterExpression: expr.Filter(),
ExpressionAttributeNames: expr.Names(),
ExpressionAttributeValues: expr.Values(),
})
if err != nil {
log.Printf("Error looking up user '%v'.\n", user.UserName)
return event, err
}
if len(output.Items) == 0 {
log.Printf("User '%v' not found, not migrating user.\n", user.UserName)
return event, err
}
var users []UserInfo
err = attributevalue.UnmarshalListOfMaps(output.Items, &users)
if err != nil {
log.Printf("Couldn't unmarshal DynamoDB items. Here's why: %v\n", err)
return event, err
}
user = users[0]
log.Printf("UserName '%v' found with email %v. User is migrated and must reset password.\n", user.UserName, user.UserEmail)
event.CognitoEventUserPoolsMigrateUserResponse.UserAttributes = map[string]string{
"email": user.UserEmail,
"email_verified": "true", // email_verified is required for the forgot password flow.
}
event.CognitoEventUserPoolsMigrateUserResponse.FinalUserStatus = "RESET_REQUIRED"
event.CognitoEventUserPoolsMigrateUserResponse.MessageAction = "SUPPRESS"
return event, err
}
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
log.Panicln(err)
}
h := handler{
dynamoClient: dynamodb.NewFromConfig(sdkConfig),
}
lambda.Start(h.HandleRequest)
}
```
Créez une structure qui exécute les tâches courantes.
```
import (
"context"
"log"
"strings"
"time"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
Pause(secs int)
GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
PopulateUserTable(ctx context.Context, tableName string)
GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
AddKnownUser(ctx context.Context, tableName string, user actions.User)
ListRecentLogEvents(ctx context.Context, functionName string)
}
// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
questioner demotools.IQuestioner
dynamoActor *actions.DynamoActions
cfnActor *actions.CloudFormationActions
cwlActor *actions.CloudWatchLogsActions
isTestRun bool
}
// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
scenario := ScenarioHelper{
questioner: questioner,
dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
}
return scenario
}
// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
if !helper.isTestRun {
time.Sleep(time.Duration(secs) * time.Second)
}
}
// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
return helper.cfnActor.GetOutputs(ctx, stackName), nil
}
// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
err := helper.dynamoActor.PopulateTable(ctx, tableName)
if err != nil {
panic(err)
}
}
// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
if err != nil {
log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
}
return knownUsers, err
}
// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
user.UserName, user.UserEmail)
err := helper.dynamoActor.AddUser(ctx, tableName, user)
if err != nil {
panic(err)
}
}
// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
helper.Pause(10)
log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
if err != nil {
panic(err)
}
log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
if err != nil {
panic(err)
}
for _, event := range events {
log.Printf("\t%v", *event.Message)
}
log.Println(strings.Repeat("-", 88))
}
```
Créez une structure qui encapsule les actions Amazon Cognito.
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
Créez une structure qui encapsule les actions DynamoDB.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
DynamoClient *dynamodb.Client
}
// User defines structured user data.
type User struct {
UserName string
UserEmail string
LastLogin *LoginInfo `dynamodbav:",omitempty"`
}
// LoginInfo defines structured custom login data.
type LoginInfo struct {
UserPoolId string
ClientId string
Time string
}
// UserList defines a list of users.
type UserList struct {
Users []User
}
// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
names := make([]string, len(users.Users))
for i := 0; i < len(users.Users); i++ {
names[i] = users.Users[i].UserName
}
return names
}
// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
var err error
var item map[string]types.AttributeValue
var writeReqs []types.WriteRequest
for i := 1; i < 4; i++ {
item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
if err != nil {
log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
return err
}
writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
}
_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
})
if err != nil {
log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
}
return err
}
// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
var userList UserList
output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
} else {
err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
if err != nil {
log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
}
}
return userList, err
}
// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
userItem, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
}
_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userItem,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
}
return err
}
```
Créez une structure qui englobe les actions CloudWatch Logs.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)
type CloudWatchLogsActions struct {
CwlClient *cloudwatchlogs.Client
}
// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
var logStream types.LogStream
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
Descending: aws.Bool(true),
Limit: aws.Int32(1),
LogGroupName: aws.String(logGroupName),
OrderBy: types.OrderByLastEventTime,
})
if err != nil {
log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
} else {
logStream = output.LogStreams[0]
}
return logStream, err
}
// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
[]types.OutputLogEvent, error) {
var events []types.OutputLogEvent
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
LogStreamName: aws.String(logStreamName),
Limit: aws.Int32(eventCount),
LogGroupName: aws.String(logGroupName),
})
if err != nil {
log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
} else {
events = output.Events
}
return events, err
}
```
Créez une structure qui englobe les actions. CloudFormation
```
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)
// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string
type CloudFormationActions struct {
CfnClient *cloudformation.Client
}
// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(stackName),
})
if err != nil || len(output.Stacks) == 0 {
log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
}
stackOutputs := StackOutputs{}
for _, out := range output.Stacks[0].Outputs {
stackOutputs[*out.OutputKey] = *out.OutputValue
}
return stackOutputs
}
```
Nettoyez les ressources.
```
import (
"context"
"log"
"user_pools_and_lambda_triggers/actions"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
userPoolId string
userAccessTokens []string
triggers []actions.Trigger
cognitoActor *actions.CognitoActions
questioner demotools.IQuestioner
}
func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
resources.userAccessTokens = []string{}
resources.triggers = []actions.Trigger{}
resources.cognitoActor = cognitoActor
resources.questioner = questioner
}
// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
defer func() {
if r := recover(); r != nil {
log.Printf("Something went wrong during cleanup.\n%v\n", r)
log.Println("Use the AWS Management Console to remove any remaining resources \n" +
"that were created for this scenario.")
}
}()
wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
"during this demo (y/n)?", "y")
if wantDelete {
for _, accessToken := range resources.userAccessTokens {
err := resources.cognitoActor.DeleteUser(ctx, accessToken)
if err != nil {
log.Println("Couldn't delete user during cleanup.")
panic(err)
}
log.Println("Deleted user.")
}
triggerList := make([]actions.TriggerInfo, len(resources.triggers))
for i := 0; i < len(resources.triggers); i++ {
triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
}
err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
if err != nil {
log.Println("Couldn't update Cognito triggers during cleanup.")
panic(err)
}
log.Println("Removed Cognito triggers from user pool.")
} else {
log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour Go *.
+ [ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword)
+ [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
+ [ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword)
+ [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
+ [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)
+ [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Inscrire un utilisateur dans un groupe d'utilisateurs Amazon Cognito qui nécessite l'authentification multifacteur à l'aide d'un SDK AWS
Les exemples de code suivants montrent comment :
+ Inscrivez et confirmez un utilisateur avec un nom d’utilisateur, un mot de passe et une adresse e-mail.
+ Configurez l’authentification multifactorielle en associant une application MFA à l’utilisateur.
+ Connectez-vous à l’aide d’un mot de passe et d’un code MFA.
------
#### [ .NET ]
**SDK pour .NET**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples).
```
namespace CognitoBasics;
public class CognitoBasics
{
private static ILogger logger = null!;
static async Task Main(string[] args)
{
// Set up dependency injection for Amazon Cognito.
using var host = Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
logging.AddFilter("System", LogLevel.Debug)
.AddFilter("Microsoft", LogLevel.Information)
.AddFilter("Microsoft", LogLevel.Trace))
.ConfigureServices((_, services) =>
services.AddAWSService()
.AddTransient()
)
.Build();
logger = LoggerFactory.Create(builder => { builder.AddConsole(); })
.CreateLogger();
var configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json") // Load settings from .json file.
.AddJsonFile("settings.local.json",
true) // Optionally load local settings.
.Build();
var cognitoWrapper = host.Services.GetRequiredService();
Console.WriteLine(new string('-', 80));
UiMethods.DisplayOverview();
Console.WriteLine(new string('-', 80));
// clientId - The app client Id value that you get from the AWS CDK script.
var clientId = configuration["ClientId"]; // "*** REPLACE WITH CLIENT ID VALUE FROM CDK SCRIPT";
// poolId - The pool Id that you get from the AWS CDK script.
var poolId = configuration["PoolId"]!; // "*** REPLACE WITH POOL ID VALUE FROM CDK SCRIPT";
var userName = configuration["UserName"];
var password = configuration["Password"];
var email = configuration["Email"];
// If the username wasn't set in the configuration file,
// get it from the user now.
if (userName is null)
{
do
{
Console.Write("Username: ");
userName = Console.ReadLine();
}
while (string.IsNullOrEmpty(userName));
}
Console.WriteLine($"\nUsername: {userName}");
// If the password wasn't set in the configuration file,
// get it from the user now.
if (password is null)
{
do
{
Console.Write("Password: ");
password = Console.ReadLine();
}
while (string.IsNullOrEmpty(password));
}
// If the email address wasn't set in the configuration file,
// get it from the user now.
if (email is null)
{
do
{
Console.Write("Email: ");
email = Console.ReadLine();
} while (string.IsNullOrEmpty(email));
}
// Now sign up the user.
Console.WriteLine($"\nSigning up {userName} with email address: {email}");
await cognitoWrapper.SignUpAsync(clientId, userName, password, email);
// Add the user to the user pool.
Console.WriteLine($"Adding {userName} to the user pool");
await cognitoWrapper.GetAdminUserAsync(userName, poolId);
UiMethods.DisplayTitle("Get confirmation code");
Console.WriteLine($"Conformation code sent to {userName}.");
Console.Write("Would you like to send a new code? (Y/N) ");
var answer = Console.ReadLine();
if (answer!.ToLower() == "y")
{
await cognitoWrapper.ResendConfirmationCodeAsync(clientId, userName);
Console.WriteLine("Sending a new confirmation code");
}
Console.Write("Enter confirmation code (from Email): ");
var code = Console.ReadLine();
await cognitoWrapper.ConfirmSignupAsync(clientId, code, userName);
UiMethods.DisplayTitle("Checking status");
Console.WriteLine($"Rechecking the status of {userName} in the user pool");
await cognitoWrapper.GetAdminUserAsync(userName, poolId);
Console.WriteLine($"Setting up authenticator for {userName} in the user pool");
var setupResponse = await cognitoWrapper.InitiateAuthAsync(clientId, userName, password);
var setupSession = await cognitoWrapper.AssociateSoftwareTokenAsync(setupResponse.Session);
Console.Write("Enter the 6-digit code displayed in Google Authenticator: ");
var setupCode = Console.ReadLine();
var setupResult = await cognitoWrapper.VerifySoftwareTokenAsync(setupSession, setupCode);
Console.WriteLine($"Setup status: {setupResult}");
Console.WriteLine($"Now logging in {userName} in the user pool");
var authSession = await cognitoWrapper.AdminInitiateAuthAsync(clientId, poolId, userName, password);
Console.Write("Enter a new 6-digit code displayed in Google Authenticator: ");
var authCode = Console.ReadLine();
var authResult = await cognitoWrapper.AdminRespondToAuthChallengeAsync(userName, clientId, authCode, authSession, poolId);
Console.WriteLine($"Authenticated and received access token: {authResult.AccessToken}");
Console.WriteLine(new string('-', 80));
Console.WriteLine("Cognito scenario is complete.");
Console.WriteLine(new string('-', 80));
}
}
using System.Net;
namespace CognitoActions;
///
/// Methods to perform Amazon Cognito Identity Provider actions.
///
public class CognitoWrapper
{
private readonly IAmazonCognitoIdentityProvider _cognitoService;
///
/// Constructor for the wrapper class containing Amazon Cognito actions.
///
/// The Amazon Cognito client object.
public CognitoWrapper(IAmazonCognitoIdentityProvider cognitoService)
{
_cognitoService = cognitoService;
}
///
/// List the Amazon Cognito user pools for an account.
///
/// A list of UserPoolDescriptionType objects.
public async Task> ListUserPoolsAsync()
{
var userPools = new List();
var userPoolsPaginator = _cognitoService.Paginators.ListUserPools(new ListUserPoolsRequest());
await foreach (var response in userPoolsPaginator.Responses)
{
userPools.AddRange(response.UserPools);
}
return userPools;
}
///
/// Get a list of users for the Amazon Cognito user pool.
///
/// The user pool ID.
/// A list of users.
public async Task> ListUsersAsync(string userPoolId)
{
var request = new ListUsersRequest
{
UserPoolId = userPoolId
};
var users = new List();
var usersPaginator = _cognitoService.Paginators.ListUsers(request);
await foreach (var response in usersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
///
/// Respond to an admin authentication challenge.
///
/// The name of the user.
/// The client ID.
/// The multi-factor authentication code.
/// The current application session.
/// The user pool ID.
/// The result of the authentication response.
public async Task AdminRespondToAuthChallengeAsync(
string userName,
string clientId,
string mfaCode,
string session,
string userPoolId)
{
Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated");
var challengeResponses = new Dictionary();
challengeResponses.Add("USERNAME", userName);
challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
var respondToAuthChallengeRequest = new AdminRespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA,
ClientId = clientId,
ChallengeResponses = challengeResponses,
Session = session,
UserPoolId = userPoolId,
};
var response = await _cognitoService.AdminRespondToAuthChallengeAsync(respondToAuthChallengeRequest);
Console.WriteLine($"Response to Authentication {response.AuthenticationResult.TokenType}");
return response.AuthenticationResult;
}
///
/// Verify the TOTP and register for MFA.
///
/// The name of the session.
/// The MFA code.
/// The status of the software token.
public async Task VerifySoftwareTokenAsync(string session, string code)
{
var tokenRequest = new VerifySoftwareTokenRequest
{
UserCode = code,
Session = session,
};
var verifyResponse = await _cognitoService.VerifySoftwareTokenAsync(tokenRequest);
return verifyResponse.Status;
}
///
/// Get an MFA token to authenticate the user with the authenticator.
///
/// The session name.
/// The session name.
public async Task AssociateSoftwareTokenAsync(string session)
{
var softwareTokenRequest = new AssociateSoftwareTokenRequest
{
Session = session,
};
var tokenResponse = await _cognitoService.AssociateSoftwareTokenAsync(softwareTokenRequest);
var secretCode = tokenResponse.SecretCode;
Console.WriteLine($"Use the following secret code to set up the authenticator: {secretCode}");
return tokenResponse.Session;
}
///
/// Initiate an admin auth request.
///
/// The client ID to use.
/// The ID of the user pool.
/// The username to authenticate.
/// The user's password.
/// The session to use in challenge-response.
public async Task AdminInitiateAuthAsync(string clientId, string userPoolId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var request = new AdminInitiateAuthRequest
{
ClientId = clientId,
UserPoolId = userPoolId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
};
var response = await _cognitoService.AdminInitiateAuthAsync(request);
return response.Session;
}
///
/// Initiate authorization.
///
/// The client Id of the application.
/// The name of the user who is authenticating.
/// The password for the user who is authenticating.
/// The response from the initiate auth request.
public async Task InitiateAuthAsync(string clientId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var authRequest = new InitiateAuthRequest
{
ClientId = clientId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
};
var response = await _cognitoService.InitiateAuthAsync(authRequest);
Console.WriteLine($"Result Challenge is : {response.ChallengeName}");
return response;
}
///
/// Confirm that the user has signed up.
///
/// The Id of this application.
/// The confirmation code sent to the user.
/// The username.
/// True if successful.
public async Task ConfirmSignupAsync(string clientId, string code, string userName)
{
var signUpRequest = new ConfirmSignUpRequest
{
ClientId = clientId,
ConfirmationCode = code,
Username = userName,
};
var response = await _cognitoService.ConfirmSignUpAsync(signUpRequest);
if (response.HttpStatusCode == HttpStatusCode.OK)
{
Console.WriteLine($"{userName} was confirmed");
return true;
}
return false;
}
///
/// Initiates and confirms tracking of the device.
///
/// The user's access token.
/// The key of the device from Amazon Cognito.
/// The device name.
///
public async Task ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName)
{
var request = new ConfirmDeviceRequest
{
AccessToken = accessToken,
DeviceKey = deviceKey,
DeviceName = deviceName
};
var response = await _cognitoService.ConfirmDeviceAsync(request);
return response.UserConfirmationNecessary;
}
///
/// Send a new confirmation code to a user.
///
/// The Id of the client application.
/// The username of user who will receive the code.
/// The delivery details.
public async Task ResendConfirmationCodeAsync(string clientId, string userName)
{
var codeRequest = new ResendConfirmationCodeRequest
{
ClientId = clientId,
Username = userName,
};
var response = await _cognitoService.ResendConfirmationCodeAsync(codeRequest);
Console.WriteLine($"Method of delivery is {response.CodeDeliveryDetails.DeliveryMedium}");
return response.CodeDeliveryDetails;
}
///
/// Get the specified user from an Amazon Cognito user pool with administrator access.
///
/// The name of the user.
/// The Id of the Amazon Cognito user pool.
/// Async task.
public async Task GetAdminUserAsync(string userName, string poolId)
{
AdminGetUserRequest userRequest = new AdminGetUserRequest
{
Username = userName,
UserPoolId = poolId,
};
var response = await _cognitoService.AdminGetUserAsync(userRequest);
Console.WriteLine($"User status {response.UserStatus}");
return response.UserStatus;
}
///
/// Sign up a new user.
///
/// The client Id of the application.
/// The username to use.
/// The user's password.
/// The email address of the user.
/// A Boolean value indicating whether the user was confirmed.
public async Task SignUpAsync(string clientId, string userName, string password, string email)
{
var userAttrs = new AttributeType
{
Name = "email",
Value = email,
};
var userAttrsList = new List();
userAttrsList.Add(userAttrs);
var signUpRequest = new SignUpRequest
{
UserAttributes = userAttrsList,
Username = userName,
ClientId = clientId,
Password = password
};
var response = await _cognitoService.SignUpAsync(signUpRequest);
return response.HttpStatusCode == HttpStatusCode.OK;
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour .NET *.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ C\$1\$1 ]
**SDK pour C\$1\$1**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples).
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
//! Scenario that adds a user to an Amazon Cognito user pool.
/*!
\sa gettingStartedWithUserPools()
\param clientID: Client ID associated with an Amazon Cognito user pool.
\param userPoolID: An Amazon Cognito user pool ID.
\param clientConfig: Aws client configuration.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::gettingStartedWithUserPools(const Aws::String &clientID,
const Aws::String &userPoolID,
const Aws::Client::ClientConfiguration &clientConfig) {
printAsterisksLine();
std::cout
<< "Welcome to the Amazon Cognito example scenario."
<< std::endl;
printAsterisksLine();
std::cout
<< "This scenario will add a user to an Amazon Cognito user pool."
<< std::endl;
const Aws::String userName = askQuestion("Enter a new username: ");
const Aws::String password = askQuestion("Enter a new password: ");
const Aws::String email = askQuestion("Enter a valid email for the user: ");
std::cout << "Signing up " << userName << std::endl;
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
bool userExists = false;
do {
// 1. Add a user with a username, password, and email address.
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
} while (userExists);
printAsterisksLine();
std::cout << "Retrieving status of " << userName << " in the user pool."
<< std::endl;
// 2. Confirm that the user was added to the user pool.
if (!checkAdminUserStatus(userName, userPoolID, client)) {
return false;
}
std::cout << "A confirmation code was sent to " << email << "." << std::endl;
bool resend = askYesNoQuestion("Would you like to send a new code? (y/n) ");
if (resend) {
// Request a resend of the confirmation code to the email address. (ResendConfirmationCode)
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
printAsterisksLine();
{
// 4. Send the confirmation code that's received in the email. (ConfirmSignUp)
const Aws::String confirmationCode = askQuestion(
"Enter the confirmation code that was emailed: ");
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
std::cout << "Rechecking the status of " << userName << " in the user pool."
<< std::endl;
if (!checkAdminUserStatus(userName, userPoolID, client)) {
return false;
}
printAsterisksLine();
std::cout << "Initiating authorization using the username and password."
<< std::endl;
Aws::String session;
// 5. Initiate authorization with username and password. (AdminInitiateAuth)
if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) {
return false;
}
printAsterisksLine();
std::cout
<< "Starting setup of time-based one-time password (TOTP) multi-factor authentication (MFA)."
<< std::endl;
{
// 6. Request a setup key for one-time password (TOTP)
// multi-factor authentication (MFA). (AssociateSoftwareToken)
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
askQuestion("Type enter to continue...", alwaysTrueTest);
printAsterisksLine();
{
Aws::String userCode = askQuestion(
"Enter the 6 digit code displayed in the authenticator app: ");
// 7. Send the MFA code copied from an authenticator app. (VerifySoftwareToken)
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
printAsterisksLine();
std::cout << "You have completed the MFA authentication setup." << std::endl;
std::cout << "Now, sign in." << std::endl;
// 8. Initiate authorization again with username and password. (AdminInitiateAuth)
if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) {
return false;
}
Aws::String accessToken;
{
Aws::String mfaCode = askQuestion(
"Re-enter the 6 digit code displayed in the authenticator app: ");
// 9. Send a new MFA code copied from an authenticator app. (AdminRespondToAuthChallenge)
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
std::cout << "You have successfully added a user to Amazon Cognito."
<< std::endl;
}
if (askYesNoQuestion("Would you like to delete the user that you just added? (y/n) ")) {
// 10. Delete the user that you just added. (DeleteUser)
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
}
return true;
}
//! Routine which checks the user status in an Amazon Cognito user pool.
/*!
\sa checkAdminUserStatus()
\param userName: A username.
\param userPoolID: An Amazon Cognito user pool ID.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::checkAdminUserStatus(const Aws::String &userName,
const Aws::String &userPoolID,
const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) {
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
return outcome.IsSuccess();
}
//! Routine which starts authorization of an Amazon Cognito user.
//! This routine requires administrator credentials.
/*!
\sa adminInitiateAuthorization()
\param clientID: Client ID of tracked device.
\param userPoolID: An Amazon Cognito user pool ID.
\param userName: A username.
\param password: A password.
\param sessionResult: String to receive a session token.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::adminInitiateAuthorization(const Aws::String &clientID,
const Aws::String &userPoolID,
const Aws::String &userName,
const Aws::String &password,
Aws::String &sessionResult,
const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) {
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
return outcome.IsSuccess();
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour C\$1\$1 *.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ Java ]
**SDK pour Java 2.x**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples).
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthFlowType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeNameType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmSignUpRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.SignUpRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenResponse;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Scanner;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*
* TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS
* CDK) script provided in this GitHub repo at
* resources/cdk/cognito_scenario_user_pool_with_mfa.
*
* This code example performs the following operations:
*
* 1. Invokes the signUp method to sign up a user.
* 2. Invokes the adminGetUser method to get the user's confirmation status.
* 3. Invokes the ResendConfirmationCode method if the user requested another
* code.
* 4. Invokes the confirmSignUp method.
* 5. Invokes the AdminInitiateAuth to sign in. This results in being prompted
* to set up TOTP (time-based one-time password). (The response is
* “ChallengeName”: “MFA_SETUP”).
* 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private
* key. This can be used with Google Authenticator.
* 7. Invokes the VerifySoftwareToken method to verify the TOTP and register for
* MFA.
* 8. Invokes the AdminInitiateAuth to sign in again. This results in being
* prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
* 9. Invokes the AdminRespondToAuthChallenge to get back a token.
*/
public class CognitoMVP {
public static final String DASHES = new String(new char[80]).replace("\0", "-");
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
final String usage = """
Usage:
Where:
clientId - The app client Id value that you can get from the AWS CDK script.
poolId - The pool Id that you can get from the AWS CDK script.\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientId = args[0];
String poolId = args[1];
CognitoIdentityProviderClient identityProviderClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
System.out.println(DASHES);
System.out.println("Welcome to the Amazon Cognito example scenario.");
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("*** Enter your user name");
Scanner in = new Scanner(System.in);
String userName = in.nextLine();
System.out.println("*** Enter your password");
String password = in.nextLine();
System.out.println("*** Enter your email");
String email = in.nextLine();
System.out.println("1. Signing up " + userName);
signUp(identityProviderClient, clientId, userName, password, email);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("2. Getting " + userName + " in the user pool");
getAdminUser(identityProviderClient, userName, poolId);
System.out
.println("*** Conformation code sent to " + userName + ". Would you like to send a new code? (Yes/No)");
System.out.println(DASHES);
System.out.println(DASHES);
String ans = in.nextLine();
if (ans.compareTo("Yes") == 0) {
resendConfirmationCode(identityProviderClient, clientId, userName);
System.out.println("3. Sending a new confirmation code");
}
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("4. Enter confirmation code that was emailed");
String code = in.nextLine();
confirmSignUp(identityProviderClient, clientId, code, userName);
System.out.println("Rechecking the status of " + userName + " in the user pool");
getAdminUser(identityProviderClient, userName, poolId);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("5. Invokes the initiateAuth to sign in");
AdminInitiateAuthResponse authResponse = initiateAuth(identityProviderClient, clientId, userName, password,
poolId);
String mySession = authResponse.session();
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("6. Invokes the AssociateSoftwareToken method to generate a TOTP key");
String newSession = getSecretForAppMFA(identityProviderClient, mySession);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("*** Enter the 6-digit code displayed in Google Authenticator");
String myCode = in.nextLine();
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("7. Verify the TOTP and register for MFA");
verifyTOTP(identityProviderClient, newSession, myCode);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("8. Re-enter a 6-digit code displayed in Google Authenticator");
String mfaCode = in.nextLine();
AdminInitiateAuthResponse authResponse1 = initiateAuth(identityProviderClient, clientId, userName, password,
poolId);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("9. Invokes the AdminRespondToAuthChallenge");
String session2 = authResponse1.session();
adminRespondToAuthChallenge(identityProviderClient, userName, clientId, mfaCode, session2);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("All Amazon Cognito operations were successfully performed");
System.out.println(DASHES);
}
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK for Java 2.x *.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ JavaScript ]
**SDK pour JavaScript (v3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/scenarios/basic#code-examples).
Pour une expérience optimale, clonez le GitHub référentiel et exécutez cet exemple. Le code suivant représente un échantillon de l’exemple d’application complet.
```
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { signUp } from "../../../actions/sign-up.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getSecondValuesFromEntries } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
const validateClient = (clientId) => {
if (!clientId) {
throw new Error(
`App client id is missing. Did you run 'create-user-pool'?`,
);
}
};
const validateUser = (username, password, email) => {
if (!(username && password && email)) {
throw new Error(
`Username, password, and email must be provided as arguments to the 'sign-up' command.`,
);
}
};
const signUpHandler = async (commands) => {
const [_, username, password, email] = commands;
try {
validateUser(username, password, email);
/**
* @type {string[]}
*/
const values = getSecondValuesFromEntries(FILE_USER_POOLS);
const clientId = values[0];
validateClient(clientId);
logger.log("Signing up.");
await signUp({ clientId, username, password, email });
logger.log(`Signed up. A confirmation email has been sent to: ${email}.`);
logger.log(
`Run 'confirm-sign-up ${username} ' to confirm your account.`,
);
} catch (err) {
logger.error(err);
}
};
export { signUpHandler };
const signUp = ({ clientId, username, password, email }) => {
const client = new CognitoIdentityProviderClient({});
const command = new SignUpCommand({
ClientId: clientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
});
return client.send(command);
};
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { confirmSignUp } from "../../../actions/confirm-sign-up.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getSecondValuesFromEntries } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
const validateClient = (clientId) => {
if (!clientId) {
throw new Error(
`App client id is missing. Did you run 'create-user-pool'?`,
);
}
};
const validateUser = (username) => {
if (!username) {
throw new Error(
`Username name is missing. It must be provided as an argument to the 'confirm-sign-up' command.`,
);
}
};
const validateCode = (code) => {
if (!code) {
throw new Error(
`Verification code is missing. It must be provided as an argument to the 'confirm-sign-up' command.`,
);
}
};
const confirmSignUpHandler = async (commands) => {
const [_, username, code] = commands;
try {
validateUser(username);
validateCode(code);
/**
* @type {string[]}
*/
const values = getSecondValuesFromEntries(FILE_USER_POOLS);
const clientId = values[0];
validateClient(clientId);
logger.log("Confirming user.");
await confirmSignUp({ clientId, username, code });
logger.log(
`User confirmed. Run 'admin-initiate-auth ${username} ' to sign in.`,
);
} catch (err) {
logger.error(err);
}
};
export { confirmSignUpHandler };
const confirmSignUp = ({ clientId, username, code }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmSignUpCommand({
ClientId: clientId,
Username: username,
ConfirmationCode: code,
});
return client.send(command);
};
import qrcode from "qrcode-terminal";
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { adminInitiateAuth } from "../../../actions/admin-initiate-auth.js";
import { associateSoftwareToken } from "../../../actions/associate-software-token.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getFirstEntry } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
const handleMfaSetup = async (session, username) => {
const { SecretCode, Session } = await associateSoftwareToken(session);
// Store the Session for use with 'VerifySoftwareToken'.
process.env.SESSION = Session;
console.log(
"Scan this code in your preferred authenticator app, then run 'verify-software-token' to finish the setup.",
);
qrcode.generate(
`otpauth://totp/${username}?secret=${SecretCode}`,
{ small: true },
console.log,
);
};
const handleSoftwareTokenMfa = (session) => {
// Store the Session for use with 'AdminRespondToAuthChallenge'.
process.env.SESSION = session;
};
const validateClient = (id) => {
if (!id) {
throw new Error(
`User pool client id is missing. Did you run 'create-user-pool'?`,
);
}
};
const validateId = (id) => {
if (!id) {
throw new Error(`User pool id is missing. Did you run 'create-user-pool'?`);
}
};
const validateUser = (username, password) => {
if (!(username && password)) {
throw new Error(
`Username and password must be provided as arguments to the 'admin-initiate-auth' command.`,
);
}
};
const adminInitiateAuthHandler = async (commands) => {
const [_, username, password] = commands;
try {
validateUser(username, password);
const [userPoolId, clientId] = getFirstEntry(FILE_USER_POOLS);
validateId(userPoolId);
validateClient(clientId);
logger.log("Signing in.");
const { ChallengeName, Session } = await adminInitiateAuth({
clientId,
userPoolId,
username,
password,
});
if (ChallengeName === "MFA_SETUP") {
logger.log("MFA setup is required.");
return handleMfaSetup(Session, username);
}
if (ChallengeName === "SOFTWARE_TOKEN_MFA") {
handleSoftwareTokenMfa(Session);
logger.log(`Run 'admin-respond-to-auth-challenge ${username} '`);
}
} catch (err) {
logger.error(err);
}
};
export { adminInitiateAuthHandler };
const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminInitiateAuthCommand({
ClientId: clientId,
UserPoolId: userPoolId,
AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
AuthParameters: { USERNAME: username, PASSWORD: password },
});
return client.send(command);
};
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { adminRespondToAuthChallenge } from "../../../actions/admin-respond-to-auth-challenge.js";
import { getFirstEntry } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
import { FILE_USER_POOLS } from "./constants.js";
const verifyUsername = (username) => {
if (!username) {
throw new Error(
`Username is missing. It must be provided as an argument to the 'admin-respond-to-auth-challenge' command.`,
);
}
};
const verifyTotp = (totp) => {
if (!totp) {
throw new Error(
`Time-based one-time password (TOTP) is missing. It must be provided as an argument to the 'admin-respond-to-auth-challenge' command.`,
);
}
};
const storeAccessToken = (token) => {
process.env.AccessToken = token;
};
const adminRespondToAuthChallengeHandler = async (commands) => {
const [_, username, totp] = commands;
try {
verifyUsername(username);
verifyTotp(totp);
const [userPoolId, clientId] = getFirstEntry(FILE_USER_POOLS);
const session = process.env.SESSION;
const { AuthenticationResult } = await adminRespondToAuthChallenge({
clientId,
userPoolId,
username,
totp,
session,
});
storeAccessToken(AuthenticationResult.AccessToken);
logger.log("Successfully authenticated.");
} catch (err) {
logger.error(err);
}
};
export { adminRespondToAuthChallengeHandler };
const respondToAuthChallenge = ({
clientId,
username,
session,
userPoolId,
code,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new RespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: code,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { verifySoftwareToken } from "../../../actions/verify-software-token.js";
const validateTotp = (totp) => {
if (!totp) {
throw new Error(
`Time-based one-time password (TOTP) must be provided to the 'validate-software-token' command.`,
);
}
};
const verifySoftwareTokenHandler = async (commands) => {
const [_, totp] = commands;
try {
validateTotp(totp);
logger.log("Verifying TOTP.");
await verifySoftwareToken(totp);
logger.log("TOTP Verified. Run 'admin-initiate-auth' again to sign-in.");
} catch (err) {
logger.error(err);
}
};
export { verifySoftwareTokenHandler };
const verifySoftwareToken = (totp) => {
const client = new CognitoIdentityProviderClient({});
// The 'Session' is provided in the response to 'AssociateSoftwareToken'.
const session = process.env.SESSION;
if (!session) {
throw new Error(
"Missing a valid Session. Did you run 'admin-initiate-auth'?",
);
}
const command = new VerifySoftwareTokenCommand({
Session: session,
UserCode: totp,
});
return client.send(command);
};
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour JavaScript *.
+ [AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)
+ [ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)
+ [ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)
+ [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)
+ [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)
+ [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)
------
#### [ Kotlin ]
**SDK pour Kotlin**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples).
```
/**
Before running this Kotlin code example, set up your development environment, including your credentials.
For more information, see the following documentation:
https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html
TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS CDK) script provided in this GitHub repo at resources/cdk/cognito_scenario_user_pool_with_mfa.
This code example performs the following operations:
1. Invokes the signUp method to sign up a user.
2. Invokes the adminGetUser method to get the user's confirmation status.
3. Invokes the ResendConfirmationCode method if the user requested another code.
4. Invokes the confirmSignUp method.
5. Invokes the initiateAuth to sign in. This results in being prompted to set up TOTP (time-based one-time password). (The response is “ChallengeName”: “MFA_SETUP”).
6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private key. This can be used with Google Authenticator.
7. Invokes the VerifySoftwareToken method to verify the TOTP and register for MFA.
8. Invokes the AdminInitiateAuth to sign in again. This results in being prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
9. Invokes the AdminRespondToAuthChallenge to get back a token.
*/
suspend fun main(args: Array) {
val usage = """
Usage:
Where:
clientId - The app client Id value that you can get from the AWS CDK script.
poolId - The pool Id that you can get from the AWS CDK script.
"""
if (args.size != 2) {
println(usage)
exitProcess(1)
}
val clientId = args[0]
val poolId = args[1]
// Use the console to get data from the user.
println("*** Enter your use name")
val inOb = Scanner(System.`in`)
val userName = inOb.nextLine()
println(userName)
println("*** Enter your password")
val password: String = inOb.nextLine()
println("*** Enter your email")
val email = inOb.nextLine()
println("*** Signing up $userName")
signUp(clientId, userName, password, email)
println("*** Getting $userName in the user pool")
getAdminUser(userName, poolId)
println("*** Conformation code sent to $userName. Would you like to send a new code? (Yes/No)")
val ans = inOb.nextLine()
if (ans.compareTo("Yes") == 0) {
println("*** Sending a new confirmation code")
resendConfirmationCode(clientId, userName)
}
println("*** Enter the confirmation code that was emailed")
val code = inOb.nextLine()
confirmSignUp(clientId, code, userName)
println("*** Rechecking the status of $userName in the user pool")
getAdminUser(userName, poolId)
val authResponse = checkAuthMethod(clientId, userName, password, poolId)
val mySession = authResponse.session
val newSession = getSecretForAppMFA(mySession)
println("*** Enter the 6-digit code displayed in Google Authenticator")
val myCode = inOb.nextLine()
// Verify the TOTP and register for MFA.
verifyTOTP(newSession, myCode)
println("*** Re-enter a 6-digit code displayed in Google Authenticator")
val mfaCode: String = inOb.nextLine()
val authResponse1 = checkAuthMethod(clientId, userName, password, poolId)
val session2 = authResponse1.session
adminRespondToAuthChallenge(userName, clientId, mfaCode, session2)
}
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour Kotlin*.
+ [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ConfirmDevice](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [InitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [RespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples).
Créez une classe qui encapsule les fonctions Amazon Cognito utilisées dans le scénario.
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def _secret_hash(self, user_name):
"""
Calculates a secret hash from a user name and a client secret.
:param user_name: The user name to use when calculating the hash.
:return: The secret hash.
"""
key = self.client_secret.encode()
msg = bytes(user_name + self.client_id, "utf-8")
secret_hash = base64.b64encode(
hmac.new(key, msg, digestmod=hashlib.sha256).digest()
).decode()
logger.info("Made secret hash for %s: %s.", user_name, secret_hash)
return secret_hash
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
def resend_confirmation(self, user_name):
"""
Prompts Amazon Cognito to resend an email with a new confirmation code.
:param user_name: The name of the user who will receive the email.
:return: Delivery information about where the email is sent.
"""
try:
kwargs = {"ClientId": self.client_id, "Username": user_name}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.resend_confirmation_code(**kwargs)
delivery = response["CodeDeliveryDetails"]
except ClientError as err:
logger.error(
"Couldn't resend confirmation to %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return delivery
def confirm_user_sign_up(self, user_name, confirmation_code):
"""
Confirms a previously created user. A user must be confirmed before they
can sign in to Amazon Cognito.
:param user_name: The name of the user to confirm.
:param confirmation_code: The confirmation code sent to the user's registered
email address.
:return: True when the confirmation succeeds.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"ConfirmationCode": confirmation_code,
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
self.cognito_idp_client.confirm_sign_up(**kwargs)
except ClientError as err:
logger.error(
"Couldn't confirm sign up for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return True
def list_users(self):
"""
Returns a list of the users in the current user pool.
:return: The list of users.
"""
try:
response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id)
users = response["Users"]
except ClientError as err:
logger.error(
"Couldn't list users for %s. Here's why: %s: %s",
self.user_pool_id,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return users
def start_sign_in(self, user_name, password):
"""
Starts the sign-in process for a user by using administrator credentials.
This method of signing in is appropriate for code running on a secure server.
If the user pool is configured to require MFA and this is the first sign-in
for the user, Amazon Cognito returns a challenge response to set up an
MFA application. When this occurs, this function gets an MFA secret from
Amazon Cognito and returns it to the caller.
:param user_name: The name of the user to sign in.
:param password: The user's password.
:return: The result of the sign-in attempt. When sign-in is successful, this
returns an access token that can be used to get AWS credentials. Otherwise,
Amazon Cognito returns a challenge to set up an MFA application,
or a challenge to enter an MFA code from a registered MFA application.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"AuthFlow": "ADMIN_USER_PASSWORD_AUTH",
"AuthParameters": {"USERNAME": user_name, "PASSWORD": password},
}
if self.client_secret is not None:
kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name)
response = self.cognito_idp_client.admin_initiate_auth(**kwargs)
challenge_name = response.get("ChallengeName", None)
if challenge_name == "MFA_SETUP":
if (
"SOFTWARE_TOKEN_MFA"
in response["ChallengeParameters"]["MFAS_CAN_SETUP"]
):
response.update(self.get_mfa_secret(response["Session"]))
else:
raise RuntimeError(
"The user pool requires MFA setup, but the user pool is not "
"configured for TOTP MFA. This example requires TOTP MFA."
)
except ClientError as err:
logger.error(
"Couldn't start sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
def get_mfa_secret(self, session):
"""
Gets a token that can be used to associate an MFA application with the user.
:param session: Session information returned from a previous call to initiate
authentication.
:return: An MFA token that can be used to set up an MFA application.
"""
try:
response = self.cognito_idp_client.associate_software_token(Session=session)
except ClientError as err:
logger.error(
"Couldn't get MFA secret. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
def verify_mfa(self, session, user_code):
"""
Verify a new MFA application that is associated with a user.
:param session: Session information returned from a previous call to initiate
authentication.
:param user_code: A code generated by the associated MFA application.
:return: Status that indicates whether the MFA application is verified.
"""
try:
response = self.cognito_idp_client.verify_software_token(
Session=session, UserCode=user_code
)
except ClientError as err:
logger.error(
"Couldn't verify MFA. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
def respond_to_mfa_challenge(self, user_name, session, mfa_code):
"""
Responds to a challenge for an MFA code. This completes the second step of
a two-factor sign-in. When sign-in is successful, it returns an access token
that can be used to get AWS credentials from Amazon Cognito.
:param user_name: The name of the user who is signing in.
:param session: Session information returned from a previous call to initiate
authentication.
:param mfa_code: A code generated by the associated MFA application.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": session,
"ChallengeResponses": {
"USERNAME": user_name,
"SOFTWARE_TOKEN_MFA_CODE": mfa_code,
},
}
if self.client_secret is not None:
kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash(
user_name
)
response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs)
auth_result = response["AuthenticationResult"]
except ClientError as err:
if err.response["Error"]["Code"] == "ExpiredCodeException":
logger.warning(
"Your MFA code has expired or has been used already. You might have "
"to wait a few seconds until your app shows you a new code."
)
else:
logger.error(
"Couldn't respond to mfa challenge for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_result
def confirm_mfa_device(
self,
user_name,
device_key,
device_group_key,
device_password,
access_token,
aws_srp,
):
"""
Confirms an MFA device to be tracked by Amazon Cognito. When a device is
tracked, its key and password can be used to sign in without requiring a new
MFA code from the MFA application.
:param user_name: The user that is associated with the device.
:param device_key: The key of the device, returned by Amazon Cognito.
:param device_group_key: The group key of the device, returned by Amazon Cognito.
:param device_password: The password that is associated with the device.
:param access_token: The user's access token.
:param aws_srp: A class that helps with Secure Remote Password (SRP)
calculations. The scenario associated with this example uses
the warrant package.
:return: True when the user must confirm the device. Otherwise, False. When
False, the device is automatically confirmed and tracked.
"""
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
device_and_pw = f"{device_group_key}{device_key}:{device_password}"
device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8"))
salt = aws_srp.pad_hex(aws_srp.get_random(16))
x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash))
verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n))
device_secret_verifier_config = {
"PasswordVerifier": base64.standard_b64encode(
bytearray.fromhex(verifier)
).decode("utf-8"),
"Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"),
}
try:
response = self.cognito_idp_client.confirm_device(
AccessToken=access_token,
DeviceKey=device_key,
DeviceSecretVerifierConfig=device_secret_verifier_config,
)
user_confirm = response["UserConfirmationNecessary"]
except ClientError as err:
logger.error(
"Couldn't confirm mfa device %s. Here's why: %s: %s",
device_key,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return user_confirm
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
Créez une classe qui exécute le scénario. Cet exemple enregistre également un appareil MFA devant être suivi par Amazon Cognito et vous montre comment vous connecter à l’aide d’un mot de passe et d’informations provenant de l’appareil suivi. Cela évite d’avoir à saisir un nouveau code MFA.
```
def run_scenario(cognito_idp_client, user_pool_id, client_id):
logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s")
print("-" * 88)
print("Welcome to the Amazon Cognito user signup with MFA demo.")
print("-" * 88)
cog_wrapper = CognitoIdentityProviderWrapper(
cognito_idp_client, user_pool_id, client_id
)
user_name = q.ask("Let's sign up a new user. Enter a user name: ", q.non_empty)
password = q.ask("Enter a password for the user: ", q.non_empty)
email = q.ask("Enter a valid email address that you own: ", q.non_empty)
confirmed = cog_wrapper.sign_up_user(user_name, password, email)
while not confirmed:
print(
f"User {user_name} requires confirmation. Check {email} for "
f"a verification code."
)
confirmation_code = q.ask("Enter the confirmation code from the email: ")
if not confirmation_code:
if q.ask("Do you need another confirmation code (y/n)? ", q.is_yesno):
delivery = cog_wrapper.resend_confirmation(user_name)
print(
f"Confirmation code sent by {delivery['DeliveryMedium']} "
f"to {delivery['Destination']}."
)
else:
confirmed = cog_wrapper.confirm_user_sign_up(user_name, confirmation_code)
print(f"User {user_name} is confirmed and ready to use.")
print("-" * 88)
print("Let's get a list of users in the user pool.")
q.ask("Press Enter when you're ready.")
users = cog_wrapper.list_users()
if users:
print(f"Found {len(users)} users:")
pp(users)
else:
print("No users found.")
print("-" * 88)
print("Let's sign in and get an access token.")
auth_tokens = None
challenge = "ADMIN_USER_PASSWORD_AUTH"
response = {}
while challenge is not None:
if challenge == "ADMIN_USER_PASSWORD_AUTH":
response = cog_wrapper.start_sign_in(user_name, password)
challenge = response["ChallengeName"]
elif response["ChallengeName"] == "MFA_SETUP":
print("First, we need to set up an MFA application.")
qr_img = qrcode.make(
f"otpauth://totp/{user_name}?secret={response['SecretCode']}"
)
qr_img.save("qr.png")
q.ask(
"Press Enter to see a QR code on your screen. Scan it into an MFA "
"application, such as Google Authenticator."
)
webbrowser.open("qr.png")
mfa_code = q.ask(
"Enter the verification code from your MFA application: ", q.non_empty
)
response = cog_wrapper.verify_mfa(response["Session"], mfa_code)
print(f"MFA device setup {response['Status']}")
print("Now that an MFA application is set up, let's sign in again.")
print(
"You might have to wait a few seconds for a new MFA code to appear in "
"your MFA application."
)
challenge = "ADMIN_USER_PASSWORD_AUTH"
elif response["ChallengeName"] == "SOFTWARE_TOKEN_MFA":
auth_tokens = None
while auth_tokens is None:
mfa_code = q.ask(
"Enter a verification code from your MFA application: ", q.non_empty
)
auth_tokens = cog_wrapper.respond_to_mfa_challenge(
user_name, response["Session"], mfa_code
)
print(f"You're signed in as {user_name}.")
print("Here's your access token:")
pp(auth_tokens["AccessToken"])
print("And your device information:")
pp(auth_tokens["NewDeviceMetadata"])
challenge = None
else:
raise Exception(f"Got unexpected challenge {response['ChallengeName']}")
print("-" * 88)
device_group_key = auth_tokens["NewDeviceMetadata"]["DeviceGroupKey"]
device_key = auth_tokens["NewDeviceMetadata"]["DeviceKey"]
device_password = base64.standard_b64encode(os.urandom(40)).decode("utf-8")
print("Let's confirm your MFA device so you don't have re-enter MFA tokens for it.")
q.ask("Press Enter when you're ready.")
cog_wrapper.confirm_mfa_device(
user_name,
device_key,
device_group_key,
device_password,
auth_tokens["AccessToken"],
aws_srp,
)
print(f"Your device {device_key} is confirmed.")
print("-" * 88)
print(
f"Now let's sign in as {user_name} from your confirmed device {device_key}.\n"
f"Because this device is tracked by Amazon Cognito, you won't have to re-enter an MFA code."
)
q.ask("Press Enter when ready.")
auth_tokens = cog_wrapper.sign_in_with_tracked_device(
user_name, password, device_key, device_group_key, device_password, aws_srp
)
print("You're signed in. Your access token is:")
pp(auth_tokens["AccessToken"])
print("-" * 88)
print("Don't forget to delete your user pool when you're done with this example.")
print("\nThanks for watching!")
print("-" * 88)
def main():
parser = argparse.ArgumentParser(
description="Shows how to sign up a new user with Amazon Cognito and associate "
"the user with an MFA application for multi-factor authentication."
)
parser.add_argument(
"user_pool_id", help="The ID of the user pool to use for the example."
)
parser.add_argument(
"client_id", help="The ID of the client application to use for the example."
)
args = parser.parse_args()
try:
run_scenario(boto3.client("cognito-idp"), args.user_pool_id, args.client_id)
except Exception:
logging.exception("Something went wrong with the demo.")
if __name__ == "__main__":
main()
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK for Python (Boto3)*.
+ [AdminGetUser](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)
------
#### [ Swift ]
**Kit SDK pour Swift**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples).
Fichier `Package.swift`.
```
// swift-tools-version: 5.9
//
// The swift-tools-version declares the minimum version of Swift required to
// build this package.
import PackageDescription
let package = Package(
name: "cognito-scenario",
// Let Xcode know the minimum Apple platforms supported.
platforms: [
.macOS(.v13),
.iOS(.v15)
],
dependencies: [
// Dependencies declare other packages that this package depends on.
.package(
url: "https://github.com/awslabs/aws-sdk-swift",
from: "1.0.0"),
.package(
url: "https://github.com/apple/swift-argument-parser.git",
branch: "main"
)
],
targets: [
// Targets are the basic building blocks of a package, defining a module or a test suite.
// Targets can depend on other targets in this package and products
// from dependencies.
.executableTarget(
name: "cognito-scenario",
dependencies: [
.product(name: "AWSCognitoIdentityProvider", package: "aws-sdk-swift"),
.product(name: "ArgumentParser", package: "swift-argument-parser")
],
path: "Sources")
]
)
```
Le fichier de code Swift.
```
// An example demonstrating various features of Amazon Cognito. Before running
// this Swift code example, set up your development environment, including
// your credentials.
//
// For more information, see the following documentation:
// https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html
//
// TIP: To set up the required user pool, run the AWS Cloud Development Kit
// (AWS CDK) script provided in this GitHub repo at
// resources/cdk/cognito_scenario_user_pool_with_mfa.
//
// This example performs the following functions:
//
// 1. Invokes the signUp method to sign up a user.
// 2. Invokes the adminGetUser method to get the user's confirmation status.
// 3. Invokes the ResendConfirmationCode method if the user requested another
// code.
// 4. Invokes the confirmSignUp method.
// 5. Invokes the initiateAuth to sign in. This results in being prompted to
// set up TOTP (time-based one-time password). (The response is
// “ChallengeName”: “MFA_SETUP”).
// 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private
// key. This can be used with Google Authenticator.
// 7. Invokes the VerifySoftwareToken method to verify the TOTP and register
// for MFA.
// 8. Invokes the AdminInitiateAuth to sign in again. This results in being
// prompted to submit a TOTP (Response: “ChallengeName”:
// “SOFTWARE_TOKEN_MFA”).
// 9. Invokes the AdminRespondToAuthChallenge to get back a token.
import ArgumentParser
import Foundation
import AWSClientRuntime
import AWSCognitoIdentityProvider
struct ExampleCommand: ParsableCommand {
@Argument(help: "The application clientId.")
var clientId: String
@Argument(help: "The user pool ID to use.")
var poolId: String
@Option(help: "Name of the Amazon Region to use")
var region = "us-east-1"
static var configuration = CommandConfiguration(
commandName: "cognito-scenario",
abstract: """
Demonstrates various features of Amazon Cognito.
""",
discussion: """
"""
)
/// Prompt for an input string of at least a minimum length.
///
/// - Parameters:
/// - prompt: The prompt string to display.
/// - minLength: The minimum number of characters to allow in the
/// response. Default value is 0.
///
/// - Returns: The entered string.
func stringRequest(_ prompt: String, minLength: Int = 1) -> String {
while true {
print(prompt, terminator: "")
let str = readLine()
guard let str else {
continue
}
if str.count >= minLength {
return str
} else {
print("*** Response must be at least \(minLength) character(s) long.")
}
}
}
/// Ask a yes/no question.
///
/// - Parameter prompt: A prompt string to print.
///
/// - Returns: `true` if the user answered "Y", otherwise `false`.
func yesNoRequest(_ prompt: String) -> Bool {
while true {
let answer = stringRequest(prompt).lowercased()
if answer == "y" || answer == "n" {
return answer == "y"
}
}
}
/// Get information about a specific user in a user pool.
///
/// - Parameters:
/// - cipClient: The Amazon Cognito Identity Provider client to use.
/// - userName: The user to retrieve information about.
/// - userPoolId: The user pool to search for the specified user.
///
/// - Returns: `true` if the user's information was successfully
/// retrieved. Otherwise returns `false`.
func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String,
userPoolId: String) async -> Bool {
do {
let output = try await cipClient.adminGetUser(
input: AdminGetUserInput(
userPoolId: userPoolId,
username: userName
)
)
guard let userStatus = output.userStatus else {
print("*** Unable to get the user's status.")
return false
}
print("User status: \(userStatus)")
return true
} catch {
return false
}
}
/// Create a new user in a user pool.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The ID of the app client to create a user for.
/// - userName: The username for the new user.
/// - password: The new user's password.
/// - email: The new user's email address.
///
/// - Returns: `true` if successful; otherwise `false`.
func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool {
let emailAttr = CognitoIdentityProviderClientTypes.AttributeType(
name: "email",
value: email
)
let userAttrsList = [emailAttr]
do {
_ = try await cipClient.signUp(
input: SignUpInput(
clientId: clientId,
password: password,
userAttributes: userAttrsList,
username: userName
)
)
print("=====> User \(userName) signed up.")
} catch _ as AWSCognitoIdentityProvider.UsernameExistsException {
print("*** The username \(userName) already exists. Please use a different one.")
return false
} catch let error as AWSCognitoIdentityProvider.InvalidPasswordException {
print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "").")
return false
} catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException {
print("*** Error: The specified client ID (\(clientId)) doesn't exist.")
return false
} catch {
print("*** Unexpected error: \(error)")
return false
}
return true
}
/// Requests a new confirmation code be sent to the given user's contact
/// method.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The application client ID.
/// - userName: The user to resend a code for.
///
/// - Returns: `true` if a new code was sent successfully, otherwise
/// `false`.
func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String) async -> Bool {
do {
let output = try await cipClient.resendConfirmationCode(
input: ResendConfirmationCodeInput(
clientId: clientId,
username: userName
)
)
guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else {
print("*** Unable to get the delivery method for the resent code.")
return false
}
print("=====> A new code has been sent by \(deliveryMedium)")
return true
} catch {
print("*** Unable to resend the confirmation code to user \(userName).")
return false
}
}
/// Submit a confirmation code for the specified user. This is the code as
/// entered by the user after they've received it by email or text
/// message.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The app client ID the user is signing up for.
/// - userName: The username of the user whose code is being sent.
/// - code: The user's confirmation code.
///
/// - Returns: `true` if the code was successfully confirmed; otherwise `false`.
func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, code: String) async -> Bool {
do {
_ = try await cipClient.confirmSignUp(
input: ConfirmSignUpInput(
clientId: clientId,
confirmationCode: code,
username: userName
)
)
print("=====> \(userName) has been confirmed.")
return true
} catch {
print("=====> \(userName)'s code was entered incorrectly.")
return false
}
}
/// Begin an authentication session.
///
/// - Parameters:
/// - cipClient: The `CongitoIdentityProviderClient` to use.
/// - clientId: The app client ID to use.
/// - userName: The username to check.
/// - password: The user's password.
/// - userPoolId: The user pool to use.
///
/// - Returns: The session token associated with this authentication
/// session.
func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, password: String,
userPoolId: String) async -> String? {
var authParams: [String: String] = [:]
authParams["USERNAME"] = userName
authParams["PASSWORD"] = password
do {
let output = try await cipClient.adminInitiateAuth(
input: AdminInitiateAuthInput(
authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth,
authParameters: authParams,
clientId: clientId,
userPoolId: userPoolId
)
)
guard let challengeName = output.challengeName else {
print("*** Invalid response from the auth service.")
return nil
}
print("=====> Response challenge is \(challengeName)")
return output.session
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return nil
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return nil
} catch {
print("*** An unexpected error occurred.")
return nil
}
}
/// Request and display an MFA secret token that the user should enter
/// into their authenticator to set it up for the user account.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - authSession: The authentication session to request an MFA secret
/// for.
///
/// - Returns: A string containing the MFA secret token that should be
/// entered into the authenticator software.
func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
do {
let output = try await cipClient.associateSoftwareToken(
input: AssociateSoftwareTokenInput(
session: authSession
)
)
guard let secretCode = output.secretCode else {
print("*** Unable to get the secret code")
return nil
}
print("=====> Enter this token into Google Authenticator: \(secretCode)")
return output.session
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return nil
} catch {
print("*** An unexpected error occurred getting the secret for the app's MFA.")
return nil
}
}
/// Confirm that the user's TOTP authenticator is configured correctly by
/// sending a code to it to check that it matches successfully.
///
/// - Parameters:
/// - cipClient: The `CongnitoIdentityProviderClient` to use.
/// - session: An authentication session previously returned by an
/// `associateSoftwareToken()` call.
/// - mfaCode: The 6-digit code currently displayed by the user's
/// authenticator, as provided by the user.
func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
do {
let output = try await cipClient.verifySoftwareToken(
input: VerifySoftwareTokenInput(
session: session,
userCode: mfaCode
)
)
guard let tokenStatus = output.status else {
print("*** Unable to get the token's status.")
return
}
print("=====> The token's status is: \(tokenStatus)")
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user has not been confirmed.")
return
} catch {
print("*** Error verifying the MFA token!")
return
}
}
/// Respond to the authentication challenge received from Cognito after
/// initiating an authentication session. This involves sending a current
/// MFA code to the service.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - userName: The user's username.
/// - clientId: The app client ID.
/// - userPoolId: The user pool to sign into.
/// - mfaCode: The 6-digit MFA code currently displayed by the user's
/// authenticator.
/// - session: The authentication session to continue processing.
func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String,
clientId: String, userPoolId: String, mfaCode: String,
session: String) async {
print("=====> SOFTWARE_TOKEN_MFA challenge is generated...")
var challengeResponsesOb: [String: String] = [:]
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
do {
let output = try await cipClient.adminRespondToAuthChallenge(
input: AdminRespondToAuthChallengeInput(
challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa,
challengeResponses: challengeResponsesOb,
clientId: clientId,
session: session,
userPoolId: userPoolId
)
)
guard let authenticationResult = output.authenticationResult else {
print("*** Unable to get authentication result.")
return
}
print("=====> Authentication result (JWTs are redacted):")
print(authenticationResult)
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return
} catch let error as NotAuthorizedException {
print("*** Unauthorized access. Reason: \(error.properties.message ?? "")")
} catch {
print("*** Error responding to the MFA challenge.")
return
}
}
/// Called by ``main()`` to run the bulk of the example.
func runAsync() async throws {
let config = try await CognitoIdentityProviderClient.CognitoIdentityProviderClientConfiguration(region: region)
let cipClient = CognitoIdentityProviderClient(config: config)
print("""
This example collects information about a user, then creates that user in the
specified user pool. Then, it enables Multi-Factor Authentication (MFA) for that
user by associating an authenticator application (such as Google Authenticator
or a password manager that supports TOTP). Then, the user uses a code from their
authenticator application to sign in.
""")
let userName = stringRequest("Please enter a new username: ")
let password = stringRequest("Enter a password: ")
let email = stringRequest("Enter your email address: ", minLength: 5)
// Submit the sign-up request to AWS.
print("==> Signing up user \(userName)...")
if await signUp(cipClient: cipClient, clientId: clientId,
userName: userName, password: password,
email: email) == false {
return
}
// Check the user's status. This time, it should come back "unconfirmed".
print("==> Getting the status of user \(userName) from the user pool (should be 'unconfirmed')...")
if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false {
return
}
// Ask the user if they want a replacement code sent, such as if the
// code hasn't arrived yet. If the user responds with a "yes," send a
// new code.
if yesNoRequest("==> A confirmation code was sent to \(userName). Would you like to send a new code (Y/N)? ") {
print("==> Sending a new confirmation code...")
if await resendConfirmationCode(cipClient: cipClient, clientId: clientId, userName: userName) == false {
return
}
}
// Ask the user to enter the confirmation code, then send it to Amazon
// Cognito to verify it.
let code = stringRequest("==> Enter the confirmation code sent to \(userName): ")
if await confirmSignUp(cipClient: cipClient, clientId: clientId, userName: userName, code: code) == false {
// The code didn't match. Your application may wish to offer to
// re-send the confirmation code here and try again.
return
}
// Check the user's status again. This time it should come back
// "confirmed".
print("==> Rechecking status of user \(userName) in the user pool (should be 'confirmed')...")
if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false {
return
}
// Check the challenge mode. Here, it should be "mfaSetup", indicating
// that the user needs to add MFA before using it. This returns a
// session that can be used to register MFA, or nil if an error occurs.
let authSession = await initiateAuth(cipClient: cipClient, clientId: clientId,
userName: userName, password: password,
userPoolId: poolId)
if authSession == nil {
return
}
// Ask Cognito for an MFA secret token that the user should enter into
// their authenticator software (such as Google Authenticator) or
// password manager to configure it for this user account. This
// returns a new session that should be used for the new stage of the
// authentication process.
let newSession = await getSecretForAppMFA(cipClient: cipClient, authSession: authSession)
if newSession == nil {
return
}
// Ask the user to enter the current 6-digit code displayed by their
// authenticator. Then verify that it matches the value expected for
// the session.
let mfaCode1 = stringRequest("==> Enter the 6-digit code displayed in your authenticator: ",
minLength: 6)
await verifyTOTP(cipClient: cipClient, session: newSession, mfaCode: mfaCode1)
// Ask the user to authenticate now that the authenticator has been
// configured. This creates a new session using the user's username
// and password as already entered.
print("\nNow starting the sign-in process for user \(userName)...\n")
let session2 = await initiateAuth(cipClient: cipClient, clientId: clientId,
userName: userName, password: password, userPoolId: poolId)
guard let session2 else {
return
}
// Now that we have a new auth session, `session2`, ask the user for a
// new 6-digit code from their authenticator, and send it to the auth
// session.
let mfaCode2 = stringRequest("==> Wait for your authenticator to show a new 6-digit code, then enter it: ",
minLength: 6)
await adminRespondToAuthChallenge(cipClient: cipClient, userName: userName,
clientId: clientId, userPoolId: poolId,
mfaCode: mfaCode2, session: session2)
}
}
/// The program's asynchronous entry point.
@main
struct Main {
static func main() async {
let args = Array(CommandLine.arguments.dropFirst())
do {
let command = try ExampleCommand.parse(args)
try await command.runAsync()
} catch {
ExampleCommand.exit(withError: error)
}
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour Swift*.
+ [AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))
+ [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))
+ [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))
+ [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))
+ [ConfirmDevice](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmdevice(input:))
+ [ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))
+ [InitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/initiateauth(input:))
+ [ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))
+ [ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))
+ [RespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/respondtoauthchallenge(input:))
+ [SignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/signup(input:))
+ [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Utiliser les pools d'identités et les flux d'authentification Amazon Cognito
L'exemple de code suivant montre comment créer une application de démonstration Web illustrant les flux d'authentification des pools d'identités.
------
#### [ Python ]
**Kit SDK for Python (Boto3)**
Montre une application de démonstration basée sur le Web qui présente les flux d'authentification des pools d'identités Amazon Cognito, permettant aux utilisateurs d'explorer de manière interactive les flux d'authentification améliorés et de base avec différents fournisseurs d'identité.
Pour obtenir le code source complet et les instructions de configuration et d'exécution, consultez l'exemple complet sur [ GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito/scenarios/identity_pools_example_demo).
**Les services utilisés dans cet exemple**
+ Fournisseur d’identité Amazon Cognito
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Rédigez des données d'activité personnalisées avec une fonction Lambda après l'authentification de l'utilisateur Amazon Cognito à l'aide d'un SDK AWS
L’exemple de code suivant illustre comment écrire des données d’activité personnalisées avec une fonction Lambda après l’authentification utilisateur Amazon Cognito.
+ Utilisez les fonctions d’administrateur pour ajouter un utilisateur à un groupe d’utilisateurs.
+ Configurez un groupe d’utilisateurs pour appeler une fonction Lambda pour le déclencheur `PostAuthentication`.
+ Inscrivez le nouvel utilisateur dans Amazon Cognito.
+ La fonction Lambda écrit des informations personnalisées dans des CloudWatch journaux et dans une table DynamoDB.
+ Obtenez et affichez les données personnalisées à partir de la table DynamoDB, puis nettoyer les ressources.
------
#### [ Go ]
**Kit SDK pour Go V2**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples).
Exécutez un scénario interactif à une invite de commande.
```
import (
"context"
"errors"
"log"
"strings"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// ActivityLog separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type ActivityLog struct {
helper IScenarioHelper
questioner demotools.IQuestioner
resources Resources
cognitoActor *actions.CognitoActions
}
// NewActivityLog constructs a new activity log runner.
func NewActivityLog(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) ActivityLog {
scenario := ActivityLog{
helper: helper,
questioner: questioner,
resources: Resources{},
cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
}
scenario.resources.init(scenario.cognitoActor, questioner)
return scenario
}
// AddUserToPool selects a user from the known users table and uses administrator credentials to add the user to the user pool.
func (runner *ActivityLog) AddUserToPool(ctx context.Context, userPoolId string, tableName string) (string, string) {
log.Println("To facilitate this example, let's add a user to the user pool using administrator privileges.")
users, err := runner.helper.GetKnownUsers(ctx, tableName)
if err != nil {
panic(err)
}
user := users.Users[0]
log.Printf("Adding known user %v to the user pool.\n", user.UserName)
err = runner.cognitoActor.AdminCreateUser(ctx, userPoolId, user.UserName, user.UserEmail)
if err != nil {
panic(err)
}
pwSet := false
password := runner.questioner.AskPassword("\nEnter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
"(the password will not display as you type):", 8)
for !pwSet {
log.Printf("\nSetting password for user '%v'.\n", user.UserName)
err = runner.cognitoActor.AdminSetUserPassword(ctx, userPoolId, user.UserName, password)
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
password = runner.questioner.AskPassword("\nEnter another password:", 8)
} else {
panic(err)
}
} else {
pwSet = true
}
}
log.Println(strings.Repeat("-", 88))
return user.UserName, password
}
// AddActivityLogTrigger adds a Lambda handler as an invocation target for the PostAuthentication trigger.
func (runner *ActivityLog) AddActivityLogTrigger(ctx context.Context, userPoolId string, activityLogArn string) {
log.Println("Let's add a Lambda function to handle the PostAuthentication trigger from Cognito.\n" +
"This trigger happens after a user is authenticated, and lets your function take action, such as logging\n" +
"the outcome.")
err := runner.cognitoActor.UpdateTriggers(
ctx, userPoolId,
actions.TriggerInfo{Trigger: actions.PostAuthentication, HandlerArn: aws.String(activityLogArn)})
if err != nil {
panic(err)
}
runner.resources.triggers = append(runner.resources.triggers, actions.PostAuthentication)
log.Printf("Lambda function %v added to user pool %v to handle PostAuthentication Cognito trigger.\n",
activityLogArn, userPoolId)
log.Println(strings.Repeat("-", 88))
}
// SignInUser signs in as the specified user.
func (runner *ActivityLog) SignInUser(ctx context.Context, clientId string, userName string, password string) {
log.Printf("Now we'll sign in user %v and check the results in the logs and the DynamoDB table.", userName)
runner.questioner.Ask("Press Enter when you're ready.")
authResult, err := runner.cognitoActor.SignIn(ctx, clientId, userName, password)
if err != nil {
panic(err)
}
log.Println("Sign in successful.",
"The PostAuthentication Lambda handler writes custom information to CloudWatch Logs.")
runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
}
// GetKnownUserLastLogin gets the login info for a user from the Amazon DynamoDB table and displays it.
func (runner *ActivityLog) GetKnownUserLastLogin(ctx context.Context, tableName string, userName string) {
log.Println("The PostAuthentication handler also writes login data to the DynamoDB table.")
runner.questioner.Ask("Press Enter when you're ready to continue.")
users, err := runner.helper.GetKnownUsers(ctx, tableName)
if err != nil {
panic(err)
}
for _, user := range users.Users {
if user.UserName == userName {
log.Println("The last login info for the user in the known users table is:")
log.Printf("\t%+v", *user.LastLogin)
}
}
log.Println(strings.Repeat("-", 88))
}
// Run runs the scenario.
func (runner *ActivityLog) Run(ctx context.Context, stackName string) {
defer func() {
if r := recover(); r != nil {
log.Println("Something went wrong with the demo.")
runner.resources.Cleanup(ctx)
}
}()
log.Println(strings.Repeat("-", 88))
log.Printf("Welcome\n")
log.Println(strings.Repeat("-", 88))
stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
if err != nil {
panic(err)
}
runner.resources.userPoolId = stackOutputs["UserPoolId"]
runner.helper.PopulateUserTable(ctx, stackOutputs["TableName"])
userName, password := runner.AddUserToPool(ctx, stackOutputs["UserPoolId"], stackOutputs["TableName"])
runner.AddActivityLogTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["ActivityLogFunctionArn"])
runner.SignInUser(ctx, stackOutputs["UserPoolClientId"], userName, password)
runner.helper.ListRecentLogEvents(ctx, stackOutputs["ActivityLogFunction"])
runner.GetKnownUserLastLogin(ctx, stackOutputs["TableName"], userName)
runner.resources.Cleanup(ctx)
log.Println(strings.Repeat("-", 88))
log.Println("Thanks for watching!")
log.Println(strings.Repeat("-", 88))
}
```
Gérez le déclencheur `PostAuthentication` avec une fonction Lambda.
```
import (
"context"
"fmt"
"log"
"os"
"time"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
const TABLE_NAME = "TABLE_NAME"
// LoginInfo defines structured login data that can be marshalled to a DynamoDB format.
type LoginInfo struct {
UserPoolId string `dynamodbav:"UserPoolId"`
ClientId string `dynamodbav:"ClientId"`
Time string `dynamodbav:"Time"`
}
// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
UserName string `dynamodbav:"UserName"`
UserEmail string `dynamodbav:"UserEmail"`
LastLogin LoginInfo `dynamodbav:"LastLogin"`
}
// GetKey marshals the user email value to a DynamoDB key format.
func (user UserInfo) GetKey() map[string]dynamodbtypes.AttributeValue {
userEmail, err := attributevalue.Marshal(user.UserEmail)
if err != nil {
panic(err)
}
return map[string]dynamodbtypes.AttributeValue{"UserEmail": userEmail}
}
type handler struct {
dynamoClient *dynamodb.Client
}
// HandleRequest handles the PostAuthentication event by writing custom data to the logs and
// to an Amazon DynamoDB table.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsPostAuthentication) (events.CognitoEventUserPoolsPostAuthentication, error) {
log.Printf("Received post authentication trigger from %v for user '%v'", event.TriggerSource, event.UserName)
tableName := os.Getenv(TABLE_NAME)
user := UserInfo{
UserName: event.UserName,
UserEmail: event.Request.UserAttributes["email"],
LastLogin: LoginInfo{
UserPoolId: event.UserPoolID,
ClientId: event.CallerContext.ClientID,
Time: time.Now().Format(time.UnixDate),
},
}
// Write to CloudWatch Logs.
fmt.Printf("%#v", user)
// Also write to an external system. This examples uses DynamoDB to demonstrate.
userMap, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshal to DynamoDB map. Here's why: %v\n", err)
} else if len(userMap) == 0 {
log.Printf("User info marshaled to an empty map.")
} else {
_, err := h.dynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userMap,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't write to DynamoDB. Here's why: %v\n", err)
} else {
log.Printf("Wrote user info to DynamoDB table %v.\n", tableName)
}
}
return event, nil
}
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
log.Panicln(err)
}
h := handler{
dynamoClient: dynamodb.NewFromConfig(sdkConfig),
}
lambda.Start(h.HandleRequest)
}
```
Créez une structure qui exécute les tâches courantes.
```
import (
"context"
"log"
"strings"
"time"
"user_pools_and_lambda_triggers/actions"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
Pause(secs int)
GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
PopulateUserTable(ctx context.Context, tableName string)
GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
AddKnownUser(ctx context.Context, tableName string, user actions.User)
ListRecentLogEvents(ctx context.Context, functionName string)
}
// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
questioner demotools.IQuestioner
dynamoActor *actions.DynamoActions
cfnActor *actions.CloudFormationActions
cwlActor *actions.CloudWatchLogsActions
isTestRun bool
}
// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
scenario := ScenarioHelper{
questioner: questioner,
dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
}
return scenario
}
// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
if !helper.isTestRun {
time.Sleep(time.Duration(secs) * time.Second)
}
}
// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
return helper.cfnActor.GetOutputs(ctx, stackName), nil
}
// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
err := helper.dynamoActor.PopulateTable(ctx, tableName)
if err != nil {
panic(err)
}
}
// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
if err != nil {
log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
}
return knownUsers, err
}
// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
user.UserName, user.UserEmail)
err := helper.dynamoActor.AddUser(ctx, tableName, user)
if err != nil {
panic(err)
}
}
// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
helper.Pause(10)
log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
if err != nil {
panic(err)
}
log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
if err != nil {
panic(err)
}
for _, event := range events {
log.Printf("\t%v", *event.Message)
}
log.Println(strings.Repeat("-", 88))
}
```
Créez une structure qui encapsule les actions Amazon Cognito.
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
Créez une structure qui encapsule les actions DynamoDB.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)
// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
DynamoClient *dynamodb.Client
}
// User defines structured user data.
type User struct {
UserName string
UserEmail string
LastLogin *LoginInfo `dynamodbav:",omitempty"`
}
// LoginInfo defines structured custom login data.
type LoginInfo struct {
UserPoolId string
ClientId string
Time string
}
// UserList defines a list of users.
type UserList struct {
Users []User
}
// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
names := make([]string, len(users.Users))
for i := 0; i < len(users.Users); i++ {
names[i] = users.Users[i].UserName
}
return names
}
// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
var err error
var item map[string]types.AttributeValue
var writeReqs []types.WriteRequest
for i := 1; i < 4; i++ {
item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
if err != nil {
log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
return err
}
writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
}
_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
})
if err != nil {
log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
}
return err
}
// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
var userList UserList
output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
} else {
err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
if err != nil {
log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
}
}
return userList, err
}
// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
userItem, err := attributevalue.MarshalMap(user)
if err != nil {
log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
}
_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
Item: userItem,
TableName: aws.String(tableName),
})
if err != nil {
log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
}
return err
}
```
Créez une structure qui englobe les actions CloudWatch Logs.
```
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)
type CloudWatchLogsActions struct {
CwlClient *cloudwatchlogs.Client
}
// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
var logStream types.LogStream
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
Descending: aws.Bool(true),
Limit: aws.Int32(1),
LogGroupName: aws.String(logGroupName),
OrderBy: types.OrderByLastEventTime,
})
if err != nil {
log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
} else {
logStream = output.LogStreams[0]
}
return logStream, err
}
// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
[]types.OutputLogEvent, error) {
var events []types.OutputLogEvent
logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
LogStreamName: aws.String(logStreamName),
Limit: aws.Int32(eventCount),
LogGroupName: aws.String(logGroupName),
})
if err != nil {
log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
} else {
events = output.Events
}
return events, err
}
```
Créez une structure qui englobe les actions. CloudFormation
```
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)
// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string
type CloudFormationActions struct {
CfnClient *cloudformation.Client
}
// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(stackName),
})
if err != nil || len(output.Stacks) == 0 {
log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
}
stackOutputs := StackOutputs{}
for _, out := range output.Stacks[0].Outputs {
stackOutputs[*out.OutputKey] = *out.OutputValue
}
return stackOutputs
}
```
Nettoyez les ressources.
```
import (
"context"
"log"
"user_pools_and_lambda_triggers/actions"
"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)
// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
userPoolId string
userAccessTokens []string
triggers []actions.Trigger
cognitoActor *actions.CognitoActions
questioner demotools.IQuestioner
}
func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
resources.userAccessTokens = []string{}
resources.triggers = []actions.Trigger{}
resources.cognitoActor = cognitoActor
resources.questioner = questioner
}
// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
defer func() {
if r := recover(); r != nil {
log.Printf("Something went wrong during cleanup.\n%v\n", r)
log.Println("Use the AWS Management Console to remove any remaining resources \n" +
"that were created for this scenario.")
}
}()
wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
"during this demo (y/n)?", "y")
if wantDelete {
for _, accessToken := range resources.userAccessTokens {
err := resources.cognitoActor.DeleteUser(ctx, accessToken)
if err != nil {
log.Println("Couldn't delete user during cleanup.")
panic(err)
}
log.Println("Deleted user.")
}
triggerList := make([]actions.TriggerInfo, len(resources.triggers))
for i := 0; i < len(resources.triggers); i++ {
triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
}
err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
if err != nil {
log.Println("Couldn't update Cognito triggers during cleanup.")
panic(err)
}
log.Println("Removed Cognito triggers from user pool.")
} else {
log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
}
}
```
+ Pour plus de détails sur l’API, consultez les rubriques suivantes dans la *Référence des API du kit AWS SDK pour Go *.
+ [AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)
+ [AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)
+ [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
+ [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
+ [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
# Exemples de code pour Amazon Cognito Sync à l'aide de AWS SDKs
Les exemples de code suivants montrent comment utiliser Amazon Cognito Sync avec un kit de développement AWS logiciel (SDK).
Les *actions* sont des extraits de code de programmes plus larges et doivent être exécutées dans leur contexte. Alors que les actions vous indiquent comment appeler des fonctions de service individuelles, vous pouvez les voir en contexte dans leurs scénarios associés.
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.
**Contents**
+ [Principes de base](service_code_examples_cognito-sync_basics.md)
+ [Actions](service_code_examples_cognito-sync_actions.md)
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Exemples de base relatifs à l'utilisation d'Amazon Cognito Sync AWS SDKs
Les exemples de code suivants montrent comment utiliser les principes de base d'Amazon Cognito Sync with. AWS SDKs
**Contents**
+ [Actions](service_code_examples_cognito-sync_actions.md)
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Actions pour Amazon Cognito Sync à l'aide d'Amazon Cognito AWS SDKs
Les exemples de code suivants montrent comment effectuer des actions Amazon Cognito Sync individuelles avec. AWS SDKs Chaque exemple inclut un lien vers GitHub, où vous pouvez trouver des instructions pour configurer et exécuter le code.
Les exemples suivants incluent uniquement les actions les plus couramment utilisées. Pour obtenir la liste complète, consultez [Amazon Cognito Sync API Reference](https://docs.aws.amazon.com/cognitosync/latest/APIReference/Welcome.html) (Référence de l’API Synchronisation Amazon Cognito).
**Topics**
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)
# Utilisation `ListIdentityPoolUsage` avec un AWS SDK
L'exemple de code suivant montre comment utiliser`ListIdentityPoolUsage`.
------
#### [ Rust ]
**SDK pour Rust**
Il y en a plus à ce sujet GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le [référentiel d’exemples de code AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitosync#code-examples).
```
async fn show_pools(client: &Client) -> Result<(), Error> {
let response = client
.list_identity_pool_usage()
.max_results(10)
.send()
.await?;
let pools = response.identity_pool_usages();
println!("Identity pools:");
for pool in pools {
println!(
" Identity pool ID: {}",
pool.identity_pool_id().unwrap_or_default()
);
println!(
" Data storage: {}",
pool.data_storage().unwrap_or_default()
);
println!(
" Sync sessions count: {}",
pool.sync_sessions_count().unwrap_or_default()
);
println!(
" Last modified: {}",
pool.last_modified_date().unwrap().to_chrono_utc()?
);
println!();
}
println!("Next token: {}", response.next_token().unwrap_or_default());
Ok(())
}
```
+ Pour plus de détails sur l'API, voir [ListIdentityPoolUsage](https://docs.rs/aws-sdk-cognitosync/latest/aws_sdk_cognitosync/client/struct.Client.html#method.list_identity_pool_usage)la section de *référence de l'API AWS SDK for Rust*.
------
Pour obtenir la liste complète des guides de développement du AWS SDK et des exemples de code, consultez[Utilisation de ce service avec un AWS SDK](sdk-general-information-section.md). Cette rubrique comprend également des informations sur le démarrage et sur les versions précédentes du kit SDK.