Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà. # Esempi di codice per l'utilizzo di Amazon Cognito AWS SDKs I seguenti esempi di codice mostrano come usare Amazon Cognito con un kit di sviluppo AWS software (SDK). Per un elenco completo di guide ed esempi di codice per sviluppatori AWS SDK, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell'SDK. **Contents** + [Amazon Cognito Identity](service_code_examples_cognito-identity.md) + [Nozioni di base](service_code_examples_cognito-identity_basics.md) + [Azioni](service_code_examples_cognito-identity_actions.md) + [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md) + [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md) + [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md) + [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md) + [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md) + [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md) + [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md) + [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md) + [Scenari](service_code_examples_cognito-identity_scenarios.md) + [Creazione di un'applicazione Amazon Textract explorer](cognito-identity_example_cross_TextractExplorer_section.md) + [Gestore dell’identità per Amazon Cognito](service_code_examples_cognito-identity-provider.md) + [Nozioni di base](service_code_examples_cognito-identity-provider_basics.md) + [Ciao Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md) + [Azioni](service_code_examples_cognito-identity-provider_actions.md) + [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md) + [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md) + [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md) + [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md) + [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md) + [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md) + [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md) + [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md) + [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md) + [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md) + [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md) + [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md) + [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md) + [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md) + [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md) + [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md) + [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md) + [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md) + [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md) + [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md) + [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md) + [Scenari](service_code_examples_cognito-identity-provider_scenarios.md) + [Confermare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md) + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) + [Usa i pool di identità di Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md) + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) + [Amazon Cognito Sync](service_code_examples_cognito-sync.md) + [Nozioni di base](service_code_examples_cognito-sync_basics.md) + [Azioni](service_code_examples_cognito-sync_actions.md) + [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md) # Esempi di codice per l'utilizzo di Amazon Cognito Identity AWS SDKs I seguenti esempi di codice mostrano come usare Amazon Cognito Identity con un kit di sviluppo AWS software (SDK). Le *azioni* sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le azioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati. *Scenari*: esempi di codice che mostrano come eseguire un’attività specifica chiamando più funzioni all’interno dello stesso servizio o combinate con altri Servizi AWS. Per un elenco completo di guide ed esempi di codice per sviluppatori AWS SDK, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. **Contents** + [Nozioni di base](service_code_examples_cognito-identity_basics.md) + [Azioni](service_code_examples_cognito-identity_actions.md) + [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md) + [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md) + [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md) + [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md) + [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md) + [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md) + [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md) + [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md) + [Scenari](service_code_examples_cognito-identity_scenarios.md) + [Creazione di un'applicazione Amazon Textract explorer](cognito-identity_example_cross_TextractExplorer_section.md) # Esempi di base per l'utilizzo di Amazon Cognito Identity AWS SDKs I seguenti esempi di codice mostrano come utilizzare le nozioni di base di Amazon Cognito Identity con. AWS SDKs **Contents** + [Azioni](service_code_examples_cognito-identity_actions.md) + [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md) + [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md) + [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md) + [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md) + [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md) + [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md) + [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md) + [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md) # Azioni per l'utilizzo di Amazon Cognito Identity AWS SDKs I seguenti esempi di codice mostrano come eseguire singole azioni di Amazon Cognito Identity con. AWS SDKs Ogni esempio include un collegamento a GitHub, dove puoi trovare le istruzioni per la configurazione e l'esecuzione del codice. Questi estratti chiamano l’API Amazon Cognito Identity e sono estratti di codice da programmi più grandi che devono essere eseguiti in modo contestuale. È possibile visualizzare le azioni nel contesto in [Scenari per l'utilizzo di Amazon Cognito Identity AWS SDKs](service_code_examples_cognito-identity_scenarios.md). Gli esempi seguenti includono solo le azioni più comunemente utilizzate. Per l’elenco completo, consulta la [documentazione di riferimento dell’API Amazon Cognito Identity](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/Welcome.html). **Topics** + [`CreateIdentityPool`](cognito-identity_example_cognito-identity_CreateIdentityPool_section.md) + [`DeleteIdentityPool`](cognito-identity_example_cognito-identity_DeleteIdentityPool_section.md) + [`DescribeIdentityPool`](cognito-identity_example_cognito-identity_DescribeIdentityPool_section.md) + [`GetCredentialsForIdentity`](cognito-identity_example_cognito-identity_GetCredentialsForIdentity_section.md) + [`GetIdentityPoolRoles`](cognito-identity_example_cognito-identity_GetIdentityPoolRoles_section.md) + [`ListIdentityPools`](cognito-identity_example_cognito-identity_ListIdentityPools_section.md) + [`SetIdentityPoolRoles`](cognito-identity_example_cognito-identity_SetIdentityPoolRoles_section.md) + [`UpdateIdentityPool`](cognito-identity_example_cognito-identity_UpdateIdentityPool_section.md) # Utilizzo `CreateIdentityPool` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `CreateIdentityPool`. ------ #### [ CLI ] **AWS CLI** **Come creare un pool di identità con il provider del pool di identità Cognito** Questo esempio crea un pool di identità denominato MyIdentityPool. Dispone di un provider del pool di identità Cognito. Le identità non autenticate non sono consentite. Comando: ``` aws cognito-identity create-identity-pool --identity-pool-name MyIdentityPool --no-allow-unauthenticated-identities --cognito-identity-providers ProviderName="cognito-idp.us-west-2.amazonaws.com/us-west-2_aaaaaaaaa",ClientId="3n4b5urk1ft4fl3mg5e62d9ado",ServerSideTokenCheck=false ``` Output: ``` { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "IdentityPoolName": "MyIdentityPool", "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111", "ClientId": "3n4b5urk1ft4fl3mg5e62d9ado", "ServerSideTokenCheck": false } ] } ``` + Per i dettagli sull'API, vedere [CreateIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/create-identity-pool.html)in *AWS CLI Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolRequest; import software.amazon.awssdk.services.cognitoidentity.model.CreateIdentityPoolResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class CreateIdentityPool { public static void main(String[] args) { final String usage = """ Usage: \s Where: identityPoolName - The name to give your identity pool. """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String identityPoolName = args[0]; CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder() .region(Region.US_EAST_1) .build(); String identityPoolId = createIdPool(cognitoClient, identityPoolName); System.out.println("Unity pool ID " + identityPoolId); cognitoClient.close(); } public static String createIdPool(CognitoIdentityClient cognitoClient, String identityPoolName) { try { CreateIdentityPoolRequest poolRequest = CreateIdentityPoolRequest.builder() .allowUnauthenticatedIdentities(false) .identityPoolName(identityPoolName) .build(); CreateIdentityPoolResponse response = cognitoClient.createIdentityPool(poolRequest); return response.identityPoolId(); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; } } ``` + Per i dettagli sull'API, consulta la [CreateIdentityPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/CreateIdentityPool)sezione *AWS SDK for Java 2.x API Reference*. ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: crea un nuovo pool di identità che consente di utilizzare identità non autenticate.** ``` New-CGIIdentityPool -AllowUnauthenticatedIdentities $true -IdentityPoolName CommonTests13 ``` **Output:** ``` LoggedAt : 8/12/2015 4:56:07 PM AllowUnauthenticatedIdentities : True DeveloperProviderName : IdentityPoolId : us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 IdentityPoolName : CommonTests13 OpenIdConnectProviderARNs : {} SupportedLoginProviders : {} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 136 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [CreateIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: crea un nuovo pool di identità che consente di utilizzare identità non autenticate.** ``` New-CGIIdentityPool -AllowUnauthenticatedIdentities $true -IdentityPoolName CommonTests13 ``` **Output:** ``` LoggedAt : 8/12/2015 4:56:07 PM AllowUnauthenticatedIdentities : True DeveloperProviderName : IdentityPoolId : us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 IdentityPoolName : CommonTests13 OpenIdConnectProviderARNs : {} SupportedLoginProviders : {} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 136 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [CreateIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples). ``` import AWSCognitoIdentity /// Create a new identity pool and return its ID. /// /// - Parameters: /// - name: The name to give the new identity pool. /// /// - Returns: A string containing the newly created pool's ID, or `nil` /// if an error occurred. /// func createIdentityPool(name: String) async throws -> String? { do { let cognitoInputCall = CreateIdentityPoolInput(developerProviderName: "com.exampleco.CognitoIdentityDemo", identityPoolName: name) let result = try await cognitoIdentityClient.createIdentityPool(input: cognitoInputCall) guard let poolId = result.identityPoolId else { return nil } return poolId } catch { print("ERROR: createIdentityPool:", dump(error)) throw error } } ``` + Per ulteriori informazioni, consulta [Guida per gli sviluppatori di AWS SDK per Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html). + Per i dettagli sull'API, consulta la [CreateIdentityPool](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/createidentitypool(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `DeleteIdentityPool` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `DeleteIdentityPool`. ------ #### [ CLI ] **AWS CLI** **Come eliminare un pool di identità** L’esempio `delete-identity-pool` seguente elimina il pool di identità specificato. Comando: ``` aws cognito-identity delete-identity-pool \ --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" ``` Questo comando non produce alcun output. + Per i dettagli sull'API, consulta [DeleteIdentityPool AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/delete-identity-pool.html)*Command Reference.* ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider; import software.amazon.awssdk.awscore.exception.AwsServiceException; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.DeleteIdentityPoolRequest; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class DeleteIdentityPool { public static void main(String[] args) { final String usage = """ Usage: \s Where: identityPoolId - The Id value of your identity pool. """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String identityPoold = args[0]; CognitoIdentityClient cognitoIdClient = CognitoIdentityClient.builder() .region(Region.US_EAST_1) .credentialsProvider(ProfileCredentialsProvider.create()) .build(); deleteIdPool(cognitoIdClient, identityPoold); cognitoIdClient.close(); } public static void deleteIdPool(CognitoIdentityClient cognitoIdClient, String identityPoold) { try { DeleteIdentityPoolRequest identityPoolRequest = DeleteIdentityPoolRequest.builder() .identityPoolId(identityPoold) .build(); cognitoIdClient.deleteIdentityPool(identityPoolRequest); System.out.println("Done"); } catch (AwsServiceException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, consulta la [DeleteIdentityPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/DeleteIdentityPool)sezione *AWS SDK for Java 2.x API Reference*. ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: elimina un pool di identità specifico.** ``` Remove-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 ``` + Per i dettagli sull'API, vedere [DeleteIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: elimina un pool di identità specifico.** ``` Remove-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 ``` + Per i dettagli sull'API, vedere [DeleteIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples). ``` import AWSCognitoIdentity /// Delete the specified identity pool. /// /// - Parameters: /// - id: The ID of the identity pool to delete. /// func deleteIdentityPool(id: String) async throws { do { let input = DeleteIdentityPoolInput( identityPoolId: id ) _ = try await cognitoIdentityClient.deleteIdentityPool(input: input) } catch { print("ERROR: deleteIdentityPool:", dump(error)) throw error } } ``` + Per ulteriori informazioni, consulta [Guida per gli sviluppatori di AWS SDK per Swift](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html). + Per i dettagli sull'API, consulta la [DeleteIdentityPool](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/deleteidentitypool(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzare `DescribeIdentityPool` con una CLI Gli esempi di codice seguenti mostrano come utilizzare `DescribeIdentityPool`. ------ #### [ CLI ] **AWS CLI** **Come descrivere un pool di identità** Questo esempio descrive un pool di identità. Comando: ``` aws cognito-identity describe-identity-pool --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" ``` Output: ``` { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "IdentityPoolName": "MyIdentityPool", "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111", "ClientId": "3n4b5urk1ft4fl3mg5e62d9ado", "ServerSideTokenCheck": false } ] } ``` + Per i dettagli sull'API, consulta [DescribeIdentityPool AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/describe-identity-pool.html)*Command Reference.* ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: recupera informazioni su uno specifico pool di identità in base al relativo ID.** ``` Get-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 ``` **Output:** ``` LoggedAt : 8/12/2015 4:29:40 PM AllowUnauthenticatedIdentities : True DeveloperProviderName : IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 IdentityPoolName : CommonTests1 OpenIdConnectProviderARNs : {} SupportedLoginProviders : {} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 142 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [DescribeIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: recupera informazioni su uno specifico pool di identità in base al relativo ID.** ``` Get-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 ``` **Output:** ``` LoggedAt : 8/12/2015 4:29:40 PM AllowUnauthenticatedIdentities : True DeveloperProviderName : IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 IdentityPoolName : CommonTests1 OpenIdConnectProviderARNs : {} SupportedLoginProviders : {} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 142 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [DescribeIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, vedere. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzare `GetCredentialsForIdentity` con un SDK AWS Il seguente esempio di codice mostra come utilizzare`GetCredentialsForIdentity`. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityRequest; import software.amazon.awssdk.services.cognitoidentity.model.GetCredentialsForIdentityResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class GetIdentityCredentials { public static void main(String[] args) { final String usage = """ Usage: \s Where: identityId - The Id of an existing identity in the format REGION:GUID. """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String identityId = args[0]; CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder() .region(Region.US_EAST_1) .build(); getCredsForIdentity(cognitoClient, identityId); cognitoClient.close(); } public static void getCredsForIdentity(CognitoIdentityClient cognitoClient, String identityId) { try { GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = GetCredentialsForIdentityRequest .builder() .identityId(identityId) .build(); GetCredentialsForIdentityResponse response = cognitoClient .getCredentialsForIdentity(getCredentialsForIdentityRequest); System.out.println( "Identity ID " + response.identityId() + ", Access key ID " + response.credentials().accessKeyId()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, consulta la [GetCredentialsForIdentity](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/GetCredentialsForIdentity)sezione *AWS SDK for Java 2.x API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzare `GetIdentityPoolRoles` con una CLI Gli esempi di codice seguenti mostrano come utilizzare `GetIdentityPoolRoles`. ------ #### [ CLI ] **AWS CLI** **Come ottenere i ruoli del pool di identità** Questo esempio elenca i ruoli del pool di identità. Comando: ``` aws cognito-identity get-identity-pool-roles --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" ``` Output: ``` { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "Roles": { "authenticated": "arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolAuth_Role", "unauthenticated": "arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolUnauth_Role" } } ``` + Per i dettagli sull'API, consulta [GetIdentityPoolRoles AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/get-identity-pool-roles.html)*Command Reference.* ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: ottiene informazioni sui ruoli per un pool di identità specifico.** ``` Get-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 ``` **Output:** ``` LoggedAt : 8/12/2015 4:33:51 PM IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 Roles : {[unauthenticated, arn:aws:iam::123456789012:role/CommonTests1Role]} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 165 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [GetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: ottiene informazioni sui ruoli per un pool di identità specifico.** ``` Get-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 ``` **Output:** ``` LoggedAt : 8/12/2015 4:33:51 PM IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 Roles : {[unauthenticated, arn:aws:iam::123456789012:role/CommonTests1Role]} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 165 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [GetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, vedere. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ListIdentityPools` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ListIdentityPools`. ------ #### [ CLI ] **AWS CLI** **Come elencare pool di identità** In questo esempio vengono elencati i pool di identità. Sono elencate un massimo di 20 identità. Comando: ``` aws cognito-identity list-identity-pools --max-results 20 ``` Output: ``` { "IdentityPools": [ { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "IdentityPoolName": "MyIdentityPool" }, { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "IdentityPoolName": "AnotherIdentityPool" }, { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "IdentityPoolName": "IdentityPoolRegionA" } ] } ``` + Per i dettagli sull'API, consulta [ListIdentityPools AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/list-identity-pools.html)*Command Reference.* ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentity.CognitoIdentityClient; import software.amazon.awssdk.services.cognitoidentity.model.ListIdentityPoolsRequest; import software.amazon.awssdk.services.cognitoidentity.model.ListIdentityPoolsResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ListIdentityPools { public static void main(String[] args) { CognitoIdentityClient cognitoClient = CognitoIdentityClient.builder() .region(Region.US_EAST_1) .build(); listIdPools(cognitoClient); cognitoClient.close(); } public static void listIdPools(CognitoIdentityClient cognitoClient) { try { ListIdentityPoolsRequest poolsRequest = ListIdentityPoolsRequest.builder() .maxResults(15) .build(); ListIdentityPoolsResponse response = cognitoClient.listIdentityPools(poolsRequest); response.identityPools().forEach(pool -> { System.out.println("Pool ID: " + pool.identityPoolId()); System.out.println("Pool name: " + pool.identityPoolName()); }); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, consulta la [ListIdentityPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-identity-2014-06-30/ListIdentityPools)sezione *AWS SDK for Java 2.x API Reference*. ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: recupera un elenco di pool di identità esistenti.** ``` Get-CGIIdentityPoolList ``` **Output:** ``` IdentityPoolId IdentityPoolName -------------- ---------------- us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 CommonTests1 us-east-1:118d242d-204e-4b88-b803-EXAMPLEGUID2 Tests2 us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 CommonTests13 ``` + Per i dettagli sull'API, vedere [ListIdentityPools](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: recupera un elenco di pool di identità esistenti.** ``` Get-CGIIdentityPoolList ``` **Output:** ``` IdentityPoolId IdentityPoolName -------------- ---------------- us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 CommonTests1 us-east-1:118d242d-204e-4b88-b803-EXAMPLEGUID2 Tests2 us-east-1:15d49393-ab16-431a-b26e-EXAMPLEGUID3 CommonTests13 ``` + Per i dettagli sull'API, vedere [ListIdentityPools](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity/FindOrCreateIdentityPool#code-examples). ``` import AWSCognitoIdentity /// Return the ID of the identity pool with the specified name. /// /// - Parameters: /// - name: The name of the identity pool whose ID should be returned. /// /// - Returns: A string containing the ID of the specified identity pool /// or `nil` on error or if not found. /// func getIdentityPoolID(name: String) async throws -> String? { let listPoolsInput = ListIdentityPoolsInput(maxResults: 25) // Use "Paginated" to get all the objects. // This lets the SDK handle the 'nextToken' field in "ListIdentityPoolsOutput". let pages = cognitoIdentityClient.listIdentityPoolsPaginated(input: listPoolsInput) do { for try await page in pages { guard let identityPools = page.identityPools else { print("ERROR: listIdentityPoolsPaginated returned nil contents.") continue } /// Read pages of identity pools from Cognito until one is found /// whose name matches the one specified in the `name` parameter. /// Return the matching pool's ID. for pool in identityPools { if pool.identityPoolName == name { return pool.identityPoolId! } } } } catch { print("ERROR: getIdentityPoolID:", dump(error)) throw error } return nil } ``` Ottieni l’ID di un pool di identità esistente o crealo se non esiste. ``` import AWSCognitoIdentity /// Return the ID of the identity pool with the specified name. /// /// - Parameters: /// - name: The name of the identity pool whose ID should be returned /// /// - Returns: A string containing the ID of the specified identity pool. /// Returns `nil` if there's an error or if the pool isn't found. /// public func getOrCreateIdentityPoolID(name: String) async throws -> String? { // See if the pool already exists. If it doesn't, create it. do { guard let poolId = try await getIdentityPoolID(name: name) else { return try await createIdentityPool(name: name) } return poolId } catch { print("ERROR: getOrCreateIdentityPoolID:", dump(error)) throw error } } ``` + Per ulteriori informazioni, consulta [AWS SDK for Swift developer guide](https://docs.aws.amazon.com/sdk-for-swift/latest/developer-guide/getting-started.html) (Guida per gli sviluppatori di AWS SDK per Swift). + Per i dettagli sull'API, consulta la [ListIdentityPools](https://sdk.amazonaws.com/swift/api/awscognitoidentity/latest/documentation/awscognitoidentity/cognitoidentityclient/listidentitypools(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzare `SetIdentityPoolRoles` con una CLI Gli esempi di codice seguenti mostrano come utilizzare `SetIdentityPoolRoles`. ------ #### [ CLI ] **AWS CLI** **Come ottenere i ruoli del pool di identità** L’esempio `set-identity-pool-roles` seguente imposta il ruolo di un pool di identità. ``` aws cognito-identity set-identity-pool-roles \ --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" \ --roles authenticated="arn:aws:iam::111111111111:role/Cognito_MyIdentityPoolAuth_Role" ``` + Per i dettagli sull'API, consulta [SetIdentityPoolRoles AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/set-identity-pool-roles.html)*Command Reference.* ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: configura un pool di identità specifico in modo che abbia un ruolo IAM non autenticato.** ``` Set-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -Role @{ "unauthenticated" = "arn:aws:iam::123456789012:role/CommonTests1Role" } ``` + Per i dettagli sull'API, vedere [SetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: configura un pool di identità specifico in modo che abbia un ruolo IAM non autenticato.** ``` Set-CGIIdentityPoolRole -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -Role @{ "unauthenticated" = "arn:aws:iam::123456789012:role/CommonTests1Role" } ``` + Per i dettagli sull'API, vedere [SetIdentityPoolRoles](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, vedere. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzare `UpdateIdentityPool` con una CLI Gli esempi di codice seguenti mostrano come utilizzare `UpdateIdentityPool`. ------ #### [ CLI ] **AWS CLI** **Come aggiornare un pool di identità** Questo esempio aggiorna un pool di identità. Imposta il nome su. MyIdentityPool Aggiunge Cognito come gestore dell’identità digitale. Non ammette identità non autenticate. Comando: ``` aws cognito-identity update-identity-pool --identity-pool-id "us-west-2:11111111-1111-1111-1111-111111111111" --identity-pool-name "MyIdentityPool" --no-allow-unauthenticated-identities --cognito-identity-providers ProviderName="cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111",ClientId="3n4b5urk1ft4fl3mg5e62d9ado",ServerSideTokenCheck=false ``` Output: ``` { "IdentityPoolId": "us-west-2:11111111-1111-1111-1111-111111111111", "IdentityPoolName": "MyIdentityPool", "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ProviderName": "cognito-idp.us-west-2.amazonaws.com/us-west-2_111111111", "ClientId": "3n4b5urk1ft4fl3mg5e62d9ado", "ServerSideTokenCheck": false } ] } ``` + Per i dettagli sull'API, vedere [UpdateIdentityPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-identity/update-identity-pool.html)in *AWS CLI Command Reference*. ------ #### [ PowerShell ] **Strumenti per PowerShell V4** **Esempio 1: aggiorna alcune proprietà del pool di identità (in questo caso il nome del pool di identità).** ``` Update-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -IdentityPoolName NewPoolName ``` **Output:** ``` LoggedAt : 8/12/2015 4:53:33 PM AllowUnauthenticatedIdentities : False DeveloperProviderName : IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 IdentityPoolName : NewPoolName OpenIdConnectProviderARNs : {} SupportedLoginProviders : {} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 135 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [UpdateIdentityPool](https://docs.aws.amazon.com/powershell/v4/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V4). **Strumenti per V5 PowerShell ** **Esempio 1: aggiorna alcune proprietà del pool di identità (in questo caso il nome del pool di identità).** ``` Update-CGIIdentityPool -IdentityPoolId us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 -IdentityPoolName NewPoolName ``` **Output:** ``` LoggedAt : 8/12/2015 4:53:33 PM AllowUnauthenticatedIdentities : False DeveloperProviderName : IdentityPoolId : us-east-1:0de2af35-2988-4d0b-b22d-EXAMPLEGUID1 IdentityPoolName : NewPoolName OpenIdConnectProviderARNs : {} SupportedLoginProviders : {} ResponseMetadata : Amazon.Runtime.ResponseMetadata ContentLength : 135 HttpStatusCode : OK ``` + Per i dettagli sull'API, vedere [UpdateIdentityPool](https://docs.aws.amazon.com/powershell/v5/reference)in *AWS Strumenti per PowerShell Cmdlet Reference (*V5). ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, vedere. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Scenari per l'utilizzo di Amazon Cognito Identity AWS SDKs I seguenti esempi di codice mostrano come implementare scenari comuni in Amazon Cognito Identity con. AWS SDKs Questi scenari illustrano come eseguire attività specifiche chiamando più funzioni all’interno dell’API di identità per Amazon Cognito o in combinazione con altri Servizi AWS. Ogni scenario include un collegamento al codice sorgente completo, dove è possibile trovare le istruzioni su come configurare ed eseguire il codice. Gli scenari sono relativi a un livello intermedio di esperienza per aiutarti a comprendere le azioni di servizio nel contesto. **Topics** + [Creazione di un'applicazione Amazon Textract explorer](cognito-identity_example_cross_TextractExplorer_section.md) # Creazione di un’applicazione Amazon Textract explorer Gli esempi di codice seguenti mostrano come esplorare l’output di Amazon Textract tramite un’applicazione interattiva. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** Mostra come utilizzare per AWS SDK per JavaScript creare un'applicazione React che utilizza Amazon Textract per estrarre dati dall'immagine di un documento e visualizzarli in una pagina Web interattiva. Questo esempio viene eseguito in un browser Web e richiede, come credenziali, un’identità autenticata Amazon Cognito. Utilizza Amazon Simple Storage Service (Amazon S3) per l’archiviazione e per le notifiche esegue il polling di una coda Amazon Simple Queue Service (Amazon SQS) sottoscritta a un argomento Amazon Simple Notification Service (Amazon SNS). Per il codice sorgente completo e le istruzioni su come configurarlo ed eseguirlo, consulta l'esempio completo su [GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/textract-react). **Servizi utilizzati in questo esempio** + Amazon Cognito Identity + Simple Storage Service (Amazon S3) + Amazon SNS + Amazon SQS + Amazon Textract ------ #### [ Python ] **SDK per Python (Boto3)** Mostra come utilizzarlo AWS SDK per Python (Boto3) con Amazon Textract per rilevare elementi di testo, moduli e tabelle nell'immagine di un documento. L’immagine di input e l’output di Amazon Textract sono mostrati in un’applicazione Tkinter che consente di esplorare gli elementi rilevati. + Invia un’immagine del documento ad Amazon Textract ed esplora l’output degli elementi rilevati. + Invia immagini direttamente ad Amazon Textract o tramite un bucket Amazon Simple Storage Service (Amazon S3). + Utilizza asynchronous APIs per avviare un processo che pubblica una notifica su un argomento di Amazon Simple Notification Service (Amazon SNS) al termine del processo. + Esegue il polling di una coda Amazon Simple Queue Service (Amazon SQS) per un messaggio di completamento del processo e visualizza i risultati. Per il codice sorgente completo e le istruzioni su come configurarlo ed eseguirlo, consulta l'esempio completo su. [GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/cross_service/textract_explorer) **Servizi utilizzati in questo esempio** + Amazon Cognito Identity + Simple Storage Service (Amazon S3) + Amazon SNS + Amazon SQS + Amazon Textract ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Esempi di codice per l'utilizzo di Amazon Cognito Identity Provider AWS SDKs I seguenti esempi di codice mostrano come utilizzare Amazon Cognito Identity Provider con un kit di sviluppo AWS software (SDK). Le *azioni* sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le azioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati. *Scenari*: esempi di codice che mostrano come eseguire un’attività specifica chiamando più funzioni all’interno dello stesso servizio o combinate con altri Servizi AWS. Per un elenco completo di guide ed esempi di codice per sviluppatori AWS SDK, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. **Contents** + [Nozioni di base](service_code_examples_cognito-identity-provider_basics.md) + [Ciao Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md) + [Azioni](service_code_examples_cognito-identity-provider_actions.md) + [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md) + [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md) + [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md) + [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md) + [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md) + [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md) + [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md) + [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md) + [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md) + [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md) + [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md) + [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md) + [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md) + [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md) + [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md) + [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md) + [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md) + [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md) + [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md) + [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md) + [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md) + [Scenari](service_code_examples_cognito-identity-provider_scenarios.md) + [Confermare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md) + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) + [Usa i pool di identità di Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md) + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) # Esempi di base per l'utilizzo di Amazon Cognito Identity Provider AWS SDKs I seguenti esempi di codice mostrano come utilizzare le nozioni di base di Amazon Cognito Identity Provider con. AWS SDKs **Contents** + [Ciao Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md) + [Azioni](service_code_examples_cognito-identity-provider_actions.md) + [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md) + [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md) + [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md) + [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md) + [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md) + [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md) + [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md) + [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md) + [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md) + [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md) + [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md) + [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md) + [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md) + [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md) + [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md) + [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md) + [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md) + [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md) + [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md) + [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md) + [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md) # Ciao Amazon Cognito Gli esempi di codice seguenti mostrano come iniziare a utilizzare Amazon Cognito. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito/hello_cognito#code-examples). Codice per il CMake file CMake Lists.txt. ``` # Set the minimum required version of CMake for this project. cmake_minimum_required(VERSION 3.13) # Set the AWS service components used by this project. set(SERVICE_COMPONENTS cognito-idp) # Set this project's name. project("hello_cognito") # Set the C++ standard to use to build this target. # At least C++ 11 is required for the AWS SDK for C++. set(CMAKE_CXX_STANDARD 11) # Use the MSVC variable to determine if this is a Windows build. set(WINDOWS_BUILD ${MSVC}) if (WINDOWS_BUILD) # Set the location where CMake can find the installed libraries for the AWS SDK. string(REPLACE ";" "/aws-cpp-sdk-all;" SYSTEM_MODULE_PATH "${CMAKE_SYSTEM_PREFIX_PATH}/aws-cpp-sdk-all") list(APPEND CMAKE_PREFIX_PATH ${SYSTEM_MODULE_PATH}) endif () # Find the AWS SDK for C++ package. find_package(AWSSDK REQUIRED COMPONENTS ${SERVICE_COMPONENTS}) if (WINDOWS_BUILD AND AWSSDK_INSTALL_AS_SHARED_LIBS) # Copy relevant AWS SDK for C++ libraries into the current binary directory for running and debugging. # set(BIN_SUB_DIR "/Debug") # If you are building from the command line, you may need to uncomment this # and set the proper subdirectory to the executables' location. AWSSDK_CPY_DYN_LIBS(SERVICE_COMPONENTS "" ${CMAKE_CURRENT_BINARY_DIR}${BIN_SUB_DIR}) endif () add_executable(${PROJECT_NAME} hello_cognito.cpp) target_link_libraries(${PROJECT_NAME} ${AWSSDK_LINK_LIBRARIES}) ``` Codice per il file origine hello\$1cognito.cpp. ``` #include #include #include #include /* * A "Hello Cognito" starter application which initializes an Amazon Cognito client and lists the Amazon Cognito * user pools. * * main function * * Usage: 'hello_cognito' * */ int main(int argc, char **argv) { Aws::SDKOptions options; // Optionally change the log level for debugging. // options.loggingOptions.logLevel = Utils::Logging::LogLevel::Debug; Aws::InitAPI(options); // Should only be called once. int result = 0; { Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient cognitoClient(clientConfig); Aws::String nextToken; // Used for pagination. std::vector userPools; do { Aws::CognitoIdentityProvider::Model::ListUserPoolsRequest listUserPoolsRequest; if (!nextToken.empty()) { listUserPoolsRequest.SetNextToken(nextToken); } Aws::CognitoIdentityProvider::Model::ListUserPoolsOutcome listUserPoolsOutcome = cognitoClient.ListUserPools(listUserPoolsRequest); if (listUserPoolsOutcome.IsSuccess()) { for (auto &userPool: listUserPoolsOutcome.GetResult().GetUserPools()) { userPools.push_back(userPool.GetName()); } nextToken = listUserPoolsOutcome.GetResult().GetNextToken(); } else { std::cerr << "ListUserPools error: " << listUserPoolsOutcome.GetError().GetMessage() << std::endl; result = 1; break; } } while (!nextToken.empty()); std::cout << userPools.size() << " user pools found." << std::endl; for (auto &userPool: userPools) { std::cout << " user pool: " << userPool << std::endl; } } Aws::ShutdownAPI(options); // Should only be called once. return result; } ``` + Per i dettagli sull'API, [ListUserPools](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPools)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` package main import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) // main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service // (Amazon SNS) client and list the topics in your account. // This example uses the default settings specified in your shared credentials // and config files. func main() { ctx := context.Background() sdkConfig, err := config.LoadDefaultConfig(ctx) if err != nil { fmt.Println("Couldn't load default configuration. Have you set up your AWS account?") fmt.Println(err) return } cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig) fmt.Println("Let's list the user pools for your account.") var pools []types.UserPoolDescriptionType paginator := cognitoidentityprovider.NewListUserPoolsPaginator( cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)}) for paginator.HasMorePages() { output, err := paginator.NextPage(ctx) if err != nil { log.Printf("Couldn't get user pools. Here's why: %v\n", err) } else { pools = append(pools, output.UserPools...) } } if len(pools) == 0 { fmt.Println("You don't have any user pools!") } else { for _, pool := range pools { fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id) } } } ``` + Per i dettagli sull'API, consulta la [ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)sezione *AWS SDK per Go API Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ListUserPools { public static void main(String[] args) { CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder() .region(Region.US_EAST_1) .build(); listAllUserPools(cognitoClient); cognitoClient.close(); } public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) { try { ListUserPoolsRequest request = ListUserPoolsRequest.builder() .maxResults(10) .build(); ListUserPoolsResponse response = cognitoClient.listUserPools(request); response.userPools().forEach(userpool -> { System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id()); }); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, consulta la [ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)sezione *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` import { paginateListUserPools, CognitoIdentityProviderClient, } from "@aws-sdk/client-cognito-identity-provider"; const client = new CognitoIdentityProviderClient({}); export const helloCognito = async () => { const paginator = paginateListUserPools({ client }, {}); const userPoolNames = []; for await (const page of paginator) { const names = page.UserPools.map((pool) => pool.Name); userPoolNames.push(...names); } console.log("User pool names: "); console.log(userPoolNames.join("\n")); return userPoolNames; }; ``` + Per i dettagli sull'API, consulta la [ListUserPools](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUserPoolsCommand)sezione *AWS SDK per JavaScript API Reference*. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` import boto3 # Create a Cognito Identity Provider client cognitoidp = boto3.client("cognito-idp") # Initialize a paginator for the list_user_pools operation paginator = cognitoidp.get_paginator("list_user_pools") # Create a PageIterator from the paginator page_iterator = paginator.paginate(MaxResults=10) # Initialize variables for pagination user_pools = [] # Handle pagination for page in page_iterator: user_pools.extend(page.get("UserPools", [])) # Print the list of user pools print("User Pools for the account:") if user_pools: for pool in user_pools: print(f"Name: {pool['Name']}, ID: {pool['Id']}") else: print("No user pools found.") ``` + Per i dettagli sull'API, consulta [ListUserPools AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserPools)*SDK for Python (Boto3) API Reference*. ------ #### [ Ruby ] **SDK per Ruby** C'è di più su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/cognito#code-examples). ``` require 'aws-sdk-cognitoidentityprovider' require 'logger' # CognitoManager is a class responsible for managing AWS Cognito operations # such as listing all user pools in the current AWS account. class CognitoManager def initialize(client) @client = client @logger = Logger.new($stdout) end # Lists and prints all user pools associated with the AWS account. def list_user_pools paginator = @client.list_user_pools(max_results: 10) user_pools = [] paginator.each_page do |page| user_pools.concat(page.user_pools) end if user_pools.empty? @logger.info('No Cognito user pools found.') else user_pools.each do |user_pool| @logger.info("User pool ID: #{user_pool.id}") @logger.info("User pool name: #{user_pool.name}") @logger.info("User pool status: #{user_pool.status}") @logger.info('---') end end end end if $PROGRAM_NAME == __FILE__ cognito_client = Aws::CognitoIdentityProvider::Client.new manager = CognitoManager.new(cognito_client) manager.list_user_pools end ``` + Per i dettagli sull'API, consulta la [ListUserPools](https://docs.aws.amazon.com/goto/SdkForRubyV3/cognito-idp-2016-04-18/ListUserPools)sezione *AWS SDK per Ruby API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Azioni per l'utilizzo di Amazon Cognito Identity Provider AWS SDKs I seguenti esempi di codice mostrano come eseguire singole azioni di Amazon Cognito Identity Provider con. AWS SDKs Ogni esempio include un collegamento a GitHub, dove puoi trovare le istruzioni per la configurazione e l'esecuzione del codice. Questi estratti chiamano l’API Amazon Cognito Identity Provider e sono estratti di codice da programmi più grandi che devono essere eseguiti in modo contestuale. È possibile visualizzare le azioni nel contesto in [Scenari per l'utilizzo di Amazon Cognito Identity Provider AWS SDKs](service_code_examples_cognito-identity-provider_scenarios.md). Gli esempi seguenti includono solo le azioni più comunemente utilizzate. Per l’elenco completo, consulta la [documentazione di riferimento dell’API del provider di identità di Amazon Cognito](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/Welcome.html). **Topics** + [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md) + [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md) + [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md) + [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md) + [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md) + [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md) + [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md) + [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md) + [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md) + [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md) + [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md) + [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md) + [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md) + [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md) + [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md) + [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md) + [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md) + [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md) + [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md) + [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md) + [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md) # Utilizzo `AdminCreateUser` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `AdminCreateUser`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) ------ #### [ CLI ] **AWS CLI** **Come creare un utente** L’esempio `admin-create-user` seguente crea un utente con le impostazioni specificate per l’indirizzo e-mail e il numero di telefono. ``` aws cognito-idp admin-create-user \ --user-pool-id us-west-2_aaaaaaaaa \ --username diego \ --user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \ --message-action SUPPRESS ``` Output: ``` { "User": { "Username": "diego", "Attributes": [ { "Name": "sub", "Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2" }, { "Name": "phone_number", "Value": "+15555551212" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548099495.428, "UserLastModifiedDate": 1548099495.428, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } } ``` + Per i dettagli sull'API, consulta [AdminCreateUser AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-create-user.html)*Command Reference.* ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user // in a state that requires they enter a new password next time they sign in. func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error { _, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{ UserPoolId: aws.String(userPoolId), Username: aws.String(userName), MessageAction: types.MessageActionTypeSuppress, UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}}, }) if err != nil { var userExists *types.UsernameExistsException if errors.As(err, &userExists) { log.Printf("User %v already exists in the user pool.", userName) err = nil } else { log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err) } } return err } ``` + Per i dettagli sull'API, consulta la [AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)sezione *AWS SDK per Go API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `AdminGetUser` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `AdminGetUser`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Get the specified user from an Amazon Cognito user pool with administrator access. ///

/// The name of the user. /// The Id of the Amazon Cognito user pool. /// Async task. public async Task GetAdminUserAsync(string userName, string poolId) { AdminGetUserRequest userRequest = new AdminGetUserRequest { Username = userName, UserPoolId = poolId, }; var response = await _cognitoService.AdminGetUserAsync(userRequest); Console.WriteLine($"User status {response.UserStatus}"); return response.UserStatus; } ``` + Per i dettagli sull'API, consulta la [AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser)sezione *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request; request.SetUsername(userName); request.SetUserPoolId(userPoolID); Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome = client.AdminGetUser(request); if (outcome.IsSuccess()) { std::cout << "The status for " << userName << " is " << Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType( outcome.GetResult().GetUserStatus()) << std::endl; std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. " << outcome.GetError().GetMessage() << std::endl; } ``` + Per i dettagli sull'API, consulta la [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)sezione *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come ottenere un utente** Questo esempio mostra come ottenere informazioni sul nome utente jane@example.com. Comando: ``` aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com ``` Output: ``` { "Username": "4320de44-2322-4620-999b-5e2e1c8df013", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548108509.537, "UserAttributes": [ { "Name": "sub", "Value": "4320de44-2322-4620-999b-5e2e1c8df013" }, { "Name": "email_verified", "Value": "true" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+01115551212" }, { "Name": "email", "Value": "jane@example.com" } ], "UserLastModifiedDate": 1548108509.537 } ``` + Per i dettagli sull'API, consulta [AdminGetUser AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-user.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName, String poolId) { try { AdminGetUserRequest userRequest = AdminGetUserRequest.builder() .username(userName) .userPoolId(poolId) .build(); AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest); System.out.println("User status " + response.userStatusAsString()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } ``` + Per i dettagli sull'API, consulta la [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)sezione *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples). ``` const adminGetUser = ({ userPoolId, username }) => { const client = new CognitoIdentityProviderClient({}); const command = new AdminGetUserCommand({ UserPoolId: userPoolId, Username: username, }); return client.send(command); }; ``` + Per i dettagli sull'API, consulta la [AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)sezione *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun getAdminUser( userNameVal: String?, poolIdVal: String?, ) { val userRequest = AdminGetUserRequest { username = userNameVal userPoolId = poolIdVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.adminGetUser(userRequest) println("User status ${response.userStatus}") } } ``` + Per i dettagli sull'API, [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def sign_up_user(self, user_name, password, user_email): """ Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito to send an email to the specified email address. The email contains a code that can be used to confirm the user. When the user already exists, the user status is checked to determine whether the user has been confirmed. :param user_name: The user name that identifies the new user. :param password: The password for the new user. :param user_email: The email address for the new user. :return: True when the user is already confirmed with Amazon Cognito. Otherwise, false. """ try: kwargs = { "ClientId": self.client_id, "Username": user_name, "Password": password, "UserAttributes": [{"Name": "email", "Value": user_email}], } if self.client_secret is not None: kwargs["SecretHash"] = self._secret_hash(user_name) response = self.cognito_idp_client.sign_up(**kwargs) confirmed = response["UserConfirmed"] except ClientError as err: if err.response["Error"]["Code"] == "UsernameExistsException": response = self.cognito_idp_client.admin_get_user( UserPoolId=self.user_pool_id, Username=user_name ) logger.warning( "User %s exists and is %s.", user_name, response["UserStatus"] ) confirmed = response["UserStatus"] == "CONFIRMED" else: logger.error( "Couldn't sign up %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise return confirmed ``` + Per i dettagli sull'API, consulta [AdminGetUser AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)*SDK for Python (Boto3) API Reference*. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Get information about a specific user in a user pool. /// /// - Parameters: /// - cipClient: The Amazon Cognito Identity Provider client to use. /// - userName: The user to retrieve information about. /// - userPoolId: The user pool to search for the specified user. /// /// - Returns: `true` if the user's information was successfully /// retrieved. Otherwise returns `false`. func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String, userPoolId: String) async -> Bool { do { let output = try await cipClient.adminGetUser( input: AdminGetUserInput( userPoolId: userPoolId, username: userName ) ) guard let userStatus = output.userStatus else { print("*** Unable to get the user's status.") return false } print("User status: \(userStatus)") return true } catch { return false } } ``` + Per i dettagli sull'API, consulta la [AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `AdminInitiateAuth` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `AdminInitiateAuth`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Initiate an admin auth request. ///

/// The client ID to use. /// The ID of the user pool. /// The username to authenticate. /// The user's password. /// The session to use in challenge-response. public async Task AdminInitiateAuthAsync(string clientId, string userPoolId, string userName, string password) { var authParameters = new Dictionary(); authParameters.Add("USERNAME", userName); authParameters.Add("PASSWORD", password); var request = new AdminInitiateAuthRequest { ClientId = clientId, UserPoolId = userPoolId, AuthParameters = authParameters, AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH, }; var response = await _cognitoService.AdminInitiateAuthAsync(request); return response.Session; } ``` + Per i dettagli sull'API, consulta la [AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth)sezione *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request; request.SetClientId(clientID); request.SetUserPoolId(userPoolID); request.AddAuthParameters("USERNAME", userName); request.AddAuthParameters("PASSWORD", password); request.SetAuthFlow( Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH); Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome = client.AdminInitiateAuth(request); if (outcome.IsSuccess()) { std::cout << "Call to AdminInitiateAuth was successful." << std::endl; sessionResult = outcome.GetResult().GetSession(); } else { std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. " << outcome.GetError().GetMessage() << std::endl; } ``` + Per i dettagli sull'API, consulta la [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)sezione *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come accedere come utente admin** L’esempio `admin-initiate-auth` seguente accede all’utente diego@example.com. Questo esempio include anche metadati per la protezione dalle minacce e ClientMetadata per i trigger Lambda. L’utente è configurato per l’autenticazione a più fattori (MFA) basata su password monouso e riceve una richiesta di verifica che richiede l’immissione di un codice nell’app di autenticazione in uso prima di poter completare l’autenticazione. ``` aws cognito-idp admin-initiate-auth \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --auth-flow ADMIN_USER_PASSWORD_AUTH \ --auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \ --context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \ --client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}" ``` Output: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeExample...", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp", "USER_ID_FOR_SRP": "diego@example.com" } } ``` Per ulteriori informazioni, consulta [Flusso di autenticazione amministratore](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow) nella *Guida per gli sviluppatori di Amazon Cognito*. + *Per i dettagli sull'API, consulta Command [AdminInitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-initiate-auth.html)Reference AWS CLI .* ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName, String password, String userPoolId) { try { Map authParameters = new HashMap<>(); authParameters.put("USERNAME", userName); authParameters.put("PASSWORD", password); AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder() .clientId(clientId) .userPoolId(userPoolId) .authParameters(authParameters) .authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH) .build(); AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest); System.out.println("Result Challenge is : " + response.challengeName()); return response; } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return null; } ``` + Per i dettagli sull'API, consulta la [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)sezione *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples). ``` const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => { const client = new CognitoIdentityProviderClient({}); const command = new AdminInitiateAuthCommand({ ClientId: clientId, UserPoolId: userPoolId, AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH, AuthParameters: { USERNAME: username, PASSWORD: password }, }); return client.send(command); }; ``` + Per i dettagli sull'API, consulta la [AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)sezione *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun checkAuthMethod( clientIdVal: String, userNameVal: String, passwordVal: String, userPoolIdVal: String, ): AdminInitiateAuthResponse { val authParas = mutableMapOf() authParas["USERNAME"] = userNameVal authParas["PASSWORD"] = passwordVal val authRequest = AdminInitiateAuthRequest { clientId = clientIdVal userPoolId = userPoolIdVal authParameters = authParas authFlow = AuthFlowType.AdminUserPasswordAuth } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.adminInitiateAuth(authRequest) println("Result Challenge is ${response.challengeName}") return response } } ``` + Per i dettagli sull'API, [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def start_sign_in(self, user_name, password): """ Starts the sign-in process for a user by using administrator credentials. This method of signing in is appropriate for code running on a secure server. If the user pool is configured to require MFA and this is the first sign-in for the user, Amazon Cognito returns a challenge response to set up an MFA application. When this occurs, this function gets an MFA secret from Amazon Cognito and returns it to the caller. :param user_name: The name of the user to sign in. :param password: The user's password. :return: The result of the sign-in attempt. When sign-in is successful, this returns an access token that can be used to get AWS credentials. Otherwise, Amazon Cognito returns a challenge to set up an MFA application, or a challenge to enter an MFA code from a registered MFA application. """ try: kwargs = { "UserPoolId": self.user_pool_id, "ClientId": self.client_id, "AuthFlow": "ADMIN_USER_PASSWORD_AUTH", "AuthParameters": {"USERNAME": user_name, "PASSWORD": password}, } if self.client_secret is not None: kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name) response = self.cognito_idp_client.admin_initiate_auth(**kwargs) challenge_name = response.get("ChallengeName", None) if challenge_name == "MFA_SETUP": if ( "SOFTWARE_TOKEN_MFA" in response["ChallengeParameters"]["MFAS_CAN_SETUP"] ): response.update(self.get_mfa_secret(response["Session"])) else: raise RuntimeError( "The user pool requires MFA setup, but the user pool is not " "configured for TOTP MFA. This example requires TOTP MFA." ) except ClientError as err: logger.error( "Couldn't start sign in for %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: response.pop("ResponseMetadata", None) return response ``` + Per i dettagli sull'API, consulta [AdminInitiateAuth AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)*SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK per SAP ABAP** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. " Set up authentication parameters DATA(lt_auth_params) = VALUE /aws1/cl_cgpauthparamstype_w=>tt_authparameterstype( ( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow( key = 'USERNAME' value = NEW /aws1/cl_cgpauthparamstype_w( iv_user_name ) ) ) ( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow( key = 'PASSWORD' value = NEW /aws1/cl_cgpauthparamstype_w( iv_password ) ) ) ). " Add SECRET_HASH if provided IF iv_secret_hash IS NOT INITIAL. INSERT VALUE #( key = 'SECRET_HASH' value = NEW /aws1/cl_cgpauthparamstype_w( iv_secret_hash ) ) INTO TABLE lt_auth_params. ENDIF. oo_result = lo_cgp->admininitiateauth( iv_userpoolid = iv_user_pool_id iv_clientid = iv_client_id iv_authflow = 'ADMIN_USER_PASSWORD_AUTH' it_authparameters = lt_auth_params ). DATA(lv_challenge) = oo_result->get_challengename( ). IF lv_challenge IS INITIAL. MESSAGE 'User successfully signed in.' TYPE 'I'. ELSE. MESSAGE |Authentication challenge required: { lv_challenge }.| TYPE 'I'. ENDIF. CATCH /aws1/cx_cgpusernotfoundex INTO DATA(lo_user_ex). MESSAGE |User { iv_user_name } not found.| TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized. Check credentials.' TYPE 'E'. ENDTRY. ``` + Per i dettagli sulle API, [AdminInitiateAuth](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)consulta *AWS SDK for SAP ABAP* API reference. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Begin an authentication session. /// /// - Parameters: /// - cipClient: The `CongitoIdentityProviderClient` to use. /// - clientId: The app client ID to use. /// - userName: The username to check. /// - password: The user's password. /// - userPoolId: The user pool to use. /// /// - Returns: The session token associated with this authentication /// session. func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, userPoolId: String) async -> String? { var authParams: [String: String] = [:] authParams["USERNAME"] = userName authParams["PASSWORD"] = password do { let output = try await cipClient.adminInitiateAuth( input: AdminInitiateAuthInput( authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth, authParameters: authParams, clientId: clientId, userPoolId: userPoolId ) ) guard let challengeName = output.challengeName else { print("*** Invalid response from the auth service.") return nil } print("=====> Response challenge is \(challengeName)") return output.session } catch _ as UserNotFoundException { print("*** The specified username, \(userName), doesn't exist.") return nil } catch _ as UserNotConfirmedException { print("*** The user \(userName) has not been confirmed.") return nil } catch { print("*** An unexpected error occurred.") return nil } } ``` + Per i dettagli sull'API, consulta la [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `AdminRespondToAuthChallenge` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `AdminRespondToAuthChallenge`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Respond to an admin authentication challenge. ///

/// The name of the user. /// The client ID. /// The multi-factor authentication code. /// The current application session. /// The user pool ID. /// The result of the authentication response. public async Task AdminRespondToAuthChallengeAsync( string userName, string clientId, string mfaCode, string session, string userPoolId) { Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated"); var challengeResponses = new Dictionary(); challengeResponses.Add("USERNAME", userName); challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode); var respondToAuthChallengeRequest = new AdminRespondToAuthChallengeRequest { ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA, ClientId = clientId, ChallengeResponses = challengeResponses, Session = session, UserPoolId = userPoolId, }; var response = await _cognitoService.AdminRespondToAuthChallengeAsync(respondToAuthChallengeRequest); Console.WriteLine($"Response to Authentication {response.AuthenticationResult.TokenType}"); return response.AuthenticationResult; } ``` + Per i dettagli sull'API, [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)consulta *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request; request.AddChallengeResponses("USERNAME", userName); request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode); request.SetChallengeName( Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA); request.SetClientId(clientID); request.SetUserPoolId(userPoolID); request.SetSession(session); Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome = client.AdminRespondToAuthChallenge(request); if (outcome.IsSuccess()) { std::cout << "Here is the response to the challenge.\n" << outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable() << std::endl; accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken(); } else { std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. " << outcome.GetError().GetMessage() << std::endl; return false; } ``` + Per i dettagli sull'API, [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come rispondere a una richiesta di autenticazione** Esistono molti modi per rispondere alle diverse richieste di autenticazione, a seconda del flusso di autenticazione, della configurazione del pool di utenti e delle impostazioni utente. L’esempio `admin-respond-to-auth-challenge` seguente fornisce un codice MFA TOTP per diego@example.com e completa l’accesso. In questo pool di utenti è attivata la memorizzazione dei dispositivi, quindi il risultato dell’autenticazione restituisce anche una nuova chiave del dispositivo. ``` aws cognito-idp admin-respond-to-auth-challenge \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \ --session AYABeExample... ``` Output: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-ExAmPlE1" } } } ``` Per ulteriori informazioni, consulta [Flusso di autenticazione amministratore](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [AdminRespondToAuthChallenge AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` // Respond to an authentication challenge. public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient, String userName, String clientId, String mfaCode, String session) { System.out.println("SOFTWARE_TOKEN_MFA challenge is generated"); Map challengeResponses = new HashMap<>(); challengeResponses.put("USERNAME", userName); challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode); AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder() .challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA) .clientId(clientId) .challengeResponses(challengeResponses) .session(session) .build(); AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient .adminRespondToAuthChallenge(respondToAuthChallengeRequest); System.out.println("respondToAuthChallengeResult.getAuthenticationResult()" + respondToAuthChallengeResult.authenticationResult()); } ``` + Per i dettagli sull'API, [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const adminRespondToAuthChallenge = ({ userPoolId, clientId, username, totp, session, }) => { const client = new CognitoIdentityProviderClient({}); const command = new AdminRespondToAuthChallengeCommand({ ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA, ChallengeResponses: { SOFTWARE_TOKEN_MFA_CODE: totp, USERNAME: username, }, ClientId: clientId, UserPoolId: userPoolId, Session: session, }); return client.send(command); }; ``` + Per i dettagli sull'API, [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` // Respond to an authentication challenge. suspend fun adminRespondToAuthChallenge( userName: String, clientIdVal: String?, mfaCode: String, sessionVal: String?, ) { println("SOFTWARE_TOKEN_MFA challenge is generated") val challengeResponsesOb = mutableMapOf() challengeResponsesOb["USERNAME"] = userName challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode val adminRespondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest { challengeName = ChallengeNameType.SoftwareTokenMfa clientId = clientIdVal challengeResponses = challengeResponsesOb session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest) println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}") } } ``` + Per i dettagli sull'API, [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). Rispondi a una richiesta di autenticazione MFA fornendo un codice generato da un’applicazione MFA associata. ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def respond_to_mfa_challenge(self, user_name, session, mfa_code): """ Responds to a challenge for an MFA code. This completes the second step of a two-factor sign-in. When sign-in is successful, it returns an access token that can be used to get AWS credentials from Amazon Cognito. :param user_name: The name of the user who is signing in. :param session: Session information returned from a previous call to initiate authentication. :param mfa_code: A code generated by the associated MFA application. :return: The result of the authentication. When successful, this contains an access token for the user. """ try: kwargs = { "UserPoolId": self.user_pool_id, "ClientId": self.client_id, "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": session, "ChallengeResponses": { "USERNAME": user_name, "SOFTWARE_TOKEN_MFA_CODE": mfa_code, }, } if self.client_secret is not None: kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash( user_name ) response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs) auth_result = response["AuthenticationResult"] except ClientError as err: if err.response["Error"]["Code"] == "ExpiredCodeException": logger.warning( "Your MFA code has expired or has been used already. You might have " "to wait a few seconds until your app shows you a new code." ) else: logger.error( "Couldn't respond to mfa challenge for %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return auth_result ``` + Per i dettagli sull'API, consulta [AdminRespondToAuthChallenge AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)*SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK per SAP ABAP** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. " Build challenge responses DATA(lt_challenge_responses) = VALUE /aws1/cl_cgpchallengerspstyp00=>tt_challengeresponsestype( ( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow( key = 'USERNAME' value = NEW /aws1/cl_cgpchallengerspstyp00( iv_user_name ) ) ) ( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow( key = 'SOFTWARE_TOKEN_MFA_CODE' value = NEW /aws1/cl_cgpchallengerspstyp00( iv_mfa_code ) ) ) ). " Add SECRET_HASH if provided IF iv_secret_hash IS NOT INITIAL. INSERT VALUE #( key = 'SECRET_HASH' value = NEW /aws1/cl_cgpchallengerspstyp00( iv_secret_hash ) ) INTO TABLE lt_challenge_responses. ENDIF. DATA(lo_result) = lo_cgp->adminrespondtoauthchallenge( iv_userpoolid = iv_user_pool_id iv_clientid = iv_client_id iv_challengename = 'SOFTWARE_TOKEN_MFA' it_challengeresponses = lt_challenge_responses iv_session = iv_session ). oo_auth_result = lo_result->get_authenticationresult( ). IF oo_auth_result IS BOUND. MESSAGE 'MFA challenge completed successfully.' TYPE 'I'. ELSE. " Another challenge might be required DATA(lv_next_challenge) = lo_result->get_challengename( ). MESSAGE |Additional challenge required: { lv_next_challenge }.| TYPE 'I'. ENDIF. CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex). MESSAGE 'Invalid MFA code provided.' TYPE 'E'. CATCH /aws1/cx_cgpexpiredcodeex INTO DATA(lo_expired_ex). MESSAGE 'MFA code has expired.' TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized. Check MFA configuration.' TYPE 'E'. ENDTRY. ``` + Per i dettagli sulle API, [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)consulta *AWS SDK for SAP ABAP* API reference. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Respond to the authentication challenge received from Cognito after /// initiating an authentication session. This involves sending a current /// MFA code to the service. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - userName: The user's username. /// - clientId: The app client ID. /// - userPoolId: The user pool to sign into. /// - mfaCode: The 6-digit MFA code currently displayed by the user's /// authenticator. /// - session: The authentication session to continue processing. func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String, clientId: String, userPoolId: String, mfaCode: String, session: String) async { print("=====> SOFTWARE_TOKEN_MFA challenge is generated...") var challengeResponsesOb: [String: String] = [:] challengeResponsesOb["USERNAME"] = userName challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode do { let output = try await cipClient.adminRespondToAuthChallenge( input: AdminRespondToAuthChallengeInput( challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa, challengeResponses: challengeResponsesOb, clientId: clientId, session: session, userPoolId: userPoolId ) ) guard let authenticationResult = output.authenticationResult else { print("*** Unable to get authentication result.") return } print("=====> Authentication result (JWTs are redacted):") print(authenticationResult) } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return } catch _ as CodeMismatchException { print("*** The specified MFA code doesn't match the expected value.") return } catch _ as UserNotFoundException { print("*** The specified username, \(userName), doesn't exist.") return } catch _ as UserNotConfirmedException { print("*** The user \(userName) has not been confirmed.") return } catch let error as NotAuthorizedException { print("*** Unauthorized access. Reason: \(error.properties.message ?? "")") } catch { print("*** Error responding to the MFA challenge.") return } } ``` + Per i dettagli sull'API, consulta la [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `AdminSetUserPassword` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `AdminSetUserPassword`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) ------ #### [ CLI ] **AWS CLI** **Come impostare una password utente come amministratore** L’esempio `admin-set-user-password` seguente imposta in modo permanente la password per diego@example.com. ``` aws cognito-idp admin-set-user-password \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com \ --password MyExamplePassword1! \ --permanent ``` Questo comando non produce alcun output. Per ulteriori informazioni, consulta [Password, recupero delle password e policy delle password](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [AdminSetUserPassword AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-password.html)*Command Reference.* ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a // temporary password. func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error { _, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{ Password: aws.String(password), UserPoolId: aws.String(userPoolId), Username: aws.String(userName), Permanent: true, }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err) } } return err } ``` + Per i dettagli sull'API, [AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)consulta *AWS SDK per Go API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `AssociateSoftwareToken` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `AssociateSoftwareToken`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Get an MFA token to authenticate the user with the authenticator. ///

/// The session name. /// The session name. public async Task AssociateSoftwareTokenAsync(string session) { var softwareTokenRequest = new AssociateSoftwareTokenRequest { Session = session, }; var tokenResponse = await _cognitoService.AssociateSoftwareTokenAsync(softwareTokenRequest); var secretCode = tokenResponse.SecretCode; Console.WriteLine($"Use the following secret code to set up the authenticator: {secretCode}"); return tokenResponse.Session; } ``` + Per i dettagli sull'API, [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken)consulta *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request; request.SetSession(session); Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome = client.AssociateSoftwareToken(request); if (outcome.IsSuccess()) { std::cout << "Enter this setup key into an authenticator app, for example Google Authenticator." << std::endl; std::cout << "Setup key: " << outcome.GetResult().GetSecretCode() << std::endl; #ifdef USING_QR printAsterisksLine(); std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "." << std::endl; saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" + outcome.GetResult().GetSecretCode()); #endif // USING_QR session = outcome.GetResult().GetSession(); } else { std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. " << outcome.GetError().GetMessage() << std::endl; return false; } ``` + Per i dettagli sull'API, [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come generare una chiave segreta per un’app di autenticazione MFA** L’esempio `associate-software-token` seguente genera una chiave privata TOTP per un utente che ha effettuato l’accesso e ha ricevuto un token di accesso. La chiave privata risultante può essere immessa manualmente in un’app di autenticazione oppure le applicazioni possono visualizzarla come codice QR che l’utente può scansionare. ``` aws cognito-idp associate-software-token \ --access-token eyJra456defEXAMPLE ``` Output: ``` { "SecretCode": "QWERTYUIOP123456EXAMPLE" } ``` Per ulteriori informazioni, consulta [Autenticazione MFA con token di software TOTP](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [AssociateSoftwareToken AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/associate-software-token.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) { AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder() .session(session) .build(); AssociateSoftwareTokenResponse tokenResponse = identityProviderClient .associateSoftwareToken(softwareTokenRequest); String secretCode = tokenResponse.secretCode(); System.out.println("Enter this token into Google Authenticator"); System.out.println(secretCode); return tokenResponse.session(); } ``` + Per i dettagli sull'API, [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const associateSoftwareToken = (session) => { const client = new CognitoIdentityProviderClient({}); const command = new AssociateSoftwareTokenCommand({ Session: session, }); return client.send(command); }; ``` + Per i dettagli sull'API, [AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun getSecretForAppMFA(sessionVal: String?): String? { val softwareTokenRequest = AssociateSoftwareTokenRequest { session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest) val secretCode = tokenResponse.secretCode println("Enter this token into Google Authenticator") println(secretCode) return tokenResponse.session } } ``` + Per i dettagli sull'API, [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def get_mfa_secret(self, session): """ Gets a token that can be used to associate an MFA application with the user. :param session: Session information returned from a previous call to initiate authentication. :return: An MFA token that can be used to set up an MFA application. """ try: response = self.cognito_idp_client.associate_software_token(Session=session) except ClientError as err: logger.error( "Couldn't get MFA secret. Here's why: %s: %s", err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: response.pop("ResponseMetadata", None) return response ``` + Per i dettagli sull'API, consulta [AssociateSoftwareToken AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)*SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK per SAP ABAP** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. DATA(lo_result) = lo_cgp->associatesoftwaretoken( iv_session = iv_session ). ov_secret_code = lo_result->get_secretcode( ). MESSAGE 'MFA secret code generated successfully.' TYPE 'I'. CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex). MESSAGE 'Session not found or expired.' TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized to associate software token.' TYPE 'E'. ENDTRY. ``` + Per i dettagli sulle API, [AssociateSoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)consulta *AWS SDK for SAP ABAP* API reference. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Request and display an MFA secret token that the user should enter /// into their authenticator to set it up for the user account. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - authSession: The authentication session to request an MFA secret /// for. /// /// - Returns: A string containing the MFA secret token that should be /// entered into the authenticator software. func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? { do { let output = try await cipClient.associateSoftwareToken( input: AssociateSoftwareTokenInput( session: authSession ) ) guard let secretCode = output.secretCode else { print("*** Unable to get the secret code") return nil } print("=====> Enter this token into Google Authenticator: \(secretCode)") return output.session } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return nil } catch { print("*** An unexpected error occurred getting the secret for the app's MFA.") return nil } } ``` + Per i dettagli sull'API, consulta la [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ConfirmDevice` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ConfirmDevice`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Initiates and confirms tracking of the device. ///

/// The user's access token. /// The key of the device from Amazon Cognito. /// The device name. /// public async Task ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName) { var request = new ConfirmDeviceRequest { AccessToken = accessToken, DeviceKey = deviceKey, DeviceName = deviceName }; var response = await _cognitoService.ConfirmDeviceAsync(request); return response.UserConfirmationNecessary; } ``` + Per i dettagli sull'API, [ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice)consulta *AWS SDK per .NET API Reference*. ------ #### [ CLI ] **AWS CLI** **Come confermare un dispositivo utente** L’esempio `confirm-device` seguente aggiunge un nuovo dispositivo memorizzato per l’utente corrente. ``` aws cognito-idp confirm-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ --device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0 ``` Output: ``` { "UserConfirmationNecessary": false } ``` Per ulteriori informazioni, consulta [Utilizzo dei dispositivi utente nel pool di utenti](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [ConfirmDevice AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-device.html)*Command Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const confirmDevice = ({ deviceKey, accessToken, passwordVerifier, salt }) => { const client = new CognitoIdentityProviderClient({}); const command = new ConfirmDeviceCommand({ DeviceKey: deviceKey, AccessToken: accessToken, DeviceSecretVerifierConfig: { PasswordVerifier: passwordVerifier, Salt: salt, }, }); return client.send(command); }; ``` + Per i dettagli sull'API, [ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def confirm_mfa_device( self, user_name, device_key, device_group_key, device_password, access_token, aws_srp, ): """ Confirms an MFA device to be tracked by Amazon Cognito. When a device is tracked, its key and password can be used to sign in without requiring a new MFA code from the MFA application. :param user_name: The user that is associated with the device. :param device_key: The key of the device, returned by Amazon Cognito. :param device_group_key: The group key of the device, returned by Amazon Cognito. :param device_password: The password that is associated with the device. :param access_token: The user's access token. :param aws_srp: A class that helps with Secure Remote Password (SRP) calculations. The scenario associated with this example uses the warrant package. :return: True when the user must confirm the device. Otherwise, False. When False, the device is automatically confirmed and tracked. """ srp_helper = aws_srp.AWSSRP( username=user_name, password=device_password, pool_id="_", client_id=self.client_id, client_secret=None, client=self.cognito_idp_client, ) device_and_pw = f"{device_group_key}{device_key}:{device_password}" device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8")) salt = aws_srp.pad_hex(aws_srp.get_random(16)) x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash)) verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n)) device_secret_verifier_config = { "PasswordVerifier": base64.standard_b64encode( bytearray.fromhex(verifier) ).decode("utf-8"), "Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"), } try: response = self.cognito_idp_client.confirm_device( AccessToken=access_token, DeviceKey=device_key, DeviceSecretVerifierConfig=device_secret_verifier_config, ) user_confirm = response["UserConfirmationNecessary"] except ClientError as err: logger.error( "Couldn't confirm mfa device %s. Here's why: %s: %s", device_key, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return user_confirm ``` + Per i dettagli sull'API, consulta [ConfirmDevice AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)*SDK for Python (Boto3) API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ConfirmForgotPassword` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ConfirmForgotPassword`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) ------ #### [ CLI ] **AWS CLI** **Come confermare una password dimenticata** Questo esempio conferma una password dimenticata per diego@example.com. Comando: ``` aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE ``` + Per i dettagli sull'API, consulta [ConfirmForgotPassword AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-forgot-password.html)*Command Reference.* ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // ConfirmForgotPassword confirms a user with a confirmation code and a new password. func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error { _, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{ ClientId: aws.String(clientId), ConfirmationCode: aws.String(code), Password: aws.String(password), Username: aws.String(userName), }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err) } } return err } ``` + Per i dettagli sull'API, [ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword)consulta *AWS SDK per Go API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ConfirmSignUp` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ConfirmSignUp`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Confirm that the user has signed up. ///

/// The Id of this application. /// The confirmation code sent to the user. /// The username. /// True if successful. public async Task ConfirmSignupAsync(string clientId, string code, string userName) { var signUpRequest = new ConfirmSignUpRequest { ClientId = clientId, ConfirmationCode = code, Username = userName, }; var response = await _cognitoService.ConfirmSignUpAsync(signUpRequest); if (response.HttpStatusCode == HttpStatusCode.OK) { Console.WriteLine($"{userName} was confirmed"); return true; } return false; } ``` + Per i dettagli sull'API, [ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp)consulta *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request; request.SetClientId(clientID); request.SetConfirmationCode(confirmationCode); request.SetUsername(userName); Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome = client.ConfirmSignUp(request); if (outcome.IsSuccess()) { std::cout << "ConfirmSignup was Successful." << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. " << outcome.GetError().GetMessage() << std::endl; return false; } ``` + Per i dettagli sull'API, [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come confermare la registrazione** Questo esempio conferma la registrazione per il nome utente diego@example.com. Comando: ``` aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE ``` + Per i dettagli sull'API, consulta [ConfirmSignUp AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-sign-up.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code, String userName) { try { ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder() .clientId(clientId) .confirmationCode(code) .username(userName) .build(); identityProviderClient.confirmSignUp(signUpRequest); System.out.println(userName + " was confirmed"); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } ``` + Per i dettagli sull'API, [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const confirmSignUp = ({ clientId, username, code }) => { const client = new CognitoIdentityProviderClient({}); const command = new ConfirmSignUpCommand({ ClientId: clientId, Username: username, ConfirmationCode: code, }); return client.send(command); }; ``` + Per i dettagli sull'API, [ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun confirmSignUp( clientIdVal: String?, codeVal: String?, userNameVal: String?, ) { val signUpRequest = ConfirmSignUpRequest { clientId = clientIdVal confirmationCode = codeVal username = userNameVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> identityProviderClient.confirmSignUp(signUpRequest) println("$userNameVal was confirmed") } } ``` + Per i dettagli sull'API, [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def confirm_user_sign_up(self, user_name, confirmation_code): """ Confirms a previously created user. A user must be confirmed before they can sign in to Amazon Cognito. :param user_name: The name of the user to confirm. :param confirmation_code: The confirmation code sent to the user's registered email address. :return: True when the confirmation succeeds. """ try: kwargs = { "ClientId": self.client_id, "Username": user_name, "ConfirmationCode": confirmation_code, } if self.client_secret is not None: kwargs["SecretHash"] = self._secret_hash(user_name) self.cognito_idp_client.confirm_sign_up(**kwargs) except ClientError as err: logger.error( "Couldn't confirm sign up for %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return True ``` + Per i dettagli sull'API, consulta [ConfirmSignUp AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)*SDK for Python (Boto3) API Reference*. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Submit a confirmation code for the specified user. This is the code as /// entered by the user after they've received it by email or text /// message. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The app client ID the user is signing up for. /// - userName: The username of the user whose code is being sent. /// - code: The user's confirmation code. /// /// - Returns: `true` if the code was successfully confirmed; otherwise `false`. func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, code: String) async -> Bool { do { _ = try await cipClient.confirmSignUp( input: ConfirmSignUpInput( clientId: clientId, confirmationCode: code, username: userName ) ) print("=====> \(userName) has been confirmed.") return true } catch { print("=====> \(userName)'s code was entered incorrectly.") return false } } ``` + Per i dettagli sull'API, consulta la [ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `CreateUserPool` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `CreateUserPool`. ------ #### [ CLI ] **AWS CLI** **Creazione di un pool di utenti con configurazione minima** Questo esempio crea un pool di utenti denominato MyUserPool utilizzando valori predefiniti. Non ci sono attributi obbligatori né client di applicazioni. MFA e sicurezza avanzata sono disattivate. Comando: ``` aws cognito-idp create-user-pool --pool-name MyUserPool ``` Output: ``` { "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547833345.777, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": {}, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "CreationDate": 1547833345.777, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } } ``` **Come creare un pool di utenti con due attributi richiesti** Questo esempio crea un pool di utenti MyUserPool. Il pool è configurato per accettare l’e-mail come attributo del nome utente. Inoltre, imposta l’indirizzo e-mail di origine su un indirizzo convalidato utilizzando Amazon Simple Email Service (Amazon SES). Comando: ``` aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com" ``` Output: ``` { "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547837788.189, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": { "ReplyToEmailAddress": "jane@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com" }, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "UsernameAttributes": [ "email" ], "CreationDate": 1547837788.189, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } } ``` + Per i dettagli sull'API, vedere [CreateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool.html)in *AWS CLI Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class CreateUserPool { public static void main(String[] args) { final String usage = """ Usage: \s Where: userPoolName - The name to give your user pool when it's created. """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String userPoolName = args[0]; CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder() .region(Region.US_EAST_1) .build(); String id = createPool(cognitoClient, userPoolName); System.out.println("User pool ID: " + id); cognitoClient.close(); } public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName) { try { CreateUserPoolRequest request = CreateUserPoolRequest.builder() .poolName(userPoolName) .build(); CreateUserPoolResponse response = cognitoClient.createUserPool(request); return response.userPool().id(); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; } } ``` + Per i dettagli sull'API, [CreateUserPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPool)consulta *AWS SDK for Java 2.x API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `CreateUserPoolClient` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `CreateUserPoolClient`. ------ #### [ CLI ] **AWS CLI** **Come creare un client del pool di utenti** L'`create-user-pool-client`esempio seguente crea un nuovo client con pool di utenti con un client secret, attributi di lettura e scrittura espliciti, accesso con flussi username-password e SRP, accesso con tre, accesso a un sottoinsieme di OAuth ambiti IdPs, PinPoint analisi e una validità estesa della sessione di autenticazione. ``` aws cognito-idp create-user-pool-client \ --user-pool-id us-west-2_EXAMPLE \ --client-name MyTestClient \ --generate-secret \ --refresh-token-validity 10 \ --access-token-validity 60 \ --id-token-validity 60 \ --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ --read-attributes email phone_number email_verified phone_number_verified \ --write-attributes email phone_number \ --explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \ --supported-identity-providers Google Facebook MyOIDC \ --callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \ --allowed-o-auth-flows code implicit \ --allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \ --allowed-o-auth-flows-user-pool-client \ --analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \ --prevent-user-existence-errors ENABLED \ --enable-token-revocation \ --enable-propagate-additional-user-context-data \ --auth-session-validity 4 ``` Output: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_EXAMPLE", "ClientName": "MyTestClient", "ClientId": "123abc456defEXAMPLE", "ClientSecret": "this1234is5678my91011example1213client1415secret", "LastModifiedDate": 1726788459.464, "CreationDate": 1726788459.464, "RefreshTokenValidity": 10, "AccessTokenValidity": 60, "IdTokenValidity": 60, "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "days" }, "ReadAttributes": [ "email_verified", "phone_number_verified", "phone_number", "email" ], "WriteAttributes": [ "phone_number", "email" ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "SupportedIdentityProviders": [ "Google", "MyOIDC", "Facebook" ], "CallbackURLs": [ "https://example.com", "https://www.amazon.com", "myapp://example", "http://localhost:8001" ], "AllowedOAuthFlows": [ "implicit", "code" ], "AllowedOAuthScopes": [ "aws.cognito.signin.user.admin", "openid", "profile", "solar-system-data/asteroids.add" ], "AllowedOAuthFlowsUserPoolClient": true, "AnalyticsConfiguration": { "ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid", "RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp", "UserDataShared": true }, "PreventUserExistenceErrors": "ENABLED", "EnableTokenRevocation": true, "EnablePropagateAdditionalUserContextData": true, "AuthSessionValidity": 4 } } ``` Per ulteriori informazioni, consulta [Impostazioni specifiche dell’applicazione con i client dell’app](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + *Per i dettagli sull'API, consulta Command Reference. [CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)AWS CLI * ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse; /** * A user pool client app is an application that authenticates with Amazon * Cognito user pools. * When you create a user pool, you can configure app clients that allow mobile * or web applications * to call API operations to authenticate users, manage user attributes and * profiles, * and implement sign-up and sign-in flows. * * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class CreateUserPoolClient { public static void main(String[] args) { final String usage = """ Usage: \s Where: clientName - The name for the user pool client to create. userPoolId - The ID for the user pool. """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String clientName = args[0]; String userPoolId = args[1]; CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder() .region(Region.US_EAST_1) .build(); createPoolClient(cognitoClient, clientName, userPoolId); cognitoClient.close(); } public static void createPoolClient(CognitoIdentityProviderClient cognitoClient, String clientName, String userPoolId) { try { CreateUserPoolClientRequest request = CreateUserPoolClientRequest.builder() .clientName(clientName) .userPoolId(userPoolId) .build(); CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient(request); System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: " + response.userPoolClient().clientId()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, [CreateUserPoolClient](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPoolClient)consulta *AWS SDK for Java 2.x API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `DeleteUser` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `DeleteUser`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nei seguenti esempi di codice: + [Confermare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md) + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::DeleteUserRequest request; request.SetAccessToken(accessToken); Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome = client.DeleteUser(request); if (outcome.IsSuccess()) { std::cout << "The user " << userName << " was deleted." << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::DeleteUser. " << outcome.GetError().GetMessage() << std::endl; } ``` + Per i dettagli sull'API, [DeleteUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUser)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come eliminare un utente** Questo esempio elimina un utente. Comando: ``` aws cognito-idp delete-user --access-token ACCESS_TOKEN ``` + Per i dettagli sull'API, consulta [DeleteUser AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user.html)*Command Reference*. ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // DeleteUser removes a user from the user pool. func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error { _, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{ AccessToken: aws.String(userAccessToken), }) if err != nil { log.Printf("Couldn't delete user. Here's why: %v\n", err) } return err } ``` + Per i dettagli sull'API, [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)consulta *AWS SDK per Go API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples). ``` /** * Delete the signed-in user. Useful for allowing a user to delete their * own profile. * @param {{ region: string, accessToken: string }} config * @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>} */ export const deleteUser = async ({ region, accessToken }) => { try { const client = new CognitoIdentityProviderClient({ region }); const response = await client.send( new DeleteUserCommand({ AccessToken: accessToken }), ); return [response, null]; } catch (err) { return [null, err]; } }; ``` + Per i dettagli sull'API, [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand)consulta *AWS SDK per JavaScript API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ForgotPassword` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ForgotPassword`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) ------ #### [ CLI ] **AWS CLI** **Come forzare la modifica della password** L’esempio `forgot-password` seguente invia un messaggio a jane@example.com per la modifica della password. ``` aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com ``` Output: ``` { "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` + Per i dettagli sull'API, consulta [ForgotPassword AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forgot-password.html)*Command Reference.* ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code // to the user's configured notification destination, such as email. func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) { output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{ ClientId: aws.String(clientId), Username: aws.String(userName), }) if err != nil { log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err) } return output.CodeDeliveryDetails, err } ``` + Per i dettagli sull'API, [ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword)consulta *AWS SDK per Go API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `InitiateAuth` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `InitiateAuth`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nei seguenti esempi di codice: + [Confermare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md) + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Initiate authorization. ///

/// The client Id of the application. /// The name of the user who is authenticating. /// The password for the user who is authenticating. /// The response from the initiate auth request. public async Task InitiateAuthAsync(string clientId, string userName, string password) { var authParameters = new Dictionary(); authParameters.Add("USERNAME", userName); authParameters.Add("PASSWORD", password); var authRequest = new InitiateAuthRequest { ClientId = clientId, AuthParameters = authParameters, AuthFlow = AuthFlowType.USER_PASSWORD_AUTH, }; var response = await _cognitoService.InitiateAuthAsync(authRequest); Console.WriteLine($"Result Challenge is : {response.ChallengeName}"); return response; } ``` + Per i dettagli sull'API, [InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth)consulta *AWS SDK per .NET API Reference*. ------ #### [ CLI ] **AWS CLI** **Come effettuare l’accesso per un utente** L’esempio `initiate-auth` seguente accede a un utente con il flusso nome utente-password di base e senza richieste di verifica aggiuntive. ``` aws cognito-idp initiate-auth \ --auth-flow USER_PASSWORD_AUTH \ --client-id 1example23456789 \ --analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \ --auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue ``` Output: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` Per ulteriori informazioni, consulta [Autenticazione](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [InitiateAuth AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/initiate-auth.html)*Command Reference*. ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // SignIn signs in a user to Amazon Cognito using a username and password authentication flow. func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) { var authResult *types.AuthenticationResultType output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{ AuthFlow: "USER_PASSWORD_AUTH", ClientId: aws.String(clientId), AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password}, }) if err != nil { var resetRequired *types.PasswordResetRequiredException if errors.As(err, &resetRequired) { log.Println(*resetRequired.Message) } else { log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err) } } else { authResult = output.AuthenticationResult } return authResult, err } ``` + Per i dettagli sull'API, [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)consulta *AWS SDK per Go API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const initiateAuth = ({ username, password, clientId }) => { const client = new CognitoIdentityProviderClient({}); const command = new InitiateAuthCommand({ AuthFlow: AuthFlowType.USER_PASSWORD_AUTH, AuthParameters: { USERNAME: username, PASSWORD: password, }, ClientId: clientId, }); return client.send(command); }; ``` + Per i dettagli sull'API, [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). Questo esempio mostra come avviare l’autenticazione con un dispositivo monitorato. Per completare l’accesso, il client deve rispondere correttamente alle richieste di autenticazione SRP (Secure Remote Password). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def sign_in_with_tracked_device( self, user_name, password, device_key, device_group_key, device_password, aws_srp, ): """ Signs in to Amazon Cognito as a user who has a tracked device. Signing in with a tracked device lets a user sign in without entering a new MFA code. Signing in with a tracked device requires that the client respond to the SRP protocol. The scenario associated with this example uses the warrant package to help with SRP calculations. For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol. :param user_name: The user that is associated with the device. :param password: The user's password. :param device_key: The key of a tracked device. :param device_group_key: The group key of a tracked device. :param device_password: The password that is associated with the device. :param aws_srp: A class that helps with SRP calculations. The scenario associated with this example uses the warrant package. :return: The result of the authentication. When successful, this contains an access token for the user. """ try: srp_helper = aws_srp.AWSSRP( username=user_name, password=device_password, pool_id="_", client_id=self.client_id, client_secret=None, client=self.cognito_idp_client, ) response_init = self.cognito_idp_client.initiate_auth( ClientId=self.client_id, AuthFlow="USER_PASSWORD_AUTH", AuthParameters={ "USERNAME": user_name, "PASSWORD": password, "DEVICE_KEY": device_key, }, ) if response_init["ChallengeName"] != "DEVICE_SRP_AUTH": raise RuntimeError( f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}." ) auth_params = srp_helper.get_auth_params() auth_params["DEVICE_KEY"] = device_key response_auth = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName="DEVICE_SRP_AUTH", ChallengeResponses=auth_params, ) if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER": raise RuntimeError( f"Expected DEVICE_PASSWORD_VERIFIER challenge but got " f"{response_init['ChallengeName']}." ) challenge_params = response_auth["ChallengeParameters"] challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name}) cr["USERNAME"] = user_name cr["DEVICE_KEY"] = device_key response_verifier = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName="DEVICE_PASSWORD_VERIFIER", ChallengeResponses=cr, ) auth_tokens = response_verifier["AuthenticationResult"] except ClientError as err: logger.error( "Couldn't start client sign in for %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return auth_tokens ``` + Per i dettagli sull'API, consulta [InitiateAuth AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)*SDK for Python (Boto3) API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ListUserPools` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ListUserPools`. ------ #### [ .NET ] **SDK per .NET (v4)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/Cognito#code-examples). ``` ///

/// List the Amazon Cognito user pools for an account. ///

/// A list of UserPoolDescriptionType objects. public async Task> ListUserPoolsAsync() { var userPools = new List(); var userPoolsPaginator = _cognitoService.Paginators.ListUserPools(new ListUserPoolsRequest()); await foreach (var response in userPoolsPaginator.Responses) { userPools.AddRange(response.UserPools); } return userPools; } ``` + Per i dettagli sull'API, [ListUserPools](https://docs.aws.amazon.com/goto/DotNetSDKV4/cognito-idp-2016-04-18/ListUserPools)consulta *AWS SDK per .NET API Reference*. ------ #### [ CLI ] **AWS CLI** **Come elencare i pool di utenti** L'`list-user-pools`esempio seguente elenca 3 dei pool di utenti disponibili nell' AWS account delle credenziali CLI correnti. ``` aws cognito-idp list-user-pools \ --max-results 3 ``` Output: ``` { "NextToken": "[Pagination token]", "UserPools": [ { "CreationDate": 1681502497.741, "Id": "us-west-2_EXAMPLE1", "LambdaConfig": { "CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreTokenGenerationConfig": { "LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "LambdaVersion": "V1_0" } }, "LastModifiedDate": 1681502497.741, "Name": "user pool 1" }, { "CreationDate": 1686064178.717, "Id": "us-west-2_EXAMPLE2", "LambdaConfig": { }, "LastModifiedDate": 1686064178.873, "Name": "user pool 2" }, { "CreationDate": 1627681712.237, "Id": "us-west-2_EXAMPLE3", "LambdaConfig": { "UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction" }, "LastModifiedDate": 1678486942.479, "Name": "user pool 3" } ] } ``` Per ulteriori informazioni, consulta [Pool di utenti di Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, vedere [ListUserPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pools.html)in *AWS CLI Command Reference*. ------ #### [ Go ] **SDK per Go V2** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples). ``` package main import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) // main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service // (Amazon SNS) client and list the topics in your account. // This example uses the default settings specified in your shared credentials // and config files. func main() { ctx := context.Background() sdkConfig, err := config.LoadDefaultConfig(ctx) if err != nil { fmt.Println("Couldn't load default configuration. Have you set up your AWS account?") fmt.Println(err) return } cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig) fmt.Println("Let's list the user pools for your account.") var pools []types.UserPoolDescriptionType paginator := cognitoidentityprovider.NewListUserPoolsPaginator( cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)}) for paginator.HasMorePages() { output, err := paginator.NextPage(ctx) if err != nil { log.Printf("Couldn't get user pools. Here's why: %v\n", err) } else { pools = append(pools, output.UserPools...) } } if len(pools) == 0 { fmt.Println("You don't have any user pools!") } else { for _, pool := range pools { fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id) } } } ``` + Per i dettagli sull'API, [ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)consulta *AWS SDK per Go API Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ListUserPools { public static void main(String[] args) { CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder() .region(Region.US_EAST_1) .build(); listAllUserPools(cognitoClient); cognitoClient.close(); } public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) { try { ListUserPoolsRequest request = ListUserPoolsRequest.builder() .maxResults(10) .build(); ListUserPoolsResponse response = cognitoClient.listUserPools(request); response.userPools().forEach(userpool -> { System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id()); }); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, [ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ Rust ] **SDK per Rust** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitoidentityprovider#code-examples). ``` async fn show_pools(client: &Client) -> Result<(), Error> { let response = client.list_user_pools().max_results(10).send().await?; let pools = response.user_pools(); println!("User pools:"); for pool in pools { println!(" ID: {}", pool.id().unwrap_or_default()); println!(" Name: {}", pool.name().unwrap_or_default()); println!(" Lambda Config: {:?}", pool.lambda_config().unwrap()); println!( " Last modified: {}", pool.last_modified_date().unwrap().to_chrono_utc()? ); println!( " Creation date: {:?}", pool.creation_date().unwrap().to_chrono_utc() ); println!(); } println!("Next token: {}", response.next_token().unwrap_or_default()); Ok(()) } ``` + Per i dettagli sulle API, consulta il *riferimento [ListUserPools](https://docs.rs/aws-sdk-cognitoidentityprovider/latest/aws_sdk_cognitoidentityprovider/client/struct.Client.html#method.list_user_pools)all'API AWS SDK for Rust*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ListUsers` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ListUsers`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Get a list of users for the Amazon Cognito user pool. ///

/// The user pool ID. /// A list of users. public async Task> ListUsersAsync(string userPoolId) { var request = new ListUsersRequest { UserPoolId = userPoolId }; var users = new List(); var usersPaginator = _cognitoService.Paginators.ListUsers(request); await foreach (var response in usersPaginator.Responses) { users.AddRange(response.Users); } return users; } ``` + Per i dettagli sull'API, [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers)consulta *AWS SDK per .NET API Reference*. ------ #### [ CLI ] **AWS CLI** **Esempio 1: come restituire l’elenco degli utenti con un filtro lato server** L’esempio `list-users` seguente elenca 3 utenti nel pool di utenti richiesto i cui indirizzi e-mail iniziano con `testuser`. ``` aws cognito-idp list-users \ --user-pool-id us-west-2_EXAMPLE \ --filter email^=\"testuser\" \ --max-items 3 ``` Output: ``` { "PaginationToken": "efgh5678EXAMPLE", "Users": [ { "Attributes": [ { "Name": "sub", "Value": "eaad0219-2117-439f-8d46-4db20e59268f" }, { "Name": "email", "Value": "testuser@example.com" } ], "Enabled": true, "UserCreateDate": 1682955829.578, "UserLastModifiedDate": 1689030181.63, "UserStatus": "CONFIRMED", "Username": "testuser" }, { "Attributes": [ { "Name": "sub", "Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90" }, { "Name": "email", "Value": "testuser2@example.com" } ], "Enabled": true, "UserCreateDate": 1684427979.201, "UserLastModifiedDate": 1684427979.201, "UserStatus": "UNCONFIRMED", "Username": "testuser2" }, { "Attributes": [ { "Name": "sub", "Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7" }, { "Name": "email", "Value": "testuser3@example.com" } ], "Enabled": true, "UserCreateDate": 1684427823.641, "UserLastModifiedDate": 1684427823.641, "UserStatus": "UNCONFIRMED", "Username": "testuser3@example.com" } ] } ``` Per ulteriori informazioni, consulta [Gestione e ricerca degli utenti](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) nella *Guida per gli sviluppatori di Amazon Cognito*. **Esempio 2: come restituire l’elenco degli utenti con un filtro lato client** L’esempio `list-users` seguente elenca gli attributi di tre utenti che dispongono di un attributo (in questo caso l’indirizzo e-mail contenente il dominio e-mail “@example .com”). Verranno visualizzati anche eventuali altri attributi contenuti in questa stringa. Il secondo utente non dispone di attributi corrispondenti alla query e pertanto è escluso dall’output visualizzato, ma non dalla risposta del server. ``` aws cognito-idp list-users \ --user-pool-id us-west-2_EXAMPLE \ --max-items 3 --query Users\[\*\].Attributes\[\?Value\.contains$\@\,\'@example.com\'$\] ``` Output: ``` [ [ { "Name": "email", "Value": "admin@example.com" } ], [], [ { "Name": "email", "Value": "operator@example.com" } ] ] ``` Per ulteriori informazioni, consulta [Gestione e ricerca degli utenti](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [ListUsers AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ListUsers { public static void main(String[] args) { final String usage = """ Usage: \s Where: userPoolId - The ID given to your user pool when it's created. """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String userPoolId = args[0]; CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder() .region(Region.US_EAST_1) .build(); listAllUsers(cognitoClient, userPoolId); listUsersFilter(cognitoClient, userPoolId); cognitoClient.close(); } public static void listAllUsers(CognitoIdentityProviderClient cognitoClient, String userPoolId) { try { ListUsersRequest usersRequest = ListUsersRequest.builder() .userPoolId(userPoolId) .build(); ListUsersResponse response = cognitoClient.listUsers(usersRequest); response.users().forEach(user -> { System.out.println("User " + user.username() + " Status " + user.userStatus() + " Created " + user.userCreateDate()); }); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } // Shows how to list users by using a filter. public static void listUsersFilter(CognitoIdentityProviderClient cognitoClient, String userPoolId) { try { String filter = "email = \"tblue@noserver.com\""; ListUsersRequest usersRequest = ListUsersRequest.builder() .userPoolId(userPoolId) .filter(filter) .build(); ListUsersResponse response = cognitoClient.listUsers(usersRequest); response.users().forEach(user -> { System.out.println("User with filter applied " + user.username() + " Status " + user.userStatus() + " Created " + user.userCreateDate()); }); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per i dettagli sull'API, [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const listUsers = ({ userPoolId }) => { const client = new CognitoIdentityProviderClient({}); const command = new ListUsersCommand({ UserPoolId: userPoolId, }); return client.send(command); }; ``` + Per i dettagli sull'API, [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun listAllUsers(userPoolId: String) { val request = ListUsersRequest { this.userPoolId = userPoolId } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { cognitoClient -> val response = cognitoClient.listUsers(request) response.users?.forEach { user -> println("The user name is ${user.username}") } } } ``` + Per i dettagli sull'API, [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def list_users(self): """ Returns a list of the users in the current user pool. :return: The list of users. """ try: response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id) users = response["Users"] except ClientError as err: logger.error( "Couldn't list users for %s. Here's why: %s: %s", self.user_pool_id, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return users ``` + Per i dettagli sull'API, consulta [ListUsers AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)*SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK per SAP ABAP** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. DATA(lo_result) = lo_cgp->listusers( iv_userpoolid = iv_user_pool_id ). ot_users = lo_result->get_users( ). MESSAGE |Found { lines( ot_users ) } users in the pool.| TYPE 'I'. CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex). MESSAGE |User pool { iv_user_pool_id } not found.| TYPE 'E'. CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex). MESSAGE 'Not authorized to list users.' TYPE 'E'. ENDTRY. ``` + Per i dettagli sulle API, [ListUsers](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)consulta *AWS SDK for SAP ABAP* API reference. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` do { let output = try await cognitoClient.listUsers( input: ListUsersInput( userPoolId: poolId ) ) guard let users = output.users else { print("No users found.") return } print("\(users.count) user(s) found.") for user in users { print(" \(user.username ?? "")") } } catch _ as NotAuthorizedException { print("*** Please authenticate with AWS before using this command.") return } catch _ as ResourceNotFoundException { print("*** The specified User Pool was not found.") return } catch { print("*** An unexpected type of error occurred.") return } ``` + Per i dettagli sull'API, consulta la [ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `ResendConfirmationCode` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `ResendConfirmationCode`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Send a new confirmation code to a user. ///

/// The Id of the client application. /// The username of user who will receive the code. /// The delivery details. public async Task ResendConfirmationCodeAsync(string clientId, string userName) { var codeRequest = new ResendConfirmationCodeRequest { ClientId = clientId, Username = userName, }; var response = await _cognitoService.ResendConfirmationCodeAsync(codeRequest); Console.WriteLine($"Method of delivery is {response.CodeDeliveryDetails.DeliveryMedium}"); return response.CodeDeliveryDetails; } ``` + Per i dettagli sull'API, [ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode)consulta *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request; request.SetUsername(userName); request.SetClientId(clientID); Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome = client.ResendConfirmationCode(request); if (outcome.IsSuccess()) { std::cout << "CognitoIdentityProvider::ResendConfirmationCode was successful." << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. " << outcome.GetError().GetMessage() << std::endl; return false; } ``` + Per i dettagli sull'API, [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come inviare nuovamente un codice di conferma** L’esempio `resend-confirmation-code` seguente invia un codice di conferma all’utente `jane`. ``` aws cognito-idp resend-confirmation-code \ --client-id 12a3b456c7de890f11g123hijk \ --username jane ``` Output: ``` { "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` Per ulteriori informazioni, consulta [Registrazione e conferma degli account utente](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [ResendConfirmationCode AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/resend-confirmation-code.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName) { try { ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder() .clientId(clientId) .username(userName) .build(); ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest); System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } ``` + Per i dettagli sull'API, [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const resendConfirmationCode = ({ clientId, username }) => { const client = new CognitoIdentityProviderClient({}); const command = new ResendConfirmationCodeCommand({ ClientId: clientId, Username: username, }); return client.send(command); }; ``` + Per i dettagli sull'API, [ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` suspend fun resendConfirmationCode( clientIdVal: String?, userNameVal: String?, ) { val codeRequest = ResendConfirmationCodeRequest { clientId = clientIdVal username = userNameVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val response = identityProviderClient.resendConfirmationCode(codeRequest) println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium)) } } ``` + Per i dettagli sull'API, [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def resend_confirmation(self, user_name): """ Prompts Amazon Cognito to resend an email with a new confirmation code. :param user_name: The name of the user who will receive the email. :return: Delivery information about where the email is sent. """ try: kwargs = {"ClientId": self.client_id, "Username": user_name} if self.client_secret is not None: kwargs["SecretHash"] = self._secret_hash(user_name) response = self.cognito_idp_client.resend_confirmation_code(**kwargs) delivery = response["CodeDeliveryDetails"] except ClientError as err: logger.error( "Couldn't resend confirmation to %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return delivery ``` + Per i dettagli sull'API, consulta [ResendConfirmationCode AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)*SDK for Python (Boto3) API Reference*. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Requests a new confirmation code be sent to the given user's contact /// method. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The application client ID. /// - userName: The user to resend a code for. /// /// - Returns: `true` if a new code was sent successfully, otherwise /// `false`. func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String) async -> Bool { do { let output = try await cipClient.resendConfirmationCode( input: ResendConfirmationCodeInput( clientId: clientId, username: userName ) ) guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else { print("*** Unable to get the delivery method for the resent code.") return false } print("=====> A new code has been sent by \(deliveryMedium)") return true } catch { print("*** Unable to resend the confirmation code to user \(userName).") return false } } ``` + Per i dettagli sull'API, consulta la [ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `RespondToAuthChallenge` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `RespondToAuthChallenge`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nel seguente esempio di codice: + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ CLI ] **AWS CLI** **Esempio 1: come rispondere a una richiesta di verifica NEW\$1PASSWORD\$1REQUIRED** L’esempio `respond-to-auth-challenge` seguente risponde alla richiesta di verifica NEW\$1PASSWORD\$1REQUIRED restituita da initiate-auth. Imposta una password per l’utente `jane@example.com`. ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --challenge-name NEW_PASSWORD_REQUIRED \ --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \ --session AYABeEv5HklEXAMPLE ``` Output: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "ACCESS_TOKEN", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "REFRESH_TOKEN", "IdToken": "ID_TOKEN", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-wt2ha1Zd" } } } ``` Per ulteriori informazioni, consulta [Autenticazione](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) nella *Guida per gli sviluppatori di Amazon Cognito*. **Esempio 2: come rispondere a una richiesta di verifica SELECT\$1MFA\$1TYPE** L’esempio `respond-to-auth-challenge` seguente sceglie TOTP MFA come opzione MFA per l’utente corrente. All’utente viene richiesto di selezionare un tipo di autenticazione MFA e quindi di inserire il proprio codice MFA. ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 --session AYABeEv5HklEXAMPLE --challenge-name SELECT_MFA_TYPE --challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA ``` Output: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeEv5HklEXAMPLE", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "transparent" } } ``` Per ulteriori informazioni, consulta [Aggiunta di MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) nella *Guida per gli sviluppatori di Amazon Cognito*. **Esempio 3: come rispondere a una richiesta di verifica SOFTWARE\$1TOKEN\$1MFA** L’esempio `respond-to-auth-challenge` seguente fornisce un codice MFA TOTP e completa l’accesso. ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --session AYABeEv5HklEXAMPLE \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456 ``` Output: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` Per ulteriori informazioni, consulta [Aggiunta di MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [RespondToAuthChallenge AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)*Command Reference.* ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const respondToAuthChallenge = ({ clientId, username, session, userPoolId, code, }) => { const client = new CognitoIdentityProviderClient({}); const command = new RespondToAuthChallengeCommand({ ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA, ChallengeResponses: { SOFTWARE_TOKEN_MFA_CODE: code, USERNAME: username, }, ClientId: clientId, UserPoolId: userPoolId, Session: session, }); return client.send(command); }; ``` + Per i dettagli sull'API, [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). Accedi con un dispositivo monitorato. Per completare l'accesso, il client deve rispondere correttamente alle richieste di autenticazione SRP (Secure Remote Password). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def sign_in_with_tracked_device( self, user_name, password, device_key, device_group_key, device_password, aws_srp, ): """ Signs in to Amazon Cognito as a user who has a tracked device. Signing in with a tracked device lets a user sign in without entering a new MFA code. Signing in with a tracked device requires that the client respond to the SRP protocol. The scenario associated with this example uses the warrant package to help with SRP calculations. For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol. :param user_name: The user that is associated with the device. :param password: The user's password. :param device_key: The key of a tracked device. :param device_group_key: The group key of a tracked device. :param device_password: The password that is associated with the device. :param aws_srp: A class that helps with SRP calculations. The scenario associated with this example uses the warrant package. :return: The result of the authentication. When successful, this contains an access token for the user. """ try: srp_helper = aws_srp.AWSSRP( username=user_name, password=device_password, pool_id="_", client_id=self.client_id, client_secret=None, client=self.cognito_idp_client, ) response_init = self.cognito_idp_client.initiate_auth( ClientId=self.client_id, AuthFlow="USER_PASSWORD_AUTH", AuthParameters={ "USERNAME": user_name, "PASSWORD": password, "DEVICE_KEY": device_key, }, ) if response_init["ChallengeName"] != "DEVICE_SRP_AUTH": raise RuntimeError( f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}." ) auth_params = srp_helper.get_auth_params() auth_params["DEVICE_KEY"] = device_key response_auth = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName="DEVICE_SRP_AUTH", ChallengeResponses=auth_params, ) if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER": raise RuntimeError( f"Expected DEVICE_PASSWORD_VERIFIER challenge but got " f"{response_init['ChallengeName']}." ) challenge_params = response_auth["ChallengeParameters"] challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name}) cr["USERNAME"] = user_name cr["DEVICE_KEY"] = device_key response_verifier = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName="DEVICE_PASSWORD_VERIFIER", ChallengeResponses=cr, ) auth_tokens = response_verifier["AuthenticationResult"] except ClientError as err: logger.error( "Couldn't start client sign in for %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return auth_tokens ``` + Per i dettagli sull'API, consulta [RespondToAuthChallenge AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)*SDK for Python (Boto3) API Reference*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Utilizzo `SignUp` con un AWS SDK o una CLI Gli esempi di codice seguenti mostrano come utilizzare `SignUp`. Gli esempi di operazioni sono estratti di codice da programmi più grandi e devono essere eseguiti nel contesto. È possibile visualizzare questa operazione nel contesto nei seguenti esempi di codice: + [Confermare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md) + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` ///

/// Sign up a new user. ///

/// Verify the TOTP and register for MFA. ///

/// The name of the session. /// The MFA code. /// The status of the software token. public async Task VerifySoftwareTokenAsync(string session, string code) { var tokenRequest = new VerifySoftwareTokenRequest { UserCode = code, Session = session, }; var verifyResponse = await _cognitoService.VerifySoftwareTokenAsync(tokenRequest); return verifyResponse.Status; } ``` + Per i dettagli sull'API, [VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken)consulta *AWS SDK per .NET API Reference*. ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request; request.SetUserCode(userCode); request.SetSession(session); Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome = client.VerifySoftwareToken(request); if (outcome.IsSuccess()) { std::cout << "Verification of the code was successful." << std::endl; session = outcome.GetResult().GetSession(); } else { std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. " << outcome.GetError().GetMessage() << std::endl; return false; } ``` + Per i dettagli sull'API, [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)consulta *AWS SDK per C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **Come confermare la registrazione di un autenticatore TOTP** L’esempio `verify-software-token` seguente completa la registrazione TOTP per l’utente corrente. ``` aws cognito-idp verify-software-token \ --access-token eyJra456defEXAMPLE \ --user-code 123456 ``` Output: ``` { "Status": "SUCCESS" } ``` Per ulteriori informazioni, consulta [Aggiunta dell’autenticazione MFA a un pool di utenti](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) nella *Guida per gli sviluppatori di Amazon Cognito*. + Per i dettagli sull'API, consulta [VerifySoftwareToken AWS CLI](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-software-token.html)*Command Reference*. ------ #### [ Java ] **SDK per Java 2.x** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` // Verify the TOTP and register for MFA. public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) { try { VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder() .userCode(code) .session(session) .build(); VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest); System.out.println("The status of the token is " + verifyResponse.statusAsString()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } ``` + Per i dettagli sull'API, [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)consulta *AWS SDK for Java 2.x API Reference*. ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const verifySoftwareToken = (totp) => { const client = new CognitoIdentityProviderClient({}); // The 'Session' is provided in the response to 'AssociateSoftwareToken'. const session = process.env.SESSION; if (!session) { throw new Error( "Missing a valid Session. Did you run 'admin-initiate-auth'?", ); } const command = new VerifySoftwareTokenCommand({ Session: session, UserCode: totp, }); return client.send(command); }; ``` + Per i dettagli sull'API, [VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)consulta *AWS SDK per JavaScript API Reference*. ------ #### [ Kotlin ] **SDK per Kotlin** C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). ``` // Verify the TOTP and register for MFA. suspend fun verifyTOTP( sessionVal: String?, codeVal: String?, ) { val tokenRequest = VerifySoftwareTokenRequest { userCode = codeVal session = sessionVal } CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient -> val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest) println("The status of the token is ${verifyResponse.status}") } } ``` + Per i dettagli sull'API, [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)consulta *AWS SDK for Kotlin* API reference. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def verify_mfa(self, session, user_code): """ Verify a new MFA application that is associated with a user. :param session: Session information returned from a previous call to initiate authentication. :param user_code: A code generated by the associated MFA application. :return: Status that indicates whether the MFA application is verified. """ try: response = self.cognito_idp_client.verify_software_token( Session=session, UserCode=user_code ) except ClientError as err: logger.error( "Couldn't verify MFA. Here's why: %s: %s", err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: response.pop("ResponseMetadata", None) return response ``` + Per i dettagli sull'API, consulta [VerifySoftwareToken AWS](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)*SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK per SAP ABAP** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples). ``` TRY. DATA(lo_result) = lo_cgp->verifysoftwaretoken( iv_session = iv_session iv_usercode = iv_user_code ). ov_status = lo_result->get_status( ). IF ov_status = 'SUCCESS'. MESSAGE 'MFA token verified successfully.' TYPE 'I'. ELSE. MESSAGE |MFA verification status: { ov_status }.| TYPE 'I'. ENDIF. CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex). MESSAGE 'Invalid MFA code provided.' TYPE 'E'. CATCH /aws1/cx_cgpenbsoftwaretokmf00 INTO DATA(lo_enabled_ex). MESSAGE 'Software token MFA is already enabled.' TYPE 'E'. ENDTRY. ``` + Per i dettagli sulle API, [VerifySoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)consulta *AWS SDK for SAP ABAP* API reference. ------ #### [ Swift ] **SDK per Swift** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). ``` import AWSClientRuntime import AWSCognitoIdentityProvider /// Confirm that the user's TOTP authenticator is configured correctly by /// sending a code to it to check that it matches successfully. /// /// - Parameters: /// - cipClient: The `CongnitoIdentityProviderClient` to use. /// - session: An authentication session previously returned by an /// `associateSoftwareToken()` call. /// - mfaCode: The 6-digit code currently displayed by the user's /// authenticator, as provided by the user. func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async { do { let output = try await cipClient.verifySoftwareToken( input: VerifySoftwareTokenInput( session: session, userCode: mfaCode ) ) guard let tokenStatus = output.status else { print("*** Unable to get the token's status.") return } print("=====> The token's status is: \(tokenStatus)") } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return } catch _ as CodeMismatchException { print("*** The specified MFA code doesn't match the expected value.") return } catch _ as UserNotFoundException { print("*** The specified username doesn't exist.") return } catch _ as UserNotConfirmedException { print("*** The user has not been confirmed.") return } catch { print("*** Error verifying the MFA token!") return } } ``` + Per i dettagli sull'API, consulta la [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))guida di riferimento all'*API AWS SDK for Swift*. ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Scenari per l'utilizzo di Amazon Cognito Identity Provider AWS SDKs I seguenti esempi di codice mostrano come implementare scenari comuni in Amazon Cognito Identity Provider con. AWS SDKs Questi scenari illustrano come eseguire attività specifiche chiamando più funzioni all’interno del gestore dell’identità per Amazon Cognito o in combinazione con altri Servizi AWS. Ogni scenario include un collegamento al codice sorgente completo, dove è possibile trovare le istruzioni su come configurare ed eseguire il codice. Gli scenari sono relativi a un livello intermedio di esperienza per aiutarti a comprendere le azioni di servizio nel contesto. **Topics** + [Confermare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md) + [Migrare automaticamente gli utenti noti con una funzione Lambda](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md) + [Registrazione di un utente a un pool di utenti che richiede l’autenticazione MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) + [Usa i pool di identità di Amazon Cognito](cognito-identity-provider_example_cross_CognitoFlows_section.md) + [Scrivere i dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito tramite un SDK](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md) # Conferma automaticamente gli utenti noti di Amazon Cognito con una funzione Lambda utilizzando un SDK AWS L’esempio di codice seguente mostra come confermare automaticamente gli utenti noti di Amazon Cognito con una funzione Lambda. + Configura un pool di utenti per chiamare una funzione Lambda per il trigger `PreSignUp`. + Registra un utente con Amazon Cognito. + La funzione Lambda esegue la scansione di una tabella DynamoDB e conferma automaticamente gli utenti noti. + Accedi come nuovo utente, quindi elimina le risorse. ------ #### [ Go ] **SDK per Go V2** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples). Esegui uno scenario interattivo al prompt dei comandi. ``` import ( "context" "errors" "log" "strings" "user_pools_and_lambda_triggers/actions" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" "github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools" ) // AutoConfirm separates the steps of this scenario into individual functions so that // they are simpler to read and understand. type AutoConfirm struct { helper IScenarioHelper questioner demotools.IQuestioner resources Resources cognitoActor *actions.CognitoActions } // NewAutoConfirm constructs a new auto confirm runner. func NewAutoConfirm(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) AutoConfirm { scenario := AutoConfirm{ helper: helper, questioner: questioner, resources: Resources{}, cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)}, } scenario.resources.init(scenario.cognitoActor, questioner) return scenario } // AddPreSignUpTrigger adds a Lambda handler as an invocation target for the PreSignUp trigger. func (runner *AutoConfirm) AddPreSignUpTrigger(ctx context.Context, userPoolId string, functionArn string) { log.Printf("Let's add a Lambda function to handle the PreSignUp trigger from Cognito.\n" + "This trigger happens when a user signs up, and lets your function take action before the main Cognito\n" + "sign up processing occurs.\n") err := runner.cognitoActor.UpdateTriggers( ctx, userPoolId, actions.TriggerInfo{Trigger: actions.PreSignUp, HandlerArn: aws.String(functionArn)}) if err != nil { panic(err) } log.Printf("Lambda function %v added to user pool %v to handle the PreSignUp trigger.\n", functionArn, userPoolId) } // SignUpUser signs up a user from the known user table with a password you specify. func (runner *AutoConfirm) SignUpUser(ctx context.Context, clientId string, usersTable string) (string, string) { log.Println("Let's sign up a user to your Cognito user pool. When the user's email matches an email in the\n" + "DynamoDB known users table, it is automatically verified and the user is confirmed.") knownUsers, err := runner.helper.GetKnownUsers(ctx, usersTable) if err != nil { panic(err) } userChoice := runner.questioner.AskChoice("Which user do you want to use?\n", knownUsers.UserNameList()) user := knownUsers.Users[userChoice] var signedUp bool var userConfirmed bool password := runner.questioner.AskPassword("Enter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+ "(the password will not display as you type):", 8) for !signedUp { log.Printf("Signing up user '%v' with email '%v' to Cognito.\n", user.UserName, user.UserEmail) userConfirmed, err = runner.cognitoActor.SignUp(ctx, clientId, user.UserName, password, user.UserEmail) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { password = runner.questioner.AskPassword("Enter another password:", 8) } else { panic(err) } } else { signedUp = true } } log.Printf("User %v signed up, confirmed = %v.\n", user.UserName, userConfirmed) log.Println(strings.Repeat("-", 88)) return user.UserName, password } // SignInUser signs in a user. func (runner *AutoConfirm) SignInUser(ctx context.Context, clientId string, userName string, password string) string { runner.questioner.Ask("Press Enter when you're ready to continue.") log.Printf("Let's sign in as %v...\n", userName) authResult, err := runner.cognitoActor.SignIn(ctx, clientId, userName, password) if err != nil { panic(err) } log.Printf("Successfully signed in. Your access token starts with: %v...\n", (*authResult.AccessToken)[:10]) log.Println(strings.Repeat("-", 88)) return *authResult.AccessToken } // Run runs the scenario. func (runner *AutoConfirm) Run(ctx context.Context, stackName string) { defer func() { if r := recover(); r != nil { log.Println("Something went wrong with the demo.") runner.resources.Cleanup(ctx) } }() log.Println(strings.Repeat("-", 88)) log.Printf("Welcome\n") log.Println(strings.Repeat("-", 88)) stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName) if err != nil { panic(err) } runner.resources.userPoolId = stackOutputs["UserPoolId"] runner.helper.PopulateUserTable(ctx, stackOutputs["TableName"]) runner.AddPreSignUpTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["AutoConfirmFunctionArn"]) runner.resources.triggers = append(runner.resources.triggers, actions.PreSignUp) userName, password := runner.SignUpUser(ctx, stackOutputs["UserPoolClientId"], stackOutputs["TableName"]) runner.helper.ListRecentLogEvents(ctx, stackOutputs["AutoConfirmFunction"]) runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, runner.SignInUser(ctx, stackOutputs["UserPoolClientId"], userName, password)) runner.resources.Cleanup(ctx) log.Println(strings.Repeat("-", 88)) log.Println("Thanks for watching!") log.Println(strings.Repeat("-", 88)) } ``` Gestisci il trigger `PreSignUp` con una funzione Lambda. ``` import ( "context" "log" "os" "github.com/aws/aws-lambda-go/events" "github.com/aws/aws-lambda-go/lambda" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" "github.com/aws/aws-sdk-go-v2/service/dynamodb" dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" ) const TABLE_NAME = "TABLE_NAME" // UserInfo defines structured user data that can be marshalled to a DynamoDB format. type UserInfo struct { UserName string `dynamodbav:"UserName"` UserEmail string `dynamodbav:"UserEmail"` } // GetKey marshals the user email value to a DynamoDB key format. func (user UserInfo) GetKey() map[string]dynamodbtypes.AttributeValue { userEmail, err := attributevalue.Marshal(user.UserEmail) if err != nil { panic(err) } return map[string]dynamodbtypes.AttributeValue{"UserEmail": userEmail} } type handler struct { dynamoClient *dynamodb.Client } // HandleRequest handles the PreSignUp event by looking up a user in an Amazon DynamoDB table and // specifying whether they should be confirmed and verified. func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsPreSignup) (events.CognitoEventUserPoolsPreSignup, error) { log.Printf("Received presignup from %v for user '%v'", event.TriggerSource, event.UserName) if event.TriggerSource != "PreSignUp_SignUp" { // Other trigger sources, such as PreSignUp_AdminInitiateAuth, ignore the response from this handler. return event, nil } tableName := os.Getenv(TABLE_NAME) user := UserInfo{ UserEmail: event.Request.UserAttributes["email"], } log.Printf("Looking up email %v in table %v.\n", user.UserEmail, tableName) output, err := h.dynamoClient.GetItem(ctx, &dynamodb.GetItemInput{ Key: user.GetKey(), TableName: aws.String(tableName), }) if err != nil { log.Printf("Error looking up email %v.\n", user.UserEmail) return event, err } if output.Item == nil { log.Printf("Email %v not found. Email verification is required.\n", user.UserEmail) return event, err } err = attributevalue.UnmarshalMap(output.Item, &user) if err != nil { log.Printf("Couldn't unmarshal DynamoDB item. Here's why: %v\n", err) return event, err } if user.UserName != event.UserName { log.Printf("UserEmail %v found, but stored UserName '%v' does not match supplied UserName '%v'. Verification is required.\n", user.UserEmail, user.UserName, event.UserName) } else { log.Printf("UserEmail %v found with matching UserName %v. User is confirmed.\n", user.UserEmail, user.UserName) event.Response.AutoConfirmUser = true event.Response.AutoVerifyEmail = true } return event, err } func main() { ctx := context.Background() sdkConfig, err := config.LoadDefaultConfig(ctx) if err != nil { log.Panicln(err) } h := handler{ dynamoClient: dynamodb.NewFromConfig(sdkConfig), } lambda.Start(h.HandleRequest) } ``` Crea una struttura che esegue operazioni comuni. ``` import ( "context" "log" "strings" "time" "user_pools_and_lambda_triggers/actions" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudformation" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs" "github.com/aws/aws-sdk-go-v2/service/dynamodb" "github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools" ) // IScenarioHelper defines common functions used by the workflows in this example. type IScenarioHelper interface { Pause(secs int) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) PopulateUserTable(ctx context.Context, tableName string) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) AddKnownUser(ctx context.Context, tableName string, user actions.User) ListRecentLogEvents(ctx context.Context, functionName string) } // ScenarioHelper contains AWS wrapper structs used by the workflows in this example. type ScenarioHelper struct { questioner demotools.IQuestioner dynamoActor *actions.DynamoActions cfnActor *actions.CloudFormationActions cwlActor *actions.CloudWatchLogsActions isTestRun bool } // NewScenarioHelper constructs a new scenario helper. func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper { scenario := ScenarioHelper{ questioner: questioner, dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)}, cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)}, cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)}, } return scenario } // Pause waits for the specified number of seconds. func (helper ScenarioHelper) Pause(secs int) { if !helper.isTestRun { time.Sleep(time.Duration(secs) * time.Second) } } // GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format. func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) { return helper.cfnActor.GetOutputs(ctx, stackName), nil } // PopulateUserTable fills the known user table with example data. func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) { log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName) err := helper.dynamoActor.PopulateTable(ctx, tableName) if err != nil { panic(err) } } // GetKnownUsers gets the users from the known users table in a structured format. func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) { knownUsers, err := helper.dynamoActor.Scan(ctx, tableName) if err != nil { log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err) } return knownUsers, err } // AddKnownUser adds a user to the known users table. func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) { log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n", user.UserName, user.UserEmail) err := helper.dynamoActor.AddUser(ctx, tableName, user) if err != nil { panic(err) } } // ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them. func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) { log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...") helper.Pause(10) log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.") logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName) if err != nil { panic(err) } log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName) events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10) if err != nil { panic(err) } for _, event := range events { log.Printf("\t%v", *event.Message) } log.Println(strings.Repeat("-", 88)) } ``` Crea una struttura che racchiude le azioni di Amazon Cognito. ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger. type Trigger int const ( PreSignUp Trigger = iota UserMigration PostAuthentication ) type TriggerInfo struct { Trigger Trigger HandlerArn *string } // UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value, // it is removed from the user pool. func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error { output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{ UserPoolId: aws.String(userPoolId), }) if err != nil { log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err) return err } lambdaConfig := output.UserPool.LambdaConfig for _, trigger := range triggers { switch trigger.Trigger { case PreSignUp: lambdaConfig.PreSignUp = trigger.HandlerArn case UserMigration: lambdaConfig.UserMigration = trigger.HandlerArn case PostAuthentication: lambdaConfig.PostAuthentication = trigger.HandlerArn } } _, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{ UserPoolId: aws.String(userPoolId), LambdaConfig: lambdaConfig, }) if err != nil { log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err) } return err } // SignUp signs up a user with Amazon Cognito. func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) { confirmed := false output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{ ClientId: aws.String(clientId), Password: aws.String(password), Username: aws.String(userName), UserAttributes: []types.AttributeType{ {Name: aws.String("email"), Value: aws.String(userEmail)}, }, }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err) } } else { confirmed = output.UserConfirmed } return confirmed, err } // SignIn signs in a user to Amazon Cognito using a username and password authentication flow. func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) { var authResult *types.AuthenticationResultType output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{ AuthFlow: "USER_PASSWORD_AUTH", ClientId: aws.String(clientId), AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password}, }) if err != nil { var resetRequired *types.PasswordResetRequiredException if errors.As(err, &resetRequired) { log.Println(*resetRequired.Message) } else { log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err) } } else { authResult = output.AuthenticationResult } return authResult, err } // ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code // to the user's configured notification destination, such as email. func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) { output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{ ClientId: aws.String(clientId), Username: aws.String(userName), }) if err != nil { log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err) } return output.CodeDeliveryDetails, err } // ConfirmForgotPassword confirms a user with a confirmation code and a new password. func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error { _, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{ ClientId: aws.String(clientId), ConfirmationCode: aws.String(code), Password: aws.String(password), Username: aws.String(userName), }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err) } } return err } // DeleteUser removes a user from the user pool. func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error { _, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{ AccessToken: aws.String(userAccessToken), }) if err != nil { log.Printf("Couldn't delete user. Here's why: %v\n", err) } return err } // AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user // in a state that requires they enter a new password next time they sign in. func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error { _, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{ UserPoolId: aws.String(userPoolId), Username: aws.String(userName), MessageAction: types.MessageActionTypeSuppress, UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}}, }) if err != nil { var userExists *types.UsernameExistsException if errors.As(err, &userExists) { log.Printf("User %v already exists in the user pool.", userName) err = nil } else { log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err) } } return err } // AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a // temporary password. func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error { _, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{ Password: aws.String(password), UserPoolId: aws.String(userPoolId), Username: aws.String(userName), Permanent: true, }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err) } } return err } ``` Crea una struttura che racchiude le azioni di DynamoDB. ``` import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" "github.com/aws/aws-sdk-go-v2/service/dynamodb" "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" ) // DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions // used in the examples. type DynamoActions struct { DynamoClient *dynamodb.Client } // User defines structured user data. type User struct { UserName string UserEmail string LastLogin *LoginInfo `dynamodbav:",omitempty"` } // LoginInfo defines structured custom login data. type LoginInfo struct { UserPoolId string ClientId string Time string } // UserList defines a list of users. type UserList struct { Users []User } // UserNameList returns the usernames contained in a UserList as a list of strings. func (users *UserList) UserNameList() []string { names := make([]string, len(users.Users)) for i := 0; i < len(users.Users); i++ { names[i] = users.Users[i].UserName } return names } // PopulateTable adds a set of test users to the table. func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error { var err error var item map[string]types.AttributeValue var writeReqs []types.WriteRequest for i := 1; i < 4; i++ { item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)}) if err != nil { log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err) return err } writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}}) } _, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{ RequestItems: map[string][]types.WriteRequest{tableName: writeReqs}, }) if err != nil { log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err) } return err } // Scan scans the table for all items. func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) { var userList UserList output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{ TableName: aws.String(tableName), }) if err != nil { log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err) } else { err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users) if err != nil { log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err) } } return userList, err } // AddUser adds a user item to a table. func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error { userItem, err := attributevalue.MarshalMap(user) if err != nil { log.Printf("Couldn't marshall user to item. Here's why: %v\n", err) } _, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{ Item: userItem, TableName: aws.String(tableName), }) if err != nil { log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err) } return err } ``` Crea una struttura che racchiuda le azioni di CloudWatch Logs. ``` import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types" ) type CloudWatchLogsActions struct { CwlClient *cloudwatchlogs.Client } // GetLatestLogStream gets the most recent log stream for a Lambda function. func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) { var logStream types.LogStream logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName) output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{ Descending: aws.Bool(true), Limit: aws.Int32(1), LogGroupName: aws.String(logGroupName), OrderBy: types.OrderByLastEventTime, }) if err != nil { log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err) } else { logStream = output.LogStreams[0] } return logStream, err } // GetLogEvents gets the most recent eventCount events from the specified log stream. func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) ( []types.OutputLogEvent, error) { var events []types.OutputLogEvent logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName) output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{ LogStreamName: aws.String(logStreamName), Limit: aws.Int32(eventCount), LogGroupName: aws.String(logGroupName), }) if err != nil { log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err) } else { events = output.Events } return events, err } ``` Crea una struttura che racchiuda le azioni. CloudFormation ``` import ( "context" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudformation" ) // StackOutputs defines a map of outputs from a specific stack. type StackOutputs map[string]string type CloudFormationActions struct { CfnClient *cloudformation.Client } // GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format. func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs { output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{ StackName: aws.String(stackName), }) if err != nil || len(output.Stacks) == 0 { log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err) } stackOutputs := StackOutputs{} for _, out := range output.Stacks[0].Outputs { stackOutputs[*out.OutputKey] = *out.OutputValue } return stackOutputs } ``` Eliminare le risorse. ``` import ( "context" "log" "user_pools_and_lambda_triggers/actions" "github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools" ) // Resources keeps track of AWS resources created during an example and handles // cleanup when the example finishes. type Resources struct { userPoolId string userAccessTokens []string triggers []actions.Trigger cognitoActor *actions.CognitoActions questioner demotools.IQuestioner } func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) { resources.userAccessTokens = []string{} resources.triggers = []actions.Trigger{} resources.cognitoActor = cognitoActor resources.questioner = questioner } // Cleanup deletes all AWS resources created during an example. func (resources *Resources) Cleanup(ctx context.Context) { defer func() { if r := recover(); r != nil { log.Printf("Something went wrong during cleanup.\n%v\n", r) log.Println("Use the AWS Management Console to remove any remaining resources \n" + "that were created for this scenario.") } }() wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+ "during this demo (y/n)?", "y") if wantDelete { for _, accessToken := range resources.userAccessTokens { err := resources.cognitoActor.DeleteUser(ctx, accessToken) if err != nil { log.Println("Couldn't delete user during cleanup.") panic(err) } log.Println("Deleted user.") } triggerList := make([]actions.TriggerInfo, len(resources.triggers)) for i := 0; i < len(resources.triggers); i++ { triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil} } err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...) if err != nil { log.Println("Couldn't update Cognito triggers during cleanup.") panic(err) } log.Println("Removed Cognito triggers from user pool.") } else { log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!") } } ``` + Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Go *. + [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser) + [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth) + [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp) + [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool) ------ #### [ JavaScript ] **SDK per (v3 JavaScript )** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples). Configura un’esecuzione interattiva dello "Scenario". Gli esempi JavaScript (v3) condividono uno Scenario runner per semplificare esempi complessi. Il codice sorgente completo è attivo. GitHub ``` import { AutoConfirm } from "./scenario-auto-confirm.js"; /** * The context is passed to every scenario. Scenario steps * will modify the context. */ const context = { errors: [], users: [ { UserName: "test_user_1", UserEmail: "test_email_1@example.com", }, { UserName: "test_user_2", UserEmail: "test_email_2@example.com", }, { UserName: "test_user_3", UserEmail: "test_email_3@example.com", }, ], }; /** * Three Scenarios are created for the workflow. A Scenario is an orchestration class * that simplifies running a series of steps. */ export const scenarios = { // Demonstrate automatically confirming known users in a database. "auto-confirm": AutoConfirm(context), }; // Call function if run directly import { fileURLToPath } from "node:url"; import { parseScenarioArgs } from "@aws-doc-sdk-examples/lib/scenario/index.js"; if (process.argv[1] === fileURLToPath(import.meta.url)) { parseScenarioArgs(scenarios, { name: "Cognito user pools and triggers", description: "Demonstrate how to use the AWS SDKs to customize Amazon Cognito authentication behavior.", }); } ``` Questo scenario dimostra la conferma automatica di un utente noto. Orchestra i passaggi di esempio. ``` import { wait } from "@aws-doc-sdk-examples/lib/utils/util-timers.js"; import { Scenario, ScenarioAction, ScenarioInput, ScenarioOutput, } from "@aws-doc-sdk-examples/lib/scenario/scenario.js"; import { getStackOutputs, logCleanUpReminder, promptForStackName, promptForStackRegion, skipWhenErrors, } from "./steps-common.js"; import { populateTable } from "./actions/dynamodb-actions.js"; import { addPreSignUpHandler, deleteUser, getUser, signIn, signUpUser, } from "./actions/cognito-actions.js"; import { getLatestLogStreamForLambda, getLogEvents, } from "./actions/cloudwatch-logs-actions.js"; /** * @typedef {{ * errors: Error[], * password: string, * users: { UserName: string, UserEmail: string }[], * selectedUser?: string, * stackName?: string, * stackRegion?: string, * token?: string, * confirmDeleteSignedInUser?: boolean, * TableName?: string, * UserPoolClientId?: string, * UserPoolId?: string, * UserPoolArn?: string, * AutoConfirmHandlerArn?: string, * AutoConfirmHandlerName?: string * }} State */ const greeting = new ScenarioOutput( "greeting", (/** @type {State} */ state) => `This demo will populate some users into the \ database created as part of the "${state.stackName}" stack. \ Then the AutoConfirmHandler will be linked to the PreSignUp \ trigger from Cognito. Finally, you will choose a user to sign up.`, { skipWhen: skipWhenErrors }, ); const logPopulatingUsers = new ScenarioOutput( "logPopulatingUsers", "Populating the DynamoDB table with some users.", { skipWhenErrors: skipWhenErrors }, ); const logPopulatingUsersComplete = new ScenarioOutput( "logPopulatingUsersComplete", "Done populating users.", { skipWhen: skipWhenErrors }, ); const populateUsers = new ScenarioAction( "populateUsers", async (/** @type {State} */ state) => { const [_, err] = await populateTable({ region: state.stackRegion, tableName: state.TableName, items: state.users, }); if (err) { state.errors.push(err); } }, { skipWhen: skipWhenErrors, }, ); const logSetupSignUpTrigger = new ScenarioOutput( "logSetupSignUpTrigger", "Setting up the PreSignUp trigger for the Cognito User Pool.", { skipWhen: skipWhenErrors }, ); const setupSignUpTrigger = new ScenarioAction( "setupSignUpTrigger", async (/** @type {State} */ state) => { const [_, err] = await addPreSignUpHandler({ region: state.stackRegion, userPoolId: state.UserPoolId, handlerArn: state.AutoConfirmHandlerArn, }); if (err) { state.errors.push(err); } }, { skipWhen: skipWhenErrors, }, ); const logSetupSignUpTriggerComplete = new ScenarioOutput( "logSetupSignUpTriggerComplete", ( /** @type {State} */ state, ) => `The lambda function "${state.AutoConfirmHandlerName}" \ has been configured as the PreSignUp trigger handler for the user pool "${state.UserPoolId}".`, { skipWhen: skipWhenErrors }, ); const selectUser = new ScenarioInput( "selectedUser", "Select a user to sign up.", { type: "select", choices: (/** @type {State} */ state) => state.users.map((u) => u.UserName), skipWhen: skipWhenErrors, default: (/** @type {State} */ state) => state.users[0].UserName, }, ); const checkIfUserAlreadyExists = new ScenarioAction( "checkIfUserAlreadyExists", async (/** @type {State} */ state) => { const [user, err] = await getUser({ region: state.stackRegion, userPoolId: state.UserPoolId, username: state.selectedUser, }); if (err?.name === "UserNotFoundException") { // Do nothing. We're not expecting the user to exist before // sign up is complete. return; } if (err) { state.errors.push(err); return; } if (user) { state.errors.push( new Error( `The user "${state.selectedUser}" already exists in the user pool "${state.UserPoolId}".`, ), ); } }, { skipWhen: skipWhenErrors, }, ); const createPassword = new ScenarioInput( "password", "Enter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.", { type: "password", skipWhen: skipWhenErrors, default: "Abcd1234!" }, ); const logSignUpExistingUser = new ScenarioOutput( "logSignUpExistingUser", (/** @type {State} */ state) => `Signing up user "${state.selectedUser}".`, { skipWhen: skipWhenErrors }, ); const signUpExistingUser = new ScenarioAction( "signUpExistingUser", async (/** @type {State} */ state) => { const signUp = (password) => signUpUser({ region: state.stackRegion, userPoolClientId: state.UserPoolClientId, username: state.selectedUser, email: state.users.find((u) => u.UserName === state.selectedUser) .UserEmail, password, }); let [_, err] = await signUp(state.password); while (err?.name === "InvalidPasswordException") { console.warn("The password you entered was invalid."); await createPassword.handle(state); [_, err] = await signUp(state.password); } if (err) { state.errors.push(err); } }, { skipWhen: skipWhenErrors }, ); const logSignUpExistingUserComplete = new ScenarioOutput( "logSignUpExistingUserComplete", (/** @type {State} */ state) => `"${state.selectedUser} was signed up successfully.`, { skipWhen: skipWhenErrors }, ); const logLambdaLogs = new ScenarioAction( "logLambdaLogs", async (/** @type {State} */ state) => { console.log( "Waiting a few seconds to let Lambda write to CloudWatch Logs...\n", ); await wait(10); const [logStream, logStreamErr] = await getLatestLogStreamForLambda({ functionName: state.AutoConfirmHandlerName, region: state.stackRegion, }); if (logStreamErr) { state.errors.push(logStreamErr); return; } console.log( `Getting some recent events from log stream "${logStream.logStreamName}"`, ); const [logEvents, logEventsErr] = await getLogEvents({ functionName: state.AutoConfirmHandlerName, region: state.stackRegion, eventCount: 10, logStreamName: logStream.logStreamName, }); if (logEventsErr) { state.errors.push(logEventsErr); return; } console.log(logEvents.map((ev) => `\t${ev.message}`).join("")); }, { skipWhen: skipWhenErrors }, ); const logSignInUser = new ScenarioOutput( "logSignInUser", (/** @type {State} */ state) => `Let's sign in as ${state.selectedUser}`, { skipWhen: skipWhenErrors }, ); const signInUser = new ScenarioAction( "signInUser", async (/** @type {State} */ state) => { const [response, err] = await signIn({ region: state.stackRegion, clientId: state.UserPoolClientId, username: state.selectedUser, password: state.password, }); if (err?.name === "PasswordResetRequiredException") { state.errors.push(new Error("Please reset your password.")); return; } if (err) { state.errors.push(err); return; } state.token = response?.AuthenticationResult?.AccessToken; }, { skipWhen: skipWhenErrors }, ); const logSignInUserComplete = new ScenarioOutput( "logSignInUserComplete", (/** @type {State} */ state) => `Successfully signed in. Your access token starts with: ${state.token.slice(0, 11)}`, { skipWhen: skipWhenErrors }, ); const confirmDeleteSignedInUser = new ScenarioInput( "confirmDeleteSignedInUser", "Do you want to delete the currently signed in user?", { type: "confirm", skipWhen: skipWhenErrors }, ); const deleteSignedInUser = new ScenarioAction( "deleteSignedInUser", async (/** @type {State} */ state) => { const [_, err] = await deleteUser({ region: state.stackRegion, accessToken: state.token, }); if (err) { state.errors.push(err); } }, { skipWhen: (/** @type {State} */ state) => skipWhenErrors(state) || !state.confirmDeleteSignedInUser, }, ); const logErrors = new ScenarioOutput( "logErrors", (/** @type {State}*/ state) => { const errorList = state.errors .map((err) => ` - ${err.name}: ${err.message}`) .join("\n"); return `Scenario errors found:\n${errorList}`; }, { // Don't log errors when there aren't any! skipWhen: (/** @type {State} */ state) => state.errors.length === 0, }, ); export const AutoConfirm = (context) => new Scenario( "AutoConfirm", [ promptForStackName, promptForStackRegion, getStackOutputs, greeting, logPopulatingUsers, populateUsers, logPopulatingUsersComplete, logSetupSignUpTrigger, setupSignUpTrigger, logSetupSignUpTriggerComplete, selectUser, checkIfUserAlreadyExists, createPassword, logSignUpExistingUser, signUpExistingUser, logSignUpExistingUserComplete, logLambdaLogs, logSignInUser, signInUser, logSignInUserComplete, confirmDeleteSignedInUser, deleteSignedInUser, logCleanUpReminder, logErrors, ], context, ); ``` Questi sono passaggi condivisi con altri scenari. ``` import { ScenarioAction, ScenarioInput, ScenarioOutput, } from "@aws-doc-sdk-examples/lib/scenario/scenario.js"; import { getCfnOutputs } from "@aws-doc-sdk-examples/lib/sdk/cfn-outputs.js"; export const skipWhenErrors = (state) => state.errors.length > 0; export const getStackOutputs = new ScenarioAction( "getStackOutputs", async (state) => { if (!state.stackName || !state.stackRegion) { state.errors.push( new Error( "No stack name or region provided. The stack name and \ region are required to fetch CFN outputs relevant to this example.", ), ); return; } const outputs = await getCfnOutputs(state.stackName, state.stackRegion); Object.assign(state, outputs); }, ); export const promptForStackName = new ScenarioInput( "stackName", "Enter the name of the stack you deployed earlier.", { type: "input", default: "PoolsAndTriggersStack" }, ); export const promptForStackRegion = new ScenarioInput( "stackRegion", "Enter the region of the stack you deployed earlier.", { type: "input", default: "us-east-1" }, ); export const logCleanUpReminder = new ScenarioOutput( "logCleanUpReminder", "All done. Remember to run 'cdk destroy' to teardown the stack.", { skipWhen: skipWhenErrors }, ); ``` Un handler per il trigger `PreSignUp` con una funzione Lambda. ``` import type { PreSignUpTriggerEvent, Handler } from "aws-lambda"; import type { UserRepository } from "./user-repository"; import { DynamoDBUserRepository } from "./user-repository"; export class PreSignUpHandler { private userRepository: UserRepository; constructor(userRepository: UserRepository) { this.userRepository = userRepository; } private isPreSignUpTriggerSource(event: PreSignUpTriggerEvent): boolean { return event.triggerSource === "PreSignUp_SignUp"; } private getEventUserEmail(event: PreSignUpTriggerEvent): string { return event.request.userAttributes.email; } async handlePreSignUpTriggerEvent( event: PreSignUpTriggerEvent, ): Promise { console.log( `Received presignup from ${event.triggerSource} for user '${event.userName}'`, ); if (!this.isPreSignUpTriggerSource(event)) { return event; } const eventEmail = this.getEventUserEmail(event); console.log(`Looking up email ${eventEmail}.`); const storedUserInfo = await this.userRepository.getUserInfoByEmail(eventEmail); if (!storedUserInfo) { console.log( `Email ${eventEmail} not found. Email verification is required.`, ); return event; } if (storedUserInfo.UserName !== event.userName) { console.log( `UserEmail ${eventEmail} found, but stored UserName '${storedUserInfo.UserName}' does not match supplied UserName '${event.userName}'. Verification is required.`, ); } else { console.log( `UserEmail ${eventEmail} found with matching UserName ${storedUserInfo.UserName}. User is confirmed.`, ); event.response.autoConfirmUser = true; event.response.autoVerifyEmail = true; } return event; } } const createPreSignUpHandler = (): PreSignUpHandler => { const tableName = process.env.TABLE_NAME; if (!tableName) { throw new Error("TABLE_NAME environment variable is not set"); } const userRepository = new DynamoDBUserRepository(tableName); return new PreSignUpHandler(userRepository); }; export const handler: Handler = async (event: PreSignUpTriggerEvent) => { const preSignUpHandler = createPreSignUpHandler(); return preSignUpHandler.handlePreSignUpTriggerEvent(event); }; ``` Modulo di azioni CloudWatch Logs. ``` import { CloudWatchLogsClient, GetLogEventsCommand, OrderBy, paginateDescribeLogStreams, } from "@aws-sdk/client-cloudwatch-logs"; /** * Get the latest log stream for a Lambda function. * @param {{ functionName: string, region: string }} config * @returns {Promise<[import("@aws-sdk/client-cloudwatch-logs").LogStream | null, unknown]>} */ export const getLatestLogStreamForLambda = async ({ functionName, region }) => { try { const logGroupName = `/aws/lambda/${functionName}`; const cwlClient = new CloudWatchLogsClient({ region }); const paginator = paginateDescribeLogStreams( { client: cwlClient }, { descending: true, limit: 1, orderBy: OrderBy.LastEventTime, logGroupName, }, ); for await (const page of paginator) { return [page.logStreams[0], null]; } } catch (err) { return [null, err]; } }; /** * Get the log events for a Lambda function's log stream. * @param {{ * functionName: string, * logStreamName: string, * eventCount: number, * region: string * }} config * @returns {Promise<[import("@aws-sdk/client-cloudwatch-logs").OutputLogEvent[] | null, unknown]>} */ export const getLogEvents = async ({ functionName, logStreamName, eventCount, region, }) => { try { const cwlClient = new CloudWatchLogsClient({ region }); const logGroupName = `/aws/lambda/${functionName}`; const response = await cwlClient.send( new GetLogEventsCommand({ logStreamName: logStreamName, limit: eventCount, logGroupName: logGroupName, }), ); return [response.events, null]; } catch (err) { return [null, err]; } }; ``` Modulo di azioni Amazon Cognito. ``` import { AdminGetUserCommand, CognitoIdentityProviderClient, DeleteUserCommand, InitiateAuthCommand, SignUpCommand, UpdateUserPoolCommand, } from "@aws-sdk/client-cognito-identity-provider"; /** * Connect a Lambda function to the PreSignUp trigger for a Cognito user pool * @param {{ region: string, userPoolId: string, handlerArn: string }} config * @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").UpdateUserPoolCommandOutput | null, unknown]>} */ export const addPreSignUpHandler = async ({ region, userPoolId, handlerArn, }) => { try { const cognitoClient = new CognitoIdentityProviderClient({ region, }); const command = new UpdateUserPoolCommand({ UserPoolId: userPoolId, LambdaConfig: { PreSignUp: handlerArn, }, }); const response = await cognitoClient.send(command); return [response, null]; } catch (err) { return [null, err]; } }; /** * Attempt to register a user to a user pool with a given username and password. * @param {{ * region: string, * userPoolClientId: string, * username: string, * email: string, * password: string * }} config * @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").SignUpCommandOutput | null, unknown]>} */ export const signUpUser = async ({ region, userPoolClientId, username, email, password, }) => { try { const cognitoClient = new CognitoIdentityProviderClient({ region, }); const response = await cognitoClient.send( new SignUpCommand({ ClientId: userPoolClientId, Username: username, Password: password, UserAttributes: [{ Name: "email", Value: email }], }), ); return [response, null]; } catch (err) { return [null, err]; } }; /** * Sign in a user to Amazon Cognito using a username and password authentication flow. * @param {{ region: string, clientId: string, username: string, password: string }} config * @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").InitiateAuthCommandOutput | null, unknown]>} */ export const signIn = async ({ region, clientId, username, password }) => { try { const cognitoClient = new CognitoIdentityProviderClient({ region }); const response = await cognitoClient.send( new InitiateAuthCommand({ AuthFlow: "USER_PASSWORD_AUTH", ClientId: clientId, AuthParameters: { USERNAME: username, PASSWORD: password }, }), ); return [response, null]; } catch (err) { return [null, err]; } }; /** * Retrieve an existing user from a user pool. * @param {{ region: string, userPoolId: string, username: string }} config * @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").AdminGetUserCommandOutput | null, unknown]>} */ export const getUser = async ({ region, userPoolId, username }) => { try { const cognitoClient = new CognitoIdentityProviderClient({ region }); const response = await cognitoClient.send( new AdminGetUserCommand({ UserPoolId: userPoolId, Username: username, }), ); return [response, null]; } catch (err) { return [null, err]; } }; /** * Delete the signed-in user. Useful for allowing a user to delete their * own profile. * @param {{ region: string, accessToken: string }} config * @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>} */ export const deleteUser = async ({ region, accessToken }) => { try { const client = new CognitoIdentityProviderClient({ region }); const response = await client.send( new DeleteUserCommand({ AccessToken: accessToken }), ); return [response, null]; } catch (err) { return [null, err]; } }; ``` Modulo di azioni DynamoDB. ``` import { DynamoDBClient } from "@aws-sdk/client-dynamodb"; import { BatchWriteCommand, DynamoDBDocumentClient, } from "@aws-sdk/lib-dynamodb"; /** * Populate a DynamoDB table with provide items. * @param {{ region: string, tableName: string, items: Record[] }} config * @returns {Promise<[import("@aws-sdk/lib-dynamodb").BatchWriteCommandOutput | null, unknown]>} */ export const populateTable = async ({ region, tableName, items }) => { try { const ddbClient = new DynamoDBClient({ region }); const docClient = DynamoDBDocumentClient.from(ddbClient); const response = await docClient.send( new BatchWriteCommand({ RequestItems: { [tableName]: items.map((item) => ({ PutRequest: { Item: item, }, })), }, }), ); return [response, null]; } catch (err) { return [null, err]; } }; ``` + Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per JavaScript *. + [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand) + [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand) + [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand) + [UpdateUserPool](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/UpdateUserPoolCommand) ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Esegui automaticamente la migrazione di utenti Amazon Cognito noti con una funzione Lambda utilizzando un SDK AWS L’esempio di codice seguente mostra come migrare automaticamente gli utenti noti di Amazon Cognito con una funzione Lambda. + Configura un pool di utenti per chiamare una funzione Lambda per il trigger `MigrateUser`. + Accedi ad Amazon Cognito con un nome utente e un indirizzo e-mail non incluso nel pool di utenti. + La funzione Lambda esegue la scansione di una tabella DynamoDB e migra automaticamente gli utenti noti al pool di utenti. + Esegui il flusso della password dimenticata per reimpostare la password per l’utente migrato. + Accedi come nuovo utente, quindi elimina le risorse. ------ #### [ Go ] **SDK per Go V2** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples). Esegui uno scenario interattivo al prompt dei comandi. ``` import ( "context" "errors" "fmt" "log" "strings" "user_pools_and_lambda_triggers/actions" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" "github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools" ) // MigrateUser separates the steps of this scenario into individual functions so that // they are simpler to read and understand. type MigrateUser struct { helper IScenarioHelper questioner demotools.IQuestioner resources Resources cognitoActor *actions.CognitoActions } // NewMigrateUser constructs a new migrate user runner. func NewMigrateUser(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) MigrateUser { scenario := MigrateUser{ helper: helper, questioner: questioner, resources: Resources{}, cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)}, } scenario.resources.init(scenario.cognitoActor, questioner) return scenario } // AddMigrateUserTrigger adds a Lambda handler as an invocation target for the MigrateUser trigger. func (runner *MigrateUser) AddMigrateUserTrigger(ctx context.Context, userPoolId string, functionArn string) { log.Printf("Let's add a Lambda function to handle the MigrateUser trigger from Cognito.\n" + "This trigger happens when an unknown user signs in, and lets your function take action before Cognito\n" + "rejects the user.\n\n") err := runner.cognitoActor.UpdateTriggers( ctx, userPoolId, actions.TriggerInfo{Trigger: actions.UserMigration, HandlerArn: aws.String(functionArn)}) if err != nil { panic(err) } log.Printf("Lambda function %v added to user pool %v to handle the MigrateUser trigger.\n", functionArn, userPoolId) log.Println(strings.Repeat("-", 88)) } // SignInUser adds a new user to the known users table and signs that user in to Amazon Cognito. func (runner *MigrateUser) SignInUser(ctx context.Context, usersTable string, clientId string) (bool, actions.User) { log.Println("Let's sign in a user to your Cognito user pool. When the username and email matches an entry in the\n" + "DynamoDB known users table, the email is automatically verified and the user is migrated to the Cognito user pool.") user := actions.User{} user.UserName = runner.questioner.Ask("\nEnter a username:") user.UserEmail = runner.questioner.Ask("\nEnter an email that you own. This email will be used to confirm user migration\n" + "during this example:") runner.helper.AddKnownUser(ctx, usersTable, user) var err error var resetRequired *types.PasswordResetRequiredException var authResult *types.AuthenticationResultType signedIn := false for !signedIn && resetRequired == nil { log.Printf("Signing in to Cognito as user '%v'. The expected result is a PasswordResetRequiredException.\n\n", user.UserName) authResult, err = runner.cognitoActor.SignIn(ctx, clientId, user.UserName, "_") if err != nil { if errors.As(err, &resetRequired) { log.Printf("\nUser '%v' is not in the Cognito user pool but was found in the DynamoDB known users table.\n"+ "User migration is started and a password reset is required.", user.UserName) } else { panic(err) } } else { log.Printf("User '%v' successfully signed in. This is unexpected and probably means you have not\n"+ "cleaned up a previous run of this scenario, so the user exist in the Cognito user pool.\n"+ "You can continue this example and select to clean up resources, or manually remove\n"+ "the user from your user pool and try again.", user.UserName) runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken) signedIn = true } } log.Println(strings.Repeat("-", 88)) return resetRequired != nil, user } // ResetPassword starts a password recovery flow. func (runner *MigrateUser) ResetPassword(ctx context.Context, clientId string, user actions.User) { wantCode := runner.questioner.AskBool(fmt.Sprintf("In order to migrate the user to Cognito, you must be able to receive a confirmation\n"+ "code by email at %v. Do you want to send a code (y/n)?", user.UserEmail), "y") if !wantCode { log.Println("To complete this example and successfully migrate a user to Cognito, you must enter an email\n" + "you own that can receive a confirmation code.") return } codeDelivery, err := runner.cognitoActor.ForgotPassword(ctx, clientId, user.UserName) if err != nil { panic(err) } log.Printf("\nA confirmation code has been sent to %v.", *codeDelivery.Destination) code := runner.questioner.Ask("Check your email and enter it here:") confirmed := false password := runner.questioner.AskPassword("\nEnter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+ "(the password will not display as you type):", 8) for !confirmed { log.Printf("\nConfirming password reset for user '%v'.\n", user.UserName) err = runner.cognitoActor.ConfirmForgotPassword(ctx, clientId, code, user.UserName, password) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { password = runner.questioner.AskPassword("\nEnter another password:", 8) } else { panic(err) } } else { confirmed = true } } log.Printf("User '%v' successfully confirmed and migrated.\n", user.UserName) log.Println("Signing in with your username and password...") authResult, err := runner.cognitoActor.SignIn(ctx, clientId, user.UserName, password) if err != nil { panic(err) } log.Printf("Successfully signed in. Your access token starts with: %v...\n", (*authResult.AccessToken)[:10]) runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken) log.Println(strings.Repeat("-", 88)) } // Run runs the scenario. func (runner *MigrateUser) Run(ctx context.Context, stackName string) { defer func() { if r := recover(); r != nil { log.Println("Something went wrong with the demo.") runner.resources.Cleanup(ctx) } }() log.Println(strings.Repeat("-", 88)) log.Printf("Welcome\n") log.Println(strings.Repeat("-", 88)) stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName) if err != nil { panic(err) } runner.resources.userPoolId = stackOutputs["UserPoolId"] runner.AddMigrateUserTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["MigrateUserFunctionArn"]) runner.resources.triggers = append(runner.resources.triggers, actions.UserMigration) resetNeeded, user := runner.SignInUser(ctx, stackOutputs["TableName"], stackOutputs["UserPoolClientId"]) if resetNeeded { runner.helper.ListRecentLogEvents(ctx, stackOutputs["MigrateUserFunction"]) runner.ResetPassword(ctx, stackOutputs["UserPoolClientId"], user) } runner.resources.Cleanup(ctx) log.Println(strings.Repeat("-", 88)) log.Println("Thanks for watching!") log.Println(strings.Repeat("-", 88)) } ``` Gestisci il trigger `MigrateUser` con una funzione Lambda. ``` import ( "context" "log" "os" "github.com/aws/aws-lambda-go/events" "github.com/aws/aws-lambda-go/lambda" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" "github.com/aws/aws-sdk-go-v2/feature/dynamodb/expression" "github.com/aws/aws-sdk-go-v2/service/dynamodb" ) const TABLE_NAME = "TABLE_NAME" // UserInfo defines structured user data that can be marshalled to a DynamoDB format. type UserInfo struct { UserName string `dynamodbav:"UserName"` UserEmail string `dynamodbav:"UserEmail"` } type handler struct { dynamoClient *dynamodb.Client } // HandleRequest handles the MigrateUser event by looking up a user in an Amazon DynamoDB table and // specifying whether they should be migrated to the user pool. func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsMigrateUser) (events.CognitoEventUserPoolsMigrateUser, error) { log.Printf("Received migrate trigger from %v for user '%v'", event.TriggerSource, event.UserName) if event.TriggerSource != "UserMigration_Authentication" { return event, nil } tableName := os.Getenv(TABLE_NAME) user := UserInfo{ UserName: event.UserName, } log.Printf("Looking up user '%v' in table %v.\n", user.UserName, tableName) filterEx := expression.Name("UserName").Equal(expression.Value(user.UserName)) expr, err := expression.NewBuilder().WithFilter(filterEx).Build() if err != nil { log.Printf("Error building expression to query for user '%v'.\n", user.UserName) return event, err } output, err := h.dynamoClient.Scan(ctx, &dynamodb.ScanInput{ TableName: aws.String(tableName), FilterExpression: expr.Filter(), ExpressionAttributeNames: expr.Names(), ExpressionAttributeValues: expr.Values(), }) if err != nil { log.Printf("Error looking up user '%v'.\n", user.UserName) return event, err } if len(output.Items) == 0 { log.Printf("User '%v' not found, not migrating user.\n", user.UserName) return event, err } var users []UserInfo err = attributevalue.UnmarshalListOfMaps(output.Items, &users) if err != nil { log.Printf("Couldn't unmarshal DynamoDB items. Here's why: %v\n", err) return event, err } user = users[0] log.Printf("UserName '%v' found with email %v. User is migrated and must reset password.\n", user.UserName, user.UserEmail) event.CognitoEventUserPoolsMigrateUserResponse.UserAttributes = map[string]string{ "email": user.UserEmail, "email_verified": "true", // email_verified is required for the forgot password flow. } event.CognitoEventUserPoolsMigrateUserResponse.FinalUserStatus = "RESET_REQUIRED" event.CognitoEventUserPoolsMigrateUserResponse.MessageAction = "SUPPRESS" return event, err } func main() { ctx := context.Background() sdkConfig, err := config.LoadDefaultConfig(ctx) if err != nil { log.Panicln(err) } h := handler{ dynamoClient: dynamodb.NewFromConfig(sdkConfig), } lambda.Start(h.HandleRequest) } ``` Crea una struttura che esegue operazioni comuni. ``` import ( "context" "log" "strings" "time" "user_pools_and_lambda_triggers/actions" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudformation" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs" "github.com/aws/aws-sdk-go-v2/service/dynamodb" "github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools" ) // IScenarioHelper defines common functions used by the workflows in this example. type IScenarioHelper interface { Pause(secs int) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) PopulateUserTable(ctx context.Context, tableName string) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) AddKnownUser(ctx context.Context, tableName string, user actions.User) ListRecentLogEvents(ctx context.Context, functionName string) } // ScenarioHelper contains AWS wrapper structs used by the workflows in this example. type ScenarioHelper struct { questioner demotools.IQuestioner dynamoActor *actions.DynamoActions cfnActor *actions.CloudFormationActions cwlActor *actions.CloudWatchLogsActions isTestRun bool } // NewScenarioHelper constructs a new scenario helper. func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper { scenario := ScenarioHelper{ questioner: questioner, dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)}, cfnActor: &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)}, cwlActor: &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)}, } return scenario } // Pause waits for the specified number of seconds. func (helper ScenarioHelper) Pause(secs int) { if !helper.isTestRun { time.Sleep(time.Duration(secs) * time.Second) } } // GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format. func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) { return helper.cfnActor.GetOutputs(ctx, stackName), nil } // PopulateUserTable fills the known user table with example data. func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) { log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName) err := helper.dynamoActor.PopulateTable(ctx, tableName) if err != nil { panic(err) } } // GetKnownUsers gets the users from the known users table in a structured format. func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) { knownUsers, err := helper.dynamoActor.Scan(ctx, tableName) if err != nil { log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err) } return knownUsers, err } // AddKnownUser adds a user to the known users table. func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) { log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n", user.UserName, user.UserEmail) err := helper.dynamoActor.AddUser(ctx, tableName, user) if err != nil { panic(err) } } // ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them. func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) { log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...") helper.Pause(10) log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.") logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName) if err != nil { panic(err) } log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName) events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10) if err != nil { panic(err) } for _, event := range events { log.Printf("\t%v", *event.Message) } log.Println(strings.Repeat("-", 88)) } ``` Crea una struttura che racchiude le azioni di Amazon Cognito. ``` import ( "context" "errors" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types" ) type CognitoActions struct { CognitoClient *cognitoidentityprovider.Client } // Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger. type Trigger int const ( PreSignUp Trigger = iota UserMigration PostAuthentication ) type TriggerInfo struct { Trigger Trigger HandlerArn *string } // UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value, // it is removed from the user pool. func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error { output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{ UserPoolId: aws.String(userPoolId), }) if err != nil { log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err) return err } lambdaConfig := output.UserPool.LambdaConfig for _, trigger := range triggers { switch trigger.Trigger { case PreSignUp: lambdaConfig.PreSignUp = trigger.HandlerArn case UserMigration: lambdaConfig.UserMigration = trigger.HandlerArn case PostAuthentication: lambdaConfig.PostAuthentication = trigger.HandlerArn } } _, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{ UserPoolId: aws.String(userPoolId), LambdaConfig: lambdaConfig, }) if err != nil { log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err) } return err } // SignUp signs up a user with Amazon Cognito. func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) { confirmed := false output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{ ClientId: aws.String(clientId), Password: aws.String(password), Username: aws.String(userName), UserAttributes: []types.AttributeType{ {Name: aws.String("email"), Value: aws.String(userEmail)}, }, }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err) } } else { confirmed = output.UserConfirmed } return confirmed, err } // SignIn signs in a user to Amazon Cognito using a username and password authentication flow. func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) { var authResult *types.AuthenticationResultType output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{ AuthFlow: "USER_PASSWORD_AUTH", ClientId: aws.String(clientId), AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password}, }) if err != nil { var resetRequired *types.PasswordResetRequiredException if errors.As(err, &resetRequired) { log.Println(*resetRequired.Message) } else { log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err) } } else { authResult = output.AuthenticationResult } return authResult, err } // ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code // to the user's configured notification destination, such as email. func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) { output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{ ClientId: aws.String(clientId), Username: aws.String(userName), }) if err != nil { log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err) } return output.CodeDeliveryDetails, err } // ConfirmForgotPassword confirms a user with a confirmation code and a new password. func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error { _, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{ ClientId: aws.String(clientId), ConfirmationCode: aws.String(code), Password: aws.String(password), Username: aws.String(userName), }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err) } } return err } // DeleteUser removes a user from the user pool. func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error { _, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{ AccessToken: aws.String(userAccessToken), }) if err != nil { log.Printf("Couldn't delete user. Here's why: %v\n", err) } return err } // AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user // in a state that requires they enter a new password next time they sign in. func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error { _, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{ UserPoolId: aws.String(userPoolId), Username: aws.String(userName), MessageAction: types.MessageActionTypeSuppress, UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}}, }) if err != nil { var userExists *types.UsernameExistsException if errors.As(err, &userExists) { log.Printf("User %v already exists in the user pool.", userName) err = nil } else { log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err) } } return err } // AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a // temporary password. func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error { _, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{ Password: aws.String(password), UserPoolId: aws.String(userPoolId), Username: aws.String(userName), Permanent: true, }) if err != nil { var invalidPassword *types.InvalidPasswordException if errors.As(err, &invalidPassword) { log.Println(*invalidPassword.Message) } else { log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err) } } return err } ``` Crea una struttura che racchiude le azioni di DynamoDB. ``` import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" "github.com/aws/aws-sdk-go-v2/service/dynamodb" "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" ) // DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions // used in the examples. type DynamoActions struct { DynamoClient *dynamodb.Client } // User defines structured user data. type User struct { UserName string UserEmail string LastLogin *LoginInfo `dynamodbav:",omitempty"` } // LoginInfo defines structured custom login data. type LoginInfo struct { UserPoolId string ClientId string Time string } // UserList defines a list of users. type UserList struct { Users []User } // UserNameList returns the usernames contained in a UserList as a list of strings. func (users *UserList) UserNameList() []string { names := make([]string, len(users.Users)) for i := 0; i < len(users.Users); i++ { names[i] = users.Users[i].UserName } return names } // PopulateTable adds a set of test users to the table. func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error { var err error var item map[string]types.AttributeValue var writeReqs []types.WriteRequest for i := 1; i < 4; i++ { item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)}) if err != nil { log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err) return err } writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}}) } _, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{ RequestItems: map[string][]types.WriteRequest{tableName: writeReqs}, }) if err != nil { log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err) } return err } // Scan scans the table for all items. func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) { var userList UserList output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{ TableName: aws.String(tableName), }) if err != nil { log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err) } else { err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users) if err != nil { log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err) } } return userList, err } // AddUser adds a user item to a table. func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error { userItem, err := attributevalue.MarshalMap(user) if err != nil { log.Printf("Couldn't marshall user to item. Here's why: %v\n", err) } _, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{ Item: userItem, TableName: aws.String(tableName), }) if err != nil { log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err) } return err } ``` Crea una struttura che racchiuda le azioni di CloudWatch Logs. ``` import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types" ) type CloudWatchLogsActions struct { CwlClient *cloudwatchlogs.Client } // GetLatestLogStream gets the most recent log stream for a Lambda function. func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) { var logStream types.LogStream logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName) output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{ Descending: aws.Bool(true), Limit: aws.Int32(1), LogGroupName: aws.String(logGroupName), OrderBy: types.OrderByLastEventTime, }) if err != nil { log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err) } else { logStream = output.LogStreams[0] } return logStream, err } // GetLogEvents gets the most recent eventCount events from the specified log stream. func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) ( []types.OutputLogEvent, error) { var events []types.OutputLogEvent logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName) output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{ LogStreamName: aws.String(logStreamName), Limit: aws.Int32(eventCount), LogGroupName: aws.String(logGroupName), }) if err != nil { log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err) } else { events = output.Events } return events, err } ``` Crea una struttura che racchiuda le azioni. CloudFormation ``` import ( "context" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudformation" ) // StackOutputs defines a map of outputs from a specific stack. type StackOutputs map[string]string type CloudFormationActions struct { CfnClient *cloudformation.Client } // GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format. func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs { output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{ StackName: aws.String(stackName), }) if err != nil || len(output.Stacks) == 0 { log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err) } stackOutputs := StackOutputs{} for _, out := range output.Stacks[0].Outputs { stackOutputs[*out.OutputKey] = *out.OutputValue } return stackOutputs } ``` Eliminare le risorse. ``` import ( "context" "log" "user_pools_and_lambda_triggers/actions" "github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools" ) // Resources keeps track of AWS resources created during an example and handles // cleanup when the example finishes. type Resources struct { userPoolId string userAccessTokens []string triggers []actions.Trigger cognitoActor *actions.CognitoActions questioner demotools.IQuestioner } func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) { resources.userAccessTokens = []string{} resources.triggers = []actions.Trigger{} resources.cognitoActor = cognitoActor resources.questioner = questioner } // Cleanup deletes all AWS resources created during an example. func (resources *Resources) Cleanup(ctx context.Context) { defer func() { if r := recover(); r != nil { log.Printf("Something went wrong during cleanup.\n%v\n", r) log.Println("Use the AWS Management Console to remove any remaining resources \n" + "that were created for this scenario.") } }() wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+ "during this demo (y/n)?", "y") if wantDelete { for _, accessToken := range resources.userAccessTokens { err := resources.cognitoActor.DeleteUser(ctx, accessToken) if err != nil { log.Println("Couldn't delete user during cleanup.") panic(err) } log.Println("Deleted user.") } triggerList := make([]actions.TriggerInfo, len(resources.triggers)) for i := 0; i < len(resources.triggers); i++ { triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil} } err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...) if err != nil { log.Println("Couldn't update Cognito triggers during cleanup.") panic(err) } log.Println("Removed Cognito triggers from user pool.") } else { log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!") } } ``` + Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Go *. + [ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword) + [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser) + [ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword) + [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth) + [SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp) + [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool) ------ Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK. # Registra un utente con un pool di utenti Amazon Cognito che richiede l'autenticazione a più fattori utilizzando un SDK AWS Gli esempi di codice seguenti mostrano come: + Registra e conferma un utente con nome utente, password e indirizzo e-mail. + Configura l’autenticazione a più fattori associando un’applicazione MFA all’utente. + Accedi utilizzando una password e un codice MFA. ------ #### [ .NET ] **SDK per .NET** C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples). ``` namespace CognitoBasics; public class CognitoBasics { private static ILogger logger = null!; static async Task Main(string[] args) { // Set up dependency injection for Amazon Cognito. using var host = Host.CreateDefaultBuilder(args) .ConfigureLogging(logging => logging.AddFilter("System", LogLevel.Debug) .AddFilter("Microsoft", LogLevel.Information) .AddFilter("Microsoft", LogLevel.Trace)) .ConfigureServices((_, services) => services.AddAWSService() .AddTransient() ) .Build(); logger = LoggerFactory.Create(builder => { builder.AddConsole(); }) .CreateLogger(); var configuration = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("settings.json") // Load settings from .json file. .AddJsonFile("settings.local.json", true) // Optionally load local settings. .Build(); var cognitoWrapper = host.Services.GetRequiredService(); Console.WriteLine(new string('-', 80)); UiMethods.DisplayOverview(); Console.WriteLine(new string('-', 80)); // clientId - The app client Id value that you get from the AWS CDK script. var clientId = configuration["ClientId"]; // "*** REPLACE WITH CLIENT ID VALUE FROM CDK SCRIPT"; // poolId - The pool Id that you get from the AWS CDK script. var poolId = configuration["PoolId"]!; // "*** REPLACE WITH POOL ID VALUE FROM CDK SCRIPT"; var userName = configuration["UserName"]; var password = configuration["Password"]; var email = configuration["Email"]; // If the username wasn't set in the configuration file, // get it from the user now. if (userName is null) { do { Console.Write("Username: "); userName = Console.ReadLine(); } while (string.IsNullOrEmpty(userName)); } Console.WriteLine($"\nUsername: {userName}"); // If the password wasn't set in the configuration file, // get it from the user now. if (password is null) { do { Console.Write("Password: "); password = Console.ReadLine(); } while (string.IsNullOrEmpty(password)); } // If the email address wasn't set in the configuration file, // get it from the user now. if (email is null) { do { Console.Write("Email: "); email = Console.ReadLine(); } while (string.IsNullOrEmpty(email)); } // Now sign up the user. Console.WriteLine($"\nSigning up {userName} with email address: {email}"); await cognitoWrapper.SignUpAsync(clientId, userName, password, email); // Add the user to the user pool. Console.WriteLine($"Adding {userName} to the user pool"); await cognitoWrapper.GetAdminUserAsync(userName, poolId); UiMethods.DisplayTitle("Get confirmation code"); Console.WriteLine($"Conformation code sent to {userName}."); Console.Write("Would you like to send a new code? (Y/N) "); var answer = Console.ReadLine(); if (answer!.ToLower() == "y") { await cognitoWrapper.ResendConfirmationCodeAsync(clientId, userName); Console.WriteLine("Sending a new confirmation code"); } Console.Write("Enter confirmation code (from Email): "); var code = Console.ReadLine(); await cognitoWrapper.ConfirmSignupAsync(clientId, code, userName); UiMethods.DisplayTitle("Checking status"); Console.WriteLine($"Rechecking the status of {userName} in the user pool"); await cognitoWrapper.GetAdminUserAsync(userName, poolId); Console.WriteLine($"Setting up authenticator for {userName} in the user pool"); var setupResponse = await cognitoWrapper.InitiateAuthAsync(clientId, userName, password); var setupSession = await cognitoWrapper.AssociateSoftwareTokenAsync(setupResponse.Session); Console.Write("Enter the 6-digit code displayed in Google Authenticator: "); var setupCode = Console.ReadLine(); var setupResult = await cognitoWrapper.VerifySoftwareTokenAsync(setupSession, setupCode); Console.WriteLine($"Setup status: {setupResult}"); Console.WriteLine($"Now logging in {userName} in the user pool"); var authSession = await cognitoWrapper.AdminInitiateAuthAsync(clientId, poolId, userName, password); Console.Write("Enter a new 6-digit code displayed in Google Authenticator: "); var authCode = Console.ReadLine(); var authResult = await cognitoWrapper.AdminRespondToAuthChallengeAsync(userName, clientId, authCode, authSession, poolId); Console.WriteLine($"Authenticated and received access token: {authResult.AccessToken}"); Console.WriteLine(new string('-', 80)); Console.WriteLine("Cognito scenario is complete."); Console.WriteLine(new string('-', 80)); } } using System.Net; namespace CognitoActions; ///

/// Methods to perform Amazon Cognito Identity Provider actions. ///

public class CognitoWrapper { private readonly IAmazonCognitoIdentityProvider _cognitoService; ///

/// Constructor for the wrapper class containing Amazon Cognito actions. ///

/// The Amazon Cognito client object. public CognitoWrapper(IAmazonCognitoIdentityProvider cognitoService) { _cognitoService = cognitoService; } ///

/// List the Amazon Cognito user pools for an account. ///

/// Get a list of users for the Amazon Cognito user pool. ///

/// Respond to an admin authentication challenge. ///

/// Verify the TOTP and register for MFA. ///

/// Get an MFA token to authenticate the user with the authenticator. ///

/// Initiate an admin auth request. ///

/// Initiate authorization. ///

/// Confirm that the user has signed up. ///

/// Initiates and confirms tracking of the device. ///

/// Send a new confirmation code to a user. ///

/// Get the specified user from an Amazon Cognito user pool with administrator access. ///

/// Sign up a new user. ///

/// The client Id of the application. /// The username to use. /// The user's password. /// The email address of the user. /// A Boolean value indicating whether the user was confirmed. public async Task SignUpAsync(string clientId, string userName, string password, string email) { var userAttrs = new AttributeType { Name = "email", Value = email, }; var userAttrsList = new List(); userAttrsList.Add(userAttrs); var signUpRequest = new SignUpRequest { UserAttributes = userAttrsList, Username = userName, ClientId = clientId, Password = password }; var response = await _cognitoService.SignUpAsync(signUpRequest); return response.HttpStatusCode == HttpStatusCode.OK; } } ``` + Per informazioni dettagliate sull'API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per .NET *. + [AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser) + [AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth) + [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge) + [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken) + [ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice) + [ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp) + [InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth) + [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers) + [ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode) + [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/RespondToAuthChallenge) + [SignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp) + [VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken) ------ #### [ C\$1\$1 ] **SDK per C\$1\$1** C'è dell'altro GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples). ``` Aws::Client::ClientConfiguration clientConfig; // Optional: Set to the AWS Region (overrides config file). // clientConfig.region = "us-east-1"; //! Scenario that adds a user to an Amazon Cognito user pool. /*! \sa gettingStartedWithUserPools() \param clientID: Client ID associated with an Amazon Cognito user pool. \param userPoolID: An Amazon Cognito user pool ID. \param clientConfig: Aws client configuration. \return bool: Successful completion. */ bool AwsDoc::Cognito::gettingStartedWithUserPools(const Aws::String &clientID, const Aws::String &userPoolID, const Aws::Client::ClientConfiguration &clientConfig) { printAsterisksLine(); std::cout << "Welcome to the Amazon Cognito example scenario." << std::endl; printAsterisksLine(); std::cout << "This scenario will add a user to an Amazon Cognito user pool." << std::endl; const Aws::String userName = askQuestion("Enter a new username: "); const Aws::String password = askQuestion("Enter a new password: "); const Aws::String email = askQuestion("Enter a valid email for the user: "); std::cout << "Signing up " << userName << std::endl; Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig); bool userExists = false; do { // 1. Add a user with a username, password, and email address. Aws::CognitoIdentityProvider::Model::SignUpRequest request; request.AddUserAttributes( Aws::CognitoIdentityProvider::Model::AttributeType().WithName( "email").WithValue(email)); request.SetUsername(userName); request.SetPassword(password); request.SetClientId(clientID); Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome = client.SignUp(request); if (outcome.IsSuccess()) { std::cout << "The signup request for " << userName << " was successful." << std::endl; } else if (outcome.GetError().GetErrorType() == Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) { std::cout << "The username already exists. Please enter a different username." << std::endl; userExists = true; } else { std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. " << outcome.GetError().GetMessage() << std::endl; return false; } } while (userExists); printAsterisksLine(); std::cout << "Retrieving status of " << userName << " in the user pool." << std::endl; // 2. Confirm that the user was added to the user pool. if (!checkAdminUserStatus(userName, userPoolID, client)) { return false; } std::cout << "A confirmation code was sent to " << email << "." << std::endl; bool resend = askYesNoQuestion("Would you like to send a new code? (y/n) "); if (resend) { // Request a resend of the confirmation code to the email address. (ResendConfirmationCode) Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request; request.SetUsername(userName); request.SetClientId(clientID); Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome = client.ResendConfirmationCode(request); if (outcome.IsSuccess()) { std::cout << "CognitoIdentityProvider::ResendConfirmationCode was successful." << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. " << outcome.GetError().GetMessage() << std::endl; return false; } } printAsterisksLine(); { // 4. Send the confirmation code that's received in the email. (ConfirmSignUp) const Aws::String confirmationCode = askQuestion( "Enter the confirmation code that was emailed: "); Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request; request.SetClientId(clientID); request.SetConfirmationCode(confirmationCode); request.SetUsername(userName); Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome = client.ConfirmSignUp(request); if (outcome.IsSuccess()) { std::cout << "ConfirmSignup was Successful." << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. " << outcome.GetError().GetMessage() << std::endl; return false; } } std::cout << "Rechecking the status of " << userName << " in the user pool." << std::endl; if (!checkAdminUserStatus(userName, userPoolID, client)) { return false; } printAsterisksLine(); std::cout << "Initiating authorization using the username and password." << std::endl; Aws::String session; // 5. Initiate authorization with username and password. (AdminInitiateAuth) if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) { return false; } printAsterisksLine(); std::cout << "Starting setup of time-based one-time password (TOTP) multi-factor authentication (MFA)." << std::endl; { // 6. Request a setup key for one-time password (TOTP) // multi-factor authentication (MFA). (AssociateSoftwareToken) Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request; request.SetSession(session); Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome = client.AssociateSoftwareToken(request); if (outcome.IsSuccess()) { std::cout << "Enter this setup key into an authenticator app, for example Google Authenticator." << std::endl; std::cout << "Setup key: " << outcome.GetResult().GetSecretCode() << std::endl; #ifdef USING_QR printAsterisksLine(); std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "." << std::endl; saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" + outcome.GetResult().GetSecretCode()); #endif // USING_QR session = outcome.GetResult().GetSession(); } else { std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. " << outcome.GetError().GetMessage() << std::endl; return false; } } askQuestion("Type enter to continue...", alwaysTrueTest); printAsterisksLine(); { Aws::String userCode = askQuestion( "Enter the 6 digit code displayed in the authenticator app: "); // 7. Send the MFA code copied from an authenticator app. (VerifySoftwareToken) Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request; request.SetUserCode(userCode); request.SetSession(session); Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome = client.VerifySoftwareToken(request); if (outcome.IsSuccess()) { std::cout << "Verification of the code was successful." << std::endl; session = outcome.GetResult().GetSession(); } else { std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. " << outcome.GetError().GetMessage() << std::endl; return false; } } printAsterisksLine(); std::cout << "You have completed the MFA authentication setup." << std::endl; std::cout << "Now, sign in." << std::endl; // 8. Initiate authorization again with username and password. (AdminInitiateAuth) if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) { return false; } Aws::String accessToken; { Aws::String mfaCode = askQuestion( "Re-enter the 6 digit code displayed in the authenticator app: "); // 9. Send a new MFA code copied from an authenticator app. (AdminRespondToAuthChallenge) Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request; request.AddChallengeResponses("USERNAME", userName); request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode); request.SetChallengeName( Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA); request.SetClientId(clientID); request.SetUserPoolId(userPoolID); request.SetSession(session); Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome = client.AdminRespondToAuthChallenge(request); if (outcome.IsSuccess()) { std::cout << "Here is the response to the challenge.\n" << outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable() << std::endl; accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken(); } else { std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. " << outcome.GetError().GetMessage() << std::endl; return false; } std::cout << "You have successfully added a user to Amazon Cognito." << std::endl; } if (askYesNoQuestion("Would you like to delete the user that you just added? (y/n) ")) { // 10. Delete the user that you just added. (DeleteUser) Aws::CognitoIdentityProvider::Model::DeleteUserRequest request; request.SetAccessToken(accessToken); Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome = client.DeleteUser(request); if (outcome.IsSuccess()) { std::cout << "The user " << userName << " was deleted." << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::DeleteUser. " << outcome.GetError().GetMessage() << std::endl; } } return true; } //! Routine which checks the user status in an Amazon Cognito user pool. /*! \sa checkAdminUserStatus() \param userName: A username. \param userPoolID: An Amazon Cognito user pool ID. \return bool: Successful completion. */ bool AwsDoc::Cognito::checkAdminUserStatus(const Aws::String &userName, const Aws::String &userPoolID, const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) { Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request; request.SetUsername(userName); request.SetUserPoolId(userPoolID); Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome = client.AdminGetUser(request); if (outcome.IsSuccess()) { std::cout << "The status for " << userName << " is " << Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType( outcome.GetResult().GetUserStatus()) << std::endl; std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl; } else { std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. " << outcome.GetError().GetMessage() << std::endl; } return outcome.IsSuccess(); } //! Routine which starts authorization of an Amazon Cognito user. //! This routine requires administrator credentials. /*! \sa adminInitiateAuthorization() \param clientID: Client ID of tracked device. \param userPoolID: An Amazon Cognito user pool ID. \param userName: A username. \param password: A password. \param sessionResult: String to receive a session token. \return bool: Successful completion. */ bool AwsDoc::Cognito::adminInitiateAuthorization(const Aws::String &clientID, const Aws::String &userPoolID, const Aws::String &userName, const Aws::String &password, Aws::String &sessionResult, const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) { Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request; request.SetClientId(clientID); request.SetUserPoolId(userPoolID); request.AddAuthParameters("USERNAME", userName); request.AddAuthParameters("PASSWORD", password); request.SetAuthFlow( Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH); Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome = client.AdminInitiateAuth(request); if (outcome.IsSuccess()) { std::cout << "Call to AdminInitiateAuth was successful." << std::endl; sessionResult = outcome.GetResult().GetSession(); } else { std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. " << outcome.GetError().GetMessage() << std::endl; } return outcome.IsSuccess(); } ``` + Per informazioni dettagliate sull'API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per C\$1\$1 *. + [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser) + [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth) + [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge) + [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken) + [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmDevice) + [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp) + [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/InitiateAuth) + [ListUsers](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUsers) + [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode) + [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RespondToAuthChallenge) + [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp) + [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken) ------ #### [ Java ] **SDK per Java 2.x** C'è dell'altro GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples). ``` import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType; import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthFlowType; import software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeNameType; import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException; import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmSignUpRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeResponse; import software.amazon.awssdk.services.cognitoidentityprovider.model.SignUpRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenRequest; import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenResponse; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Scanner; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html * * TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS * CDK) script provided in this GitHub repo at * resources/cdk/cognito_scenario_user_pool_with_mfa. * * This code example performs the following operations: * * 1. Invokes the signUp method to sign up a user. * 2. Invokes the adminGetUser method to get the user's confirmation status. * 3. Invokes the ResendConfirmationCode method if the user requested another * code. * 4. Invokes the confirmSignUp method. * 5. Invokes the AdminInitiateAuth to sign in. This results in being prompted * to set up TOTP (time-based one-time password). (The response is * “ChallengeName”: “MFA_SETUP”). * 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private * key. This can be used with Google Authenticator. * 7. Invokes the VerifySoftwareToken method to verify the TOTP and register for * MFA. * 8. Invokes the AdminInitiateAuth to sign in again. This results in being * prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”). * 9. Invokes the AdminRespondToAuthChallenge to get back a token. */ public class CognitoMVP { public static final String DASHES = new String(new char[80]).replace("\0", "-"); public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException { final String usage = """ Usage: Where: clientId - The app client Id value that you can get from the AWS CDK script. poolId - The pool Id that you can get from the AWS CDK script.\s """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String clientId = args[0]; String poolId = args[1]; CognitoIdentityProviderClient identityProviderClient = CognitoIdentityProviderClient.builder() .region(Region.US_EAST_1) .build(); System.out.println(DASHES); System.out.println("Welcome to the Amazon Cognito example scenario."); System.out.println(DASHES); System.out.println(DASHES); System.out.println("*** Enter your user name"); Scanner in = new Scanner(System.in); String userName = in.nextLine(); System.out.println("*** Enter your password"); String password = in.nextLine(); System.out.println("*** Enter your email"); String email = in.nextLine(); System.out.println("1. Signing up " + userName); signUp(identityProviderClient, clientId, userName, password, email); System.out.println(DASHES); System.out.println(DASHES); System.out.println("2. Getting " + userName + " in the user pool"); getAdminUser(identityProviderClient, userName, poolId); System.out .println("*** Conformation code sent to " + userName + ". Would you like to send a new code? (Yes/No)"); System.out.println(DASHES); System.out.println(DASHES); String ans = in.nextLine(); if (ans.compareTo("Yes") == 0) { resendConfirmationCode(identityProviderClient, clientId, userName); System.out.println("3. Sending a new confirmation code"); } System.out.println(DASHES); System.out.println(DASHES); System.out.println("4. Enter confirmation code that was emailed"); String code = in.nextLine(); confirmSignUp(identityProviderClient, clientId, code, userName); System.out.println("Rechecking the status of " + userName + " in the user pool"); getAdminUser(identityProviderClient, userName, poolId); System.out.println(DASHES); System.out.println(DASHES); System.out.println("5. Invokes the initiateAuth to sign in"); AdminInitiateAuthResponse authResponse = initiateAuth(identityProviderClient, clientId, userName, password, poolId); String mySession = authResponse.session(); System.out.println(DASHES); System.out.println(DASHES); System.out.println("6. Invokes the AssociateSoftwareToken method to generate a TOTP key"); String newSession = getSecretForAppMFA(identityProviderClient, mySession); System.out.println(DASHES); System.out.println(DASHES); System.out.println("*** Enter the 6-digit code displayed in Google Authenticator"); String myCode = in.nextLine(); System.out.println(DASHES); System.out.println(DASHES); System.out.println("7. Verify the TOTP and register for MFA"); verifyTOTP(identityProviderClient, newSession, myCode); System.out.println(DASHES); System.out.println(DASHES); System.out.println("8. Re-enter a 6-digit code displayed in Google Authenticator"); String mfaCode = in.nextLine(); AdminInitiateAuthResponse authResponse1 = initiateAuth(identityProviderClient, clientId, userName, password, poolId); System.out.println(DASHES); System.out.println(DASHES); System.out.println("9. Invokes the AdminRespondToAuthChallenge"); String session2 = authResponse1.session(); adminRespondToAuthChallenge(identityProviderClient, userName, clientId, mfaCode, session2); System.out.println(DASHES); System.out.println(DASHES); System.out.println("All Amazon Cognito operations were successfully performed"); System.out.println(DASHES); } // Respond to an authentication challenge. public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient, String userName, String clientId, String mfaCode, String session) { System.out.println("SOFTWARE_TOKEN_MFA challenge is generated"); Map challengeResponses = new HashMap<>(); challengeResponses.put("USERNAME", userName); challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode); AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder() .challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA) .clientId(clientId) .challengeResponses(challengeResponses) .session(session) .build(); AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient .adminRespondToAuthChallenge(respondToAuthChallengeRequest); System.out.println("respondToAuthChallengeResult.getAuthenticationResult()" + respondToAuthChallengeResult.authenticationResult()); } // Verify the TOTP and register for MFA. public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) { try { VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder() .userCode(code) .session(session) .build(); VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest); System.out.println("The status of the token is " + verifyResponse.statusAsString()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName, String password, String userPoolId) { try { Map authParameters = new HashMap<>(); authParameters.put("USERNAME", userName); authParameters.put("PASSWORD", password); AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder() .clientId(clientId) .userPoolId(userPoolId) .authParameters(authParameters) .authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH) .build(); AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest); System.out.println("Result Challenge is : " + response.challengeName()); return response; } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return null; } public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) { AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder() .session(session) .build(); AssociateSoftwareTokenResponse tokenResponse = identityProviderClient .associateSoftwareToken(softwareTokenRequest); String secretCode = tokenResponse.secretCode(); System.out.println("Enter this token into Google Authenticator"); System.out.println(secretCode); return tokenResponse.session(); } public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code, String userName) { try { ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder() .clientId(clientId) .confirmationCode(code) .username(userName) .build(); identityProviderClient.confirmSignUp(signUpRequest); System.out.println(userName + " was confirmed"); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName) { try { ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder() .clientId(clientId) .username(userName) .build(); ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest); System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName, String password, String email) { AttributeType userAttrs = AttributeType.builder() .name("email") .value(email) .build(); List userAttrsList = new ArrayList<>(); userAttrsList.add(userAttrs); try { SignUpRequest signUpRequest = SignUpRequest.builder() .userAttributes(userAttrsList) .username(userName) .clientId(clientId) .password(password) .build(); identityProviderClient.signUp(signUpRequest); System.out.println("User has been signed up "); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName, String poolId) { try { AdminGetUserRequest userRequest = AdminGetUserRequest.builder() .username(userName) .userPoolId(poolId) .build(); AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest); System.out.println("User status " + response.userStatusAsString()); } catch (CognitoIdentityProviderException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } } ``` + Per informazioni dettagliate sull'API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK for Java 2.x *. + [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser) + [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth) + [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge) + [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken) + [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmDevice) + [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp) + [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/InitiateAuth) + [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers) + [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode) + [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/RespondToAuthChallenge) + [SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp) + [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken) ------ #### [ JavaScript ] **SDK per JavaScript (v3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/scenarios/basic#code-examples). Per un'esperienza ottimale, clona il GitHub repository ed esegui questo esempio. Il codice seguente rappresenta un esempio dell’applicazione completa. ``` import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js"; import { signUp } from "../../../actions/sign-up.js"; import { FILE_USER_POOLS } from "./constants.js"; import { getSecondValuesFromEntries } from "@aws-doc-sdk-examples/lib/utils/util-csv.js"; const validateClient = (clientId) => { if (!clientId) { throw new Error( `App client id is missing. Did you run 'create-user-pool'?`, ); } }; const validateUser = (username, password, email) => { if (!(username && password && email)) { throw new Error( `Username, password, and email must be provided as arguments to the 'sign-up' command.`, ); } }; const signUpHandler = async (commands) => { const [_, username, password, email] = commands; try { validateUser(username, password, email); /** * @type {string[]} */ const values = getSecondValuesFromEntries(FILE_USER_POOLS); const clientId = values[0]; validateClient(clientId); logger.log("Signing up."); await signUp({ clientId, username, password, email }); logger.log(`Signed up. A confirmation email has been sent to: ${email}.`); logger.log( `Run 'confirm-sign-up ${username}

' to confirm your account.`,
    );
  } catch (err) {
    logger.error(err);
  }
};

export { signUpHandler };

const signUp = ({ clientId, username, password, email }) => {
  const client = new CognitoIdentityProviderClient({});

  const command = new SignUpCommand({
    ClientId: clientId,
    Username: username,
    Password: password,
    UserAttributes: [{ Name: "email", Value: email }],
  });

  return client.send(command);
};

import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { confirmSignUp } from "../../../actions/confirm-sign-up.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getSecondValuesFromEntries } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";

const validateClient = (clientId) => {
  if (!clientId) {
    throw new Error(
      `App client id is missing. Did you run 'create-user-pool'?`,
    );
  }
};

const validateUser = (username) => {
  if (!username) {
    throw new Error(
      `Username name is missing. It must be provided as an argument to the 'confirm-sign-up' command.`,
    );
  }
};

const validateCode = (code) => {
  if (!code) {
    throw new Error(
      `Verification code is missing. It must be provided as an argument to the 'confirm-sign-up' command.`,
    );
  }
};

const confirmSignUpHandler = async (commands) => {
  const [_, username, code] = commands;

  try {
    validateUser(username);
    validateCode(code);
    /**
     * @type {string[]}
     */
    const values = getSecondValuesFromEntries(FILE_USER_POOLS);
    const clientId = values[0];
    validateClient(clientId);
    logger.log("Confirming user.");
    await confirmSignUp({ clientId, username, code });
    logger.log(
      `User confirmed. Run 'admin-initiate-auth ${username} ' to sign in.`,
    );
  } catch (err) {
    logger.error(err);
  }
};

export { confirmSignUpHandler };

const confirmSignUp = ({ clientId, username, code }) => {
  const client = new CognitoIdentityProviderClient({});

  const command = new ConfirmSignUpCommand({
    ClientId: clientId,
    Username: username,
    ConfirmationCode: code,
  });

  return client.send(command);
};

import qrcode from "qrcode-terminal";
import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { adminInitiateAuth } from "../../../actions/admin-initiate-auth.js";
import { associateSoftwareToken } from "../../../actions/associate-software-token.js";
import { FILE_USER_POOLS } from "./constants.js";
import { getFirstEntry } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";

const handleMfaSetup = async (session, username) => {
  const { SecretCode, Session } = await associateSoftwareToken(session);

  // Store the Session for use with 'VerifySoftwareToken'.
  process.env.SESSION = Session;

  console.log(
    "Scan this code in your preferred authenticator app, then run 'verify-software-token' to finish the setup.",
  );
  qrcode.generate(
    `otpauth://totp/${username}?secret=${SecretCode}`,
    { small: true },
    console.log,
  );
};

const handleSoftwareTokenMfa = (session) => {
  // Store the Session for use with 'AdminRespondToAuthChallenge'.
  process.env.SESSION = session;
};

const validateClient = (id) => {
  if (!id) {
    throw new Error(
      `User pool client id is missing. Did you run 'create-user-pool'?`,
    );
  }
};

const validateId = (id) => {
  if (!id) {
    throw new Error(`User pool id is missing. Did you run 'create-user-pool'?`);
  }
};

const validateUser = (username, password) => {
  if (!(username && password)) {
    throw new Error(
      `Username and password must be provided as arguments to the 'admin-initiate-auth' command.`,
    );
  }
};

const adminInitiateAuthHandler = async (commands) => {
  const [_, username, password] = commands;

  try {
    validateUser(username, password);

    const [userPoolId, clientId] = getFirstEntry(FILE_USER_POOLS);
    validateId(userPoolId);
    validateClient(clientId);

    logger.log("Signing in.");
    const { ChallengeName, Session } = await adminInitiateAuth({
      clientId,
      userPoolId,
      username,
      password,
    });

    if (ChallengeName === "MFA_SETUP") {
      logger.log("MFA setup is required.");
      return handleMfaSetup(Session, username);
    }

    if (ChallengeName === "SOFTWARE_TOKEN_MFA") {
      handleSoftwareTokenMfa(Session);
      logger.log(`Run 'admin-respond-to-auth-challenge ${username} '`);
    }
  } catch (err) {
    logger.error(err);
  }
};

export { adminInitiateAuthHandler };

const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => {
  const client = new CognitoIdentityProviderClient({});

  const command = new AdminInitiateAuthCommand({
    ClientId: clientId,
    UserPoolId: userPoolId,
    AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
    AuthParameters: { USERNAME: username, PASSWORD: password },
  });

  return client.send(command);
};

import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { adminRespondToAuthChallenge } from "../../../actions/admin-respond-to-auth-challenge.js";
import { getFirstEntry } from "@aws-doc-sdk-examples/lib/utils/util-csv.js";
import { FILE_USER_POOLS } from "./constants.js";

const verifyUsername = (username) => {
  if (!username) {
    throw new Error(
      `Username is missing. It must be provided as an argument to the 'admin-respond-to-auth-challenge' command.`,
    );
  }
};

const verifyTotp = (totp) => {
  if (!totp) {
    throw new Error(
      `Time-based one-time password (TOTP) is missing. It must be provided as an argument to the 'admin-respond-to-auth-challenge' command.`,
    );
  }
};

const storeAccessToken = (token) => {
  process.env.AccessToken = token;
};

const adminRespondToAuthChallengeHandler = async (commands) => {
  const [_, username, totp] = commands;

  try {
    verifyUsername(username);
    verifyTotp(totp);

    const [userPoolId, clientId] = getFirstEntry(FILE_USER_POOLS);
    const session = process.env.SESSION;

    const { AuthenticationResult } = await adminRespondToAuthChallenge({
      clientId,
      userPoolId,
      username,
      totp,
      session,
    });

    storeAccessToken(AuthenticationResult.AccessToken);

    logger.log("Successfully authenticated.");
  } catch (err) {
    logger.error(err);
  }
};

export { adminRespondToAuthChallengeHandler };

const respondToAuthChallenge = ({
  clientId,
  username,
  session,
  userPoolId,
  code,
}) => {
  const client = new CognitoIdentityProviderClient({});

  const command = new RespondToAuthChallengeCommand({
    ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
    ChallengeResponses: {
      SOFTWARE_TOKEN_MFA_CODE: code,
      USERNAME: username,
    },
    ClientId: clientId,
    UserPoolId: userPoolId,
    Session: session,
  });

  return client.send(command);
};

import { logger } from "@aws-doc-sdk-examples/lib/utils/util-log.js";
import { verifySoftwareToken } from "../../../actions/verify-software-token.js";

const validateTotp = (totp) => {
  if (!totp) {
    throw new Error(
      `Time-based one-time password (TOTP) must be provided to the 'validate-software-token' command.`,
    );
  }
};
const verifySoftwareTokenHandler = async (commands) => {
  const [_, totp] = commands;

  try {
    validateTotp(totp);

    logger.log("Verifying TOTP.");
    await verifySoftwareToken(totp);
    logger.log("TOTP Verified. Run 'admin-initiate-auth' again to sign-in.");
  } catch (err) {
    logger.error(err);
  }
};

export { verifySoftwareTokenHandler };

const verifySoftwareToken = (totp) => {
  const client = new CognitoIdentityProviderClient({});

  // The 'Session' is provided in the response to 'AssociateSoftwareToken'.
  const session = process.env.SESSION;

  if (!session) {
    throw new Error(
      "Missing a valid Session. Did you run 'admin-initiate-auth'?",
    );
  }

  const command = new VerifySoftwareTokenCommand({
    Session: session,
    UserCode: totp,
  });

  return client.send(command);
};
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per JavaScript *.
  + [AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)
  + [AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)
  + [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)
  + [AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)
  + [ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)
  + [ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)
  + [InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)
  + [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)
  + [ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)
  + [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)
  + [SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)
  + [VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)

------
#### [ Kotlin ]

**SDK per Kotlin**  
 C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples). 

```
/**
 Before running this Kotlin code example, set up your development environment, including your credentials.

 For more information, see the following documentation:
 https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html

 TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS CDK) script provided in this GitHub repo at resources/cdk/cognito_scenario_user_pool_with_mfa.

 This code example performs the following operations:

 1. Invokes the signUp method to sign up a user.
 2. Invokes the adminGetUser method to get the user's confirmation status.
 3. Invokes the ResendConfirmationCode method if the user requested another code.
 4. Invokes the confirmSignUp method.
 5. Invokes the initiateAuth to sign in. This results in being prompted to set up TOTP (time-based one-time password). (The response is “ChallengeName”: “MFA_SETUP”).
 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private key. This can be used with Google Authenticator.
 7. Invokes the VerifySoftwareToken method to verify the TOTP and register for MFA.
 8. Invokes the AdminInitiateAuth to sign in again. This results in being prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
 9. Invokes the AdminRespondToAuthChallenge to get back a token.
 */

suspend fun main(args: Array) {
    val usage = """
        Usage:
             
        Where:
            clientId - The app client Id value that you can get from the AWS CDK script.
            poolId - The pool Id that you can get from the AWS CDK script. 
    """

    if (args.size != 2) {
        println(usage)
        exitProcess(1)
    }

    val clientId = args[0]
    val poolId = args[1]

    // Use the console to get data from the user.
    println("*** Enter your use name")
    val inOb = Scanner(System.`in`)
    val userName = inOb.nextLine()
    println(userName)

    println("*** Enter your password")
    val password: String = inOb.nextLine()

    println("*** Enter your email")
    val email = inOb.nextLine()

    println("*** Signing up $userName")
    signUp(clientId, userName, password, email)

    println("*** Getting $userName in the user pool")
    getAdminUser(userName, poolId)

    println("*** Conformation code sent to $userName. Would you like to send a new code? (Yes/No)")
    val ans = inOb.nextLine()

    if (ans.compareTo("Yes") == 0) {
        println("*** Sending a new confirmation code")
        resendConfirmationCode(clientId, userName)
    }
    println("*** Enter the confirmation code that was emailed")
    val code = inOb.nextLine()
    confirmSignUp(clientId, code, userName)

    println("*** Rechecking the status of $userName in the user pool")
    getAdminUser(userName, poolId)

    val authResponse = checkAuthMethod(clientId, userName, password, poolId)
    val mySession = authResponse.session
    val newSession = getSecretForAppMFA(mySession)
    println("*** Enter the 6-digit code displayed in Google Authenticator")
    val myCode = inOb.nextLine()

    // Verify the TOTP and register for MFA.
    verifyTOTP(newSession, myCode)
    println("*** Re-enter a 6-digit code displayed in Google Authenticator")
    val mfaCode: String = inOb.nextLine()
    val authResponse1 = checkAuthMethod(clientId, userName, password, poolId)
    val session2 = authResponse1.session
    adminRespondToAuthChallenge(userName, clientId, mfaCode, session2)
}

suspend fun checkAuthMethod(
    clientIdVal: String,
    userNameVal: String,
    passwordVal: String,
    userPoolIdVal: String,
): AdminInitiateAuthResponse {
    val authParas = mutableMapOf()
    authParas["USERNAME"] = userNameVal
    authParas["PASSWORD"] = passwordVal

    val authRequest =
        AdminInitiateAuthRequest {
            clientId = clientIdVal
            userPoolId = userPoolIdVal
            authParameters = authParas
            authFlow = AuthFlowType.AdminUserPasswordAuth
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        val response = identityProviderClient.adminInitiateAuth(authRequest)
        println("Result Challenge is ${response.challengeName}")
        return response
    }
}

suspend fun resendConfirmationCode(
    clientIdVal: String?,
    userNameVal: String?,
) {
    val codeRequest =
        ResendConfirmationCodeRequest {
            clientId = clientIdVal
            username = userNameVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        val response = identityProviderClient.resendConfirmationCode(codeRequest)
        println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
    }
}

// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
    userName: String,
    clientIdVal: String?,
    mfaCode: String,
    sessionVal: String?,
) {
    println("SOFTWARE_TOKEN_MFA challenge is generated")
    val challengeResponsesOb = mutableMapOf()
    challengeResponsesOb["USERNAME"] = userName
    challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode

    val adminRespondToAuthChallengeRequest =
        AdminRespondToAuthChallengeRequest {
            challengeName = ChallengeNameType.SoftwareTokenMfa
            clientId = clientIdVal
            challengeResponses = challengeResponsesOb
            session = sessionVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
        println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
    }
}

// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
    sessionVal: String?,
    codeVal: String?,
) {
    val tokenRequest =
        VerifySoftwareTokenRequest {
            userCode = codeVal
            session = sessionVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
        println("The status of the token is ${verifyResponse.status}")
    }
}

suspend fun getSecretForAppMFA(sessionVal: String?): String? {
    val softwareTokenRequest =
        AssociateSoftwareTokenRequest {
            session = sessionVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
        val secretCode = tokenResponse.secretCode
        println("Enter this token into Google Authenticator")
        println(secretCode)
        return tokenResponse.session
    }
}

suspend fun confirmSignUp(
    clientIdVal: String?,
    codeVal: String?,
    userNameVal: String?,
) {
    val signUpRequest =
        ConfirmSignUpRequest {
            clientId = clientIdVal
            confirmationCode = codeVal
            username = userNameVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        identityProviderClient.confirmSignUp(signUpRequest)
        println("$userNameVal  was confirmed")
    }
}

suspend fun getAdminUser(
    userNameVal: String?,
    poolIdVal: String?,
) {
    val userRequest =
        AdminGetUserRequest {
            username = userNameVal
            userPoolId = poolIdVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        val response = identityProviderClient.adminGetUser(userRequest)
        println("User status ${response.userStatus}")
    }
}

suspend fun signUp(
    clientIdVal: String?,
    userNameVal: String?,
    passwordVal: String?,
    emailVal: String?,
) {
    val userAttrs =
        AttributeType {
            name = "email"
            value = emailVal
        }

    val userAttrsList = mutableListOf()
    userAttrsList.add(userAttrs)
    val signUpRequest =
        SignUpRequest {
            userAttributes = userAttrsList
            username = userNameVal
            clientId = clientIdVal
            password = passwordVal
        }

    CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
        identityProviderClient.signUp(signUpRequest)
        println("User has been signed up")
    }
}
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Kotlin*.
  + [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [ConfirmDevice](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [InitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [RespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
  + [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)

------
#### [ Python ]

**SDK per Python (Boto3)**  
 C'è dell'altro GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). 
Creazione di una classe che racchiude le funzioni di Amazon Cognito utilizzate nello scenario.  

```
class CognitoIdentityProviderWrapper:
    """Encapsulates Amazon Cognito actions"""

    def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
        """
        :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
        :param user_pool_id: The ID of an existing Amazon Cognito user pool.
        :param client_id: The ID of a client application registered with the user pool.
        :param client_secret: The client secret, if the client has a secret.
        """
        self.cognito_idp_client = cognito_idp_client
        self.user_pool_id = user_pool_id
        self.client_id = client_id
        self.client_secret = client_secret


    def _secret_hash(self, user_name):
        """
        Calculates a secret hash from a user name and a client secret.

        :param user_name: The user name to use when calculating the hash.
        :return: The secret hash.
        """
        key = self.client_secret.encode()
        msg = bytes(user_name + self.client_id, "utf-8")
        secret_hash = base64.b64encode(
            hmac.new(key, msg, digestmod=hashlib.sha256).digest()
        ).decode()
        logger.info("Made secret hash for %s: %s.", user_name, secret_hash)
        return secret_hash

    def sign_up_user(self, user_name, password, user_email):
        """
        Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
        to send an email to the specified email address. The email contains a code that
        can be used to confirm the user.

        When the user already exists, the user status is checked to determine whether
        the user has been confirmed.

        :param user_name: The user name that identifies the new user.
        :param password: The password for the new user.
        :param user_email: The email address for the new user.
        :return: True when the user is already confirmed with Amazon Cognito.
                 Otherwise, false.
        """
        try:
            kwargs = {
                "ClientId": self.client_id,
                "Username": user_name,
                "Password": password,
                "UserAttributes": [{"Name": "email", "Value": user_email}],
            }
            if self.client_secret is not None:
                kwargs["SecretHash"] = self._secret_hash(user_name)
            response = self.cognito_idp_client.sign_up(**kwargs)
            confirmed = response["UserConfirmed"]
        except ClientError as err:
            if err.response["Error"]["Code"] == "UsernameExistsException":
                response = self.cognito_idp_client.admin_get_user(
                    UserPoolId=self.user_pool_id, Username=user_name
                )
                logger.warning(
                    "User %s exists and is %s.", user_name, response["UserStatus"]
                )
                confirmed = response["UserStatus"] == "CONFIRMED"
            else:
                logger.error(
                    "Couldn't sign up %s. Here's why: %s: %s",
                    user_name,
                    err.response["Error"]["Code"],
                    err.response["Error"]["Message"],
                )
                raise
        return confirmed


    def resend_confirmation(self, user_name):
        """
        Prompts Amazon Cognito to resend an email with a new confirmation code.

        :param user_name: The name of the user who will receive the email.
        :return: Delivery information about where the email is sent.
        """
        try:
            kwargs = {"ClientId": self.client_id, "Username": user_name}
            if self.client_secret is not None:
                kwargs["SecretHash"] = self._secret_hash(user_name)
            response = self.cognito_idp_client.resend_confirmation_code(**kwargs)
            delivery = response["CodeDeliveryDetails"]
        except ClientError as err:
            logger.error(
                "Couldn't resend confirmation to %s. Here's why: %s: %s",
                user_name,
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            return delivery


    def confirm_user_sign_up(self, user_name, confirmation_code):
        """
        Confirms a previously created user. A user must be confirmed before they
        can sign in to Amazon Cognito.

        :param user_name: The name of the user to confirm.
        :param confirmation_code: The confirmation code sent to the user's registered
                                  email address.
        :return: True when the confirmation succeeds.
        """
        try:
            kwargs = {
                "ClientId": self.client_id,
                "Username": user_name,
                "ConfirmationCode": confirmation_code,
            }
            if self.client_secret is not None:
                kwargs["SecretHash"] = self._secret_hash(user_name)
            self.cognito_idp_client.confirm_sign_up(**kwargs)
        except ClientError as err:
            logger.error(
                "Couldn't confirm sign up for %s. Here's why: %s: %s",
                user_name,
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            return True


    def list_users(self):
        """
        Returns a list of the users in the current user pool.

        :return: The list of users.
        """
        try:
            response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id)
            users = response["Users"]
        except ClientError as err:
            logger.error(
                "Couldn't list users for %s. Here's why: %s: %s",
                self.user_pool_id,
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            return users


    def start_sign_in(self, user_name, password):
        """
        Starts the sign-in process for a user by using administrator credentials.
        This method of signing in is appropriate for code running on a secure server.

        If the user pool is configured to require MFA and this is the first sign-in
        for the user, Amazon Cognito returns a challenge response to set up an
        MFA application. When this occurs, this function gets an MFA secret from
        Amazon Cognito and returns it to the caller.

        :param user_name: The name of the user to sign in.
        :param password: The user's password.
        :return: The result of the sign-in attempt. When sign-in is successful, this
                 returns an access token that can be used to get AWS credentials. Otherwise,
                 Amazon Cognito returns a challenge to set up an MFA application,
                 or a challenge to enter an MFA code from a registered MFA application.
        """
        try:
            kwargs = {
                "UserPoolId": self.user_pool_id,
                "ClientId": self.client_id,
                "AuthFlow": "ADMIN_USER_PASSWORD_AUTH",
                "AuthParameters": {"USERNAME": user_name, "PASSWORD": password},
            }
            if self.client_secret is not None:
                kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name)
            response = self.cognito_idp_client.admin_initiate_auth(**kwargs)
            challenge_name = response.get("ChallengeName", None)
            if challenge_name == "MFA_SETUP":
                if (
                    "SOFTWARE_TOKEN_MFA"
                    in response["ChallengeParameters"]["MFAS_CAN_SETUP"]
                ):
                    response.update(self.get_mfa_secret(response["Session"]))
                else:
                    raise RuntimeError(
                        "The user pool requires MFA setup, but the user pool is not "
                        "configured for TOTP MFA. This example requires TOTP MFA."
                    )
        except ClientError as err:
            logger.error(
                "Couldn't start sign in for %s. Here's why: %s: %s",
                user_name,
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            response.pop("ResponseMetadata", None)
            return response


    def get_mfa_secret(self, session):
        """
        Gets a token that can be used to associate an MFA application with the user.

        :param session: Session information returned from a previous call to initiate
                        authentication.
        :return: An MFA token that can be used to set up an MFA application.
        """
        try:
            response = self.cognito_idp_client.associate_software_token(Session=session)
        except ClientError as err:
            logger.error(
                "Couldn't get MFA secret. Here's why: %s: %s",
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            response.pop("ResponseMetadata", None)
            return response


    def verify_mfa(self, session, user_code):
        """
        Verify a new MFA application that is associated with a user.

        :param session: Session information returned from a previous call to initiate
                        authentication.
        :param user_code: A code generated by the associated MFA application.
        :return: Status that indicates whether the MFA application is verified.
        """
        try:
            response = self.cognito_idp_client.verify_software_token(
                Session=session, UserCode=user_code
            )
        except ClientError as err:
            logger.error(
                "Couldn't verify MFA. Here's why: %s: %s",
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            response.pop("ResponseMetadata", None)
            return response


    def respond_to_mfa_challenge(self, user_name, session, mfa_code):
        """
        Responds to a challenge for an MFA code. This completes the second step of
        a two-factor sign-in. When sign-in is successful, it returns an access token
        that can be used to get AWS credentials from Amazon Cognito.

        :param user_name: The name of the user who is signing in.
        :param session: Session information returned from a previous call to initiate
                        authentication.
        :param mfa_code: A code generated by the associated MFA application.
        :return: The result of the authentication. When successful, this contains an
                 access token for the user.
        """
        try:
            kwargs = {
                "UserPoolId": self.user_pool_id,
                "ClientId": self.client_id,
                "ChallengeName": "SOFTWARE_TOKEN_MFA",
                "Session": session,
                "ChallengeResponses": {
                    "USERNAME": user_name,
                    "SOFTWARE_TOKEN_MFA_CODE": mfa_code,
                },
            }
            if self.client_secret is not None:
                kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash(
                    user_name
                )
            response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs)
            auth_result = response["AuthenticationResult"]
        except ClientError as err:
            if err.response["Error"]["Code"] == "ExpiredCodeException":
                logger.warning(
                    "Your MFA code has expired or has been used already. You might have "
                    "to wait a few seconds until your app shows you a new code."
                )
            else:
                logger.error(
                    "Couldn't respond to mfa challenge for %s. Here's why: %s: %s",
                    user_name,
                    err.response["Error"]["Code"],
                    err.response["Error"]["Message"],
                )
                raise
        else:
            return auth_result


    def confirm_mfa_device(
        self,
        user_name,
        device_key,
        device_group_key,
        device_password,
        access_token,
        aws_srp,
    ):
        """
        Confirms an MFA device to be tracked by Amazon Cognito. When a device is
        tracked, its key and password can be used to sign in without requiring a new
        MFA code from the MFA application.

        :param user_name: The user that is associated with the device.
        :param device_key: The key of the device, returned by Amazon Cognito.
        :param device_group_key: The group key of the device, returned by Amazon Cognito.
        :param device_password: The password that is associated with the device.
        :param access_token: The user's access token.
        :param aws_srp: A class that helps with Secure Remote Password (SRP)
                        calculations. The scenario associated with this example uses
                        the warrant package.
        :return: True when the user must confirm the device. Otherwise, False. When
                 False, the device is automatically confirmed and tracked.
        """
        srp_helper = aws_srp.AWSSRP(
            username=user_name,
            password=device_password,
            pool_id="_",
            client_id=self.client_id,
            client_secret=None,
            client=self.cognito_idp_client,
        )
        device_and_pw = f"{device_group_key}{device_key}:{device_password}"
        device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8"))
        salt = aws_srp.pad_hex(aws_srp.get_random(16))
        x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash))
        verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n))
        device_secret_verifier_config = {
            "PasswordVerifier": base64.standard_b64encode(
                bytearray.fromhex(verifier)
            ).decode("utf-8"),
            "Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"),
        }
        try:
            response = self.cognito_idp_client.confirm_device(
                AccessToken=access_token,
                DeviceKey=device_key,
                DeviceSecretVerifierConfig=device_secret_verifier_config,
            )
            user_confirm = response["UserConfirmationNecessary"]
        except ClientError as err:
            logger.error(
                "Couldn't confirm mfa device %s. Here's why: %s: %s",
                device_key,
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            return user_confirm


    def sign_in_with_tracked_device(
        self,
        user_name,
        password,
        device_key,
        device_group_key,
        device_password,
        aws_srp,
    ):
        """
        Signs in to Amazon Cognito as a user who has a tracked device. Signing in
        with a tracked device lets a user sign in without entering a new MFA code.

        Signing in with a tracked device requires that the client respond to the SRP
        protocol. The scenario associated with this example uses the warrant package
        to help with SRP calculations.

        For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.

        :param user_name: The user that is associated with the device.
        :param password: The user's password.
        :param device_key: The key of a tracked device.
        :param device_group_key: The group key of a tracked device.
        :param device_password: The password that is associated with the device.
        :param aws_srp: A class that helps with SRP calculations. The scenario
                        associated with this example uses the warrant package.
        :return: The result of the authentication. When successful, this contains an
                 access token for the user.
        """
        try:
            srp_helper = aws_srp.AWSSRP(
                username=user_name,
                password=device_password,
                pool_id="_",
                client_id=self.client_id,
                client_secret=None,
                client=self.cognito_idp_client,
            )

            response_init = self.cognito_idp_client.initiate_auth(
                ClientId=self.client_id,
                AuthFlow="USER_PASSWORD_AUTH",
                AuthParameters={
                    "USERNAME": user_name,
                    "PASSWORD": password,
                    "DEVICE_KEY": device_key,
                },
            )
            if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
                raise RuntimeError(
                    f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
                )

            auth_params = srp_helper.get_auth_params()
            auth_params["DEVICE_KEY"] = device_key
            response_auth = self.cognito_idp_client.respond_to_auth_challenge(
                ClientId=self.client_id,
                ChallengeName="DEVICE_SRP_AUTH",
                ChallengeResponses=auth_params,
            )
            if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
                raise RuntimeError(
                    f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
                    f"{response_init['ChallengeName']}."
                )

            challenge_params = response_auth["ChallengeParameters"]
            challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
            cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
            cr["USERNAME"] = user_name
            cr["DEVICE_KEY"] = device_key
            response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
                ClientId=self.client_id,
                ChallengeName="DEVICE_PASSWORD_VERIFIER",
                ChallengeResponses=cr,
            )
            auth_tokens = response_verifier["AuthenticationResult"]
        except ClientError as err:
            logger.error(
                "Couldn't start client sign in for %s. Here's why: %s: %s",
                user_name,
                err.response["Error"]["Code"],
                err.response["Error"]["Message"],
            )
            raise
        else:
            return auth_tokens
```
Creazione di una classe che esegue lo scenario. Questo esempio registra un dispositivo MFA che deve essere monitorato da Amazon Cognito e mostra come accedere utilizzando la password e le informazioni del dispositivo monitorato. evitando così di dover inserire un nuovo codice MFA.  

```
def run_scenario(cognito_idp_client, user_pool_id, client_id):
    logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s")

    print("-" * 88)
    print("Welcome to the Amazon Cognito user signup with MFA demo.")
    print("-" * 88)

    cog_wrapper = CognitoIdentityProviderWrapper(
        cognito_idp_client, user_pool_id, client_id
    )

    user_name = q.ask("Let's sign up a new user. Enter a user name: ", q.non_empty)
    password = q.ask("Enter a password for the user: ", q.non_empty)
    email = q.ask("Enter a valid email address that you own: ", q.non_empty)
    confirmed = cog_wrapper.sign_up_user(user_name, password, email)
    while not confirmed:
        print(
            f"User {user_name} requires confirmation. Check {email} for "
            f"a verification code."
        )
        confirmation_code = q.ask("Enter the confirmation code from the email: ")
        if not confirmation_code:
            if q.ask("Do you need another confirmation code (y/n)? ", q.is_yesno):
                delivery = cog_wrapper.resend_confirmation(user_name)
                print(
                    f"Confirmation code sent by {delivery['DeliveryMedium']} "
                    f"to {delivery['Destination']}."
                )
        else:
            confirmed = cog_wrapper.confirm_user_sign_up(user_name, confirmation_code)
    print(f"User {user_name} is confirmed and ready to use.")
    print("-" * 88)

    print("Let's get a list of users in the user pool.")
    q.ask("Press Enter when you're ready.")
    users = cog_wrapper.list_users()
    if users:
        print(f"Found {len(users)} users:")
        pp(users)
    else:
        print("No users found.")
    print("-" * 88)

    print("Let's sign in and get an access token.")
    auth_tokens = None
    challenge = "ADMIN_USER_PASSWORD_AUTH"
    response = {}
    while challenge is not None:
        if challenge == "ADMIN_USER_PASSWORD_AUTH":
            response = cog_wrapper.start_sign_in(user_name, password)
            challenge = response["ChallengeName"]
        elif response["ChallengeName"] == "MFA_SETUP":
            print("First, we need to set up an MFA application.")
            qr_img = qrcode.make(
                f"otpauth://totp/{user_name}?secret={response['SecretCode']}"
            )
            qr_img.save("qr.png")
            q.ask(
                "Press Enter to see a QR code on your screen. Scan it into an MFA "
                "application, such as Google Authenticator."
            )
            webbrowser.open("qr.png")
            mfa_code = q.ask(
                "Enter the verification code from your MFA application: ", q.non_empty
            )
            response = cog_wrapper.verify_mfa(response["Session"], mfa_code)
            print(f"MFA device setup {response['Status']}")
            print("Now that an MFA application is set up, let's sign in again.")
            print(
                "You might have to wait a few seconds for a new MFA code to appear in "
                "your MFA application."
            )
            challenge = "ADMIN_USER_PASSWORD_AUTH"
        elif response["ChallengeName"] == "SOFTWARE_TOKEN_MFA":
            auth_tokens = None
            while auth_tokens is None:
                mfa_code = q.ask(
                    "Enter a verification code from your MFA application: ", q.non_empty
                )
                auth_tokens = cog_wrapper.respond_to_mfa_challenge(
                    user_name, response["Session"], mfa_code
                )
            print(f"You're signed in as {user_name}.")
            print("Here's your access token:")
            pp(auth_tokens["AccessToken"])
            print("And your device information:")
            pp(auth_tokens["NewDeviceMetadata"])
            challenge = None
        else:
            raise Exception(f"Got unexpected challenge {response['ChallengeName']}")
    print("-" * 88)

    device_group_key = auth_tokens["NewDeviceMetadata"]["DeviceGroupKey"]
    device_key = auth_tokens["NewDeviceMetadata"]["DeviceKey"]
    device_password = base64.standard_b64encode(os.urandom(40)).decode("utf-8")

    print("Let's confirm your MFA device so you don't have re-enter MFA tokens for it.")
    q.ask("Press Enter when you're ready.")
    cog_wrapper.confirm_mfa_device(
        user_name,
        device_key,
        device_group_key,
        device_password,
        auth_tokens["AccessToken"],
        aws_srp,
    )
    print(f"Your device {device_key} is confirmed.")
    print("-" * 88)

    print(
        f"Now let's sign in as {user_name} from your confirmed device {device_key}.\n"
        f"Because this device is tracked by Amazon Cognito, you won't have to re-enter an MFA code."
    )
    q.ask("Press Enter when ready.")
    auth_tokens = cog_wrapper.sign_in_with_tracked_device(
        user_name, password, device_key, device_group_key, device_password, aws_srp
    )
    print("You're signed in. Your access token is:")
    pp(auth_tokens["AccessToken"])
    print("-" * 88)

    print("Don't forget to delete your user pool when you're done with this example.")
    print("\nThanks for watching!")
    print("-" * 88)


def main():
    parser = argparse.ArgumentParser(
        description="Shows how to sign up a new user with Amazon Cognito and associate "
        "the user with an MFA application for multi-factor authentication."
    )
    parser.add_argument(
        "user_pool_id", help="The ID of the user pool to use for the example."
    )
    parser.add_argument(
        "client_id", help="The ID of the client application to use for the example."
    )
    args = parser.parse_args()
    try:
        run_scenario(boto3.client("cognito-idp"), args.user_pool_id, args.client_id)
    except Exception:
        logging.exception("Something went wrong with the demo.")


if __name__ == "__main__":
    main()
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Python (Boto3)*.
  + [AdminGetUser](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)
  + [AdminInitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)
  + [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
  + [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)
  + [ConfirmDevice](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)
  + [ConfirmSignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)
  + [InitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)
  + [ListUsers](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)
  + [ResendConfirmationCode](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)
  + [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)
  + [SignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp)
  + [VerifySoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)

------
#### [ Swift ]

**SDK per Swift**  
 C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples). 
Il file `Package.swift`.  

```
// swift-tools-version: 5.9
//
// The swift-tools-version declares the minimum version of Swift required to
// build this package.

import PackageDescription

let package = Package(
    name: "cognito-scenario",
    // Let Xcode know the minimum Apple platforms supported.
    platforms: [
        .macOS(.v13),
        .iOS(.v15)
    ],
    dependencies: [
        // Dependencies declare other packages that this package depends on.
        .package(
            url: "https://github.com/awslabs/aws-sdk-swift",
            from: "1.0.0"),
        .package(
            url: "https://github.com/apple/swift-argument-parser.git",
            branch: "main"
        )
    ],
    targets: [
        // Targets are the basic building blocks of a package, defining a module or a test suite.
        // Targets can depend on other targets in this package and products
        // from dependencies.
        .executableTarget(
            name: "cognito-scenario",
            dependencies: [
                .product(name: "AWSCognitoIdentityProvider", package: "aws-sdk-swift"),
                .product(name: "ArgumentParser", package: "swift-argument-parser")
            ],
            path: "Sources")

    ]
)
```
File del codice Swift.  

```
// An example demonstrating various features of Amazon Cognito. Before running
// this Swift code example, set up your development environment, including
// your credentials.
//
// For more information, see the following documentation:
// https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html
//
// TIP: To set up the required user pool, run the AWS Cloud Development Kit
// (AWS CDK) script provided in this GitHub repo at
// resources/cdk/cognito_scenario_user_pool_with_mfa.
//
// This example performs the following functions:
//
// 1. Invokes the signUp method to sign up a user.
// 2. Invokes the adminGetUser method to get the user's confirmation status.
// 3. Invokes the ResendConfirmationCode method if the user requested another
//    code.
// 4. Invokes the confirmSignUp method.
// 5. Invokes the initiateAuth to sign in. This results in being prompted to
//    set up TOTP (time-based one-time password). (The response is
//    “ChallengeName”: “MFA_SETUP”).
// 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private
//    key. This can be used with Google Authenticator.
// 7. Invokes the VerifySoftwareToken method to verify the TOTP and register
//    for MFA.
// 8. Invokes the AdminInitiateAuth to sign in again. This results in being
//    prompted to submit a TOTP (Response: “ChallengeName”:
//    “SOFTWARE_TOKEN_MFA”).
// 9. Invokes the AdminRespondToAuthChallenge to get back a token.

import ArgumentParser
import Foundation

import AWSClientRuntime
import AWSCognitoIdentityProvider

struct ExampleCommand: ParsableCommand {
    @Argument(help: "The application clientId.")
    var clientId: String
    @Argument(help: "The user pool ID to use.")
    var poolId: String
    @Option(help: "Name of the Amazon Region to use")
    var region = "us-east-1"

    static var configuration = CommandConfiguration(
        commandName: "cognito-scenario",
        abstract: """
        Demonstrates various features of Amazon Cognito.
        """,
        discussion: """
        """
    )

    /// Prompt for an input string of at least a minimum length.  
    /// 
    /// - Parameters:
    ///   - prompt: The prompt string to display.
    ///   - minLength: The minimum number of characters to allow in the
    ///     response. Default value is 0.
    ///
    /// - Returns: The entered string.
    func stringRequest(_ prompt: String, minLength: Int = 1) -> String {
        while true {
            print(prompt, terminator: "")
            let str = readLine()

            guard let str else {
                continue
            }
            if str.count >= minLength {
                return str
            } else {
                print("*** Response must be at least \(minLength) character(s) long.")
            }
        }
    }

    /// Ask a yes/no question.
    /// 
    /// - Parameter prompt: A prompt string to print.
    ///
    /// - Returns: `true` if the user answered "Y", otherwise `false`.
    func yesNoRequest(_ prompt: String) -> Bool {
        while true {
            let answer = stringRequest(prompt).lowercased()
            if answer == "y" || answer == "n" {
                return answer == "y"
            }
        }
    }

    /// Get information about a specific user in a user pool.
    /// 
    /// - Parameters:
    ///   - cipClient: The Amazon Cognito Identity Provider client to use.
    ///   - userName: The user to retrieve information about.
    ///   - userPoolId: The user pool to search for the specified user.
    ///
    /// - Returns: `true` if the user's information was successfully
    ///   retrieved. Otherwise returns `false`.
    func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String,
                      userPoolId: String) async -> Bool {
        do {
            let output = try await cipClient.adminGetUser(
                input: AdminGetUserInput(
                    userPoolId: userPoolId,
                    username: userName
                )
            )

            guard let userStatus = output.userStatus else {
                print("*** Unable to get the user's status.")
                return false
            }

            print("User status: \(userStatus)")
            return true
        } catch {
            return false
        }
    }

    /// Create a new user in a user pool.
    /// 
    /// - Parameters:
    ///   - cipClient: The `CognitoIdentityProviderClient` to use.
    ///   - clientId: The ID of the app client to create a user for.
    ///   - userName: The username for the new user.
    ///   - password: The new user's password.
    ///   - email: The new user's email address.
    ///
    /// - Returns: `true` if successful; otherwise `false`.
    func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool {
        let emailAttr = CognitoIdentityProviderClientTypes.AttributeType(
            name: "email",
            value: email
        )

        let userAttrsList = [emailAttr]

        do {
            _ = try await cipClient.signUp(
                input: SignUpInput(
                    clientId: clientId,
                    password: password,
                    userAttributes: userAttrsList,
                    username: userName
                )

            )

            print("=====> User \(userName) signed up.")
        } catch _ as AWSCognitoIdentityProvider.UsernameExistsException {
            print("*** The username \(userName) already exists. Please use a different one.")
            return false
        } catch let error as AWSCognitoIdentityProvider.InvalidPasswordException {
            print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "").")
            return false
        } catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException {
            print("*** Error: The specified client ID (\(clientId)) doesn't exist.")
            return false
        } catch {
            print("*** Unexpected error: \(error)")
            return false
        }

        return true
    }

    /// Requests a new confirmation code be sent to the given user's contact
    /// method.
    ///
    /// - Parameters:
    ///   - cipClient: The `CognitoIdentityProviderClient` to use.
    ///   - clientId: The application client ID.
    ///   - userName: The user to resend a code for.
    ///
    /// - Returns: `true` if a new code was sent successfully, otherwise
    ///   `false`.
    func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String,
                                userName: String) async -> Bool {
        do {
            let output = try await cipClient.resendConfirmationCode(
                input: ResendConfirmationCodeInput(
                    clientId: clientId,
                    username: userName
                )
            )

            guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else {
                print("*** Unable to get the delivery method for the resent code.")
                return false
            }

            print("=====> A new code has been sent by \(deliveryMedium)")
            return true
        } catch {
            print("*** Unable to resend the confirmation code to user \(userName).")
            return false
        }
    }

    /// Submit a confirmation code for the specified user. This is the code as
    /// entered by the user after they've received it by email or text
    /// message.
    ///
    /// - Parameters:
    ///   - cipClient: The `CognitoIdentityProviderClient` to use.
    ///   - clientId: The app client ID the user is signing up for.
    ///   - userName: The username of the user whose code is being sent.
    ///   - code: The user's confirmation code.
    /// 
    /// - Returns: `true` if the code was successfully confirmed; otherwise `false`.
    func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String,
                       userName: String, code: String) async -> Bool {
        do {
            _ = try await cipClient.confirmSignUp(
                input: ConfirmSignUpInput(
                    clientId: clientId,
                    confirmationCode: code,
                    username: userName
                )
            )

            print("=====> \(userName) has been confirmed.")
            return true
        } catch {
            print("=====> \(userName)'s code was entered incorrectly.")
            return false
        }
    }

    /// Begin an authentication session.
    ///
    /// - Parameters:
    ///   - cipClient: The `CongitoIdentityProviderClient` to use.
    ///   - clientId: The app client ID to use.
    ///   - userName: The username to check.
    ///   - password: The user's password.
    ///   - userPoolId: The user pool to use.
    ///
    /// - Returns: The session token associated with this authentication
    ///   session.
    func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String,
                         userName: String, password: String,
                         userPoolId: String) async -> String? {
        var authParams: [String: String] = [:]

        authParams["USERNAME"] = userName
        authParams["PASSWORD"] = password

        do {
            let output = try await cipClient.adminInitiateAuth(
                input: AdminInitiateAuthInput(
                    authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth,
                    authParameters: authParams,
                    clientId: clientId,
                    userPoolId: userPoolId
                )
            )

            guard let challengeName = output.challengeName else {
                print("*** Invalid response from the auth service.")
                return nil
            }

            print("=====> Response challenge is \(challengeName)")

            return output.session
        } catch _ as UserNotFoundException {
            print("*** The specified username, \(userName), doesn't exist.")
            return nil
        } catch _ as UserNotConfirmedException {
            print("*** The user \(userName) has not been confirmed.")
            return nil
        } catch {
            print("*** An unexpected error occurred.")
            return nil
        }
    }

    /// Request and display an MFA secret token that the user should enter
    /// into their authenticator to set it up for the user account.
    /// 
    /// - Parameters:
    ///   - cipClient: The `CognitoIdentityProviderClient` to use.
    ///   - authSession: The authentication session to request an MFA secret
    ///     for.
    ///
    /// - Returns: A string containing the MFA secret token that should be
    ///   entered into the authenticator software.
    func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
        do {
            let output = try await cipClient.associateSoftwareToken(
                input: AssociateSoftwareTokenInput(
                    session: authSession
                )
            )

            guard let secretCode = output.secretCode else {
                print("*** Unable to get the secret code")
                return nil
            }

            print("=====> Enter this token into Google Authenticator: \(secretCode)")
            return output.session
        } catch _ as SoftwareTokenMFANotFoundException {
            print("*** The specified user pool isn't configured for MFA.")
            return nil
        } catch {
            print("*** An unexpected error occurred getting the secret for the app's MFA.")
            return nil
        }
    }

    /// Confirm that the user's TOTP authenticator is configured correctly by
    /// sending a code to it to check that it matches successfully.
    /// 
    /// - Parameters:
    ///   - cipClient: The `CongnitoIdentityProviderClient` to use.
    ///   - session: An authentication session previously returned by an
    ///     `associateSoftwareToken()` call.
    ///   - mfaCode: The 6-digit code currently displayed by the user's
    ///     authenticator, as provided by the user.
    func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
        do {
            let output = try await cipClient.verifySoftwareToken(
                input: VerifySoftwareTokenInput(
                    session: session,
                    userCode: mfaCode
                )
            )

            guard let tokenStatus = output.status else {
                print("*** Unable to get the token's status.")
                return
            }
            print("=====> The token's status is: \(tokenStatus)")
        } catch _ as SoftwareTokenMFANotFoundException {
            print("*** The specified user pool isn't configured for MFA.")
            return
        } catch _ as CodeMismatchException {
            print("*** The specified MFA code doesn't match the expected value.")
            return
        } catch _ as UserNotFoundException {
            print("*** The specified username doesn't exist.")
            return
        } catch _ as UserNotConfirmedException {
            print("*** The user has not been confirmed.")
            return
        } catch {
            print("*** Error verifying the MFA token!")
            return
        }
    }

    /// Respond to the authentication challenge received from Cognito after
    /// initiating an authentication session. This involves sending a current
    /// MFA code to the service.
    /// 
    /// - Parameters:
    ///   - cipClient: The `CognitoIdentityProviderClient` to use.
    ///   - userName: The user's username.
    ///   - clientId: The app client ID.
    ///   - userPoolId: The user pool to sign into.
    ///   - mfaCode: The 6-digit MFA code currently displayed by the user's
    ///     authenticator.
    ///   - session: The authentication session to continue processing.
    func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String,
                                     clientId: String, userPoolId: String, mfaCode: String,
                                     session: String) async {
        print("=====> SOFTWARE_TOKEN_MFA challenge is generated...")

        var challengeResponsesOb: [String: String] = [:]
        challengeResponsesOb["USERNAME"] = userName
        challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode

        do {
            let output = try await cipClient.adminRespondToAuthChallenge(
                input: AdminRespondToAuthChallengeInput(
                    challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa,
                    challengeResponses: challengeResponsesOb,
                    clientId: clientId,
                    session: session,
                    userPoolId: userPoolId
                )
            )

            guard let authenticationResult = output.authenticationResult else {
                print("*** Unable to get authentication result.")
                return
            }

            print("=====> Authentication result (JWTs are redacted):")
            print(authenticationResult)
        } catch _ as SoftwareTokenMFANotFoundException {
            print("*** The specified user pool isn't configured for MFA.")
            return
        } catch _ as CodeMismatchException {
            print("*** The specified MFA code doesn't match the expected value.")
            return
        } catch _ as UserNotFoundException {
            print("*** The specified username, \(userName), doesn't exist.")
            return
        } catch _ as UserNotConfirmedException {
            print("*** The user \(userName) has not been confirmed.")
            return
        } catch let error as NotAuthorizedException {
            print("*** Unauthorized access. Reason: \(error.properties.message ?? "")")
        } catch {
            print("*** Error responding to the MFA challenge.")
            return
        }
    }

    /// Called by ``main()`` to run the bulk of the example.
    func runAsync() async throws {
        let config = try await CognitoIdentityProviderClient.CognitoIdentityProviderClientConfiguration(region: region)
        let cipClient = CognitoIdentityProviderClient(config: config)

        print("""
              This example collects information about a user, then creates that user in the
              specified user pool. Then, it enables Multi-Factor Authentication (MFA) for that
              user by associating an authenticator application (such as Google Authenticator
              or a password manager that supports TOTP). Then, the user uses a code from their
              authenticator application to sign in.

              """)

        let userName = stringRequest("Please enter a new username: ")
        let password = stringRequest("Enter a password: ")
        let email = stringRequest("Enter your email address: ", minLength: 5)

        // Submit the sign-up request to AWS.

        print("==> Signing up user \(userName)...")
        if await signUp(cipClient: cipClient, clientId: clientId,
                        userName: userName, password: password,
                        email: email) == false {
            return
        }

        // Check the user's status. This time, it should come back "unconfirmed".

        print("==> Getting the status of user \(userName) from the user pool (should be 'unconfirmed')...")
        if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false {
            return
        }

        // Ask the user if they want a replacement code sent, such as if the
        // code hasn't arrived yet. If the user responds with a "yes," send a
        // new code.

        if yesNoRequest("==> A confirmation code was sent to \(userName). Would you like to send a new code (Y/N)? ") {
            print("==> Sending a new confirmation code...")
            if await resendConfirmationCode(cipClient: cipClient, clientId: clientId, userName: userName) == false {
                return
            }
        }

        // Ask the user to enter the confirmation code, then send it to Amazon
        // Cognito to verify it.

        let code = stringRequest("==> Enter the confirmation code sent to \(userName): ")
        if await confirmSignUp(cipClient: cipClient, clientId: clientId, userName: userName, code: code) == false {
            // The code didn't match. Your application may wish to offer to
            // re-send the confirmation code here and try again.
            return
        }

        // Check the user's status again. This time it should come back
        // "confirmed".

        print("==> Rechecking status of user \(userName) in the user pool (should be 'confirmed')...")
        if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false {
            return
        }
        // Check the challenge mode. Here, it should be "mfaSetup", indicating
        // that the user needs to add MFA before using it. This returns a
        // session that can be used to register MFA, or nil if an error occurs.

        let authSession = await initiateAuth(cipClient: cipClient, clientId: clientId,
                                                userName: userName, password: password,
                                                userPoolId: poolId)
        if authSession == nil {
            return
        }

        // Ask Cognito for an MFA secret token that the user should enter into
        // their authenticator software (such as Google Authenticator) or
        // password manager to configure it for this user account. This
        // returns a new session that should be used for the new stage of the
        // authentication process.

        let newSession = await getSecretForAppMFA(cipClient: cipClient, authSession: authSession)
        if newSession == nil {
            return
        }

        // Ask the user to enter the current 6-digit code displayed by their
        // authenticator. Then verify that it matches the value expected for
        // the session.

        let mfaCode1 = stringRequest("==> Enter the 6-digit code displayed in your authenticator: ",
                                    minLength: 6)
        await verifyTOTP(cipClient: cipClient, session: newSession, mfaCode: mfaCode1)

        // Ask the user to authenticate now that the authenticator has been
        // configured. This creates a new session using the user's username
        // and password as already entered.

        print("\nNow starting the sign-in process for user \(userName)...\n")
        
        let session2 = await initiateAuth(cipClient: cipClient, clientId: clientId,
                                    userName: userName, password: password, userPoolId: poolId)
        guard let session2 else {
            return
        }

        // Now that we have a new auth session, `session2`, ask the user for a
        // new 6-digit code from their authenticator, and send it to the auth
        // session.

        let mfaCode2 = stringRequest("==> Wait for your authenticator to show a new 6-digit code, then enter it: ",
                                    minLength: 6)
        await adminRespondToAuthChallenge(cipClient: cipClient, userName: userName,
                                          clientId: clientId, userPoolId: poolId,
                                          mfaCode: mfaCode2, session: session2)
    }
}

/// The program's asynchronous entry point.
@main
struct Main {
    static func main() async {
        let args = Array(CommandLine.arguments.dropFirst())

        do {
            let command = try ExampleCommand.parse(args)
            try await command.runAsync()
        } catch {
            ExampleCommand.exit(withError: error)
        }
    }    
}
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API SDK AWS per Swift*.
  + [AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))
  + [AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))
  + [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))
  + [AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))
  + [ConfirmDevice](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmdevice(input:))
  + [ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))
  + [InitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/initiateauth(input:))
  + [ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))
  + [ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))
  + [RespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/respondtoauthchallenge(input:))
  + [SignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/signup(input:))
  + [VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))

------

Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK.

# Usa i pool di identità e i flussi di autenticazione di Amazon Cognito


Il seguente esempio di codice mostra come creare un'applicazione demo basata sul Web che dimostri i flussi di autenticazione dei pool di identità.

------
#### [ Python ]

**SDK per Python (Boto3)**  
 Mostra un'applicazione demo basata sul Web che illustra i flussi di autenticazione dei pool di identità di Amazon Cognito, che consente agli utenti di esplorare in modo interattivo i flussi di autenticazione avanzati e di base con vari provider di identità.   
Per il codice sorgente completo e le istruzioni su come configurarlo ed eseguirlo, consulta l'esempio completo su. [ GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito/scenarios/identity_pools_example_demo)  

**Servizi utilizzati in questo esempio**
+ Gestore dell’identità per Amazon Cognito

------

Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta[Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md). Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK.

# Scrivi dati di attività personalizzati con una funzione Lambda dopo l'autenticazione utente di Amazon Cognito tramite un SDK AWS


L’esempio di codice seguente mostra come scrivere dati di attività personalizzate con una funzione Lambda dopo l’autenticazione utente di Amazon Cognito.
+ Usa le funzioni di amministratore per aggiungere un utente a un pool di utenti.
+ Configura un pool di utenti per chiamare una funzione Lambda per il trigger `PostAuthentication`.
+ Accedere con il nuovo utente ad Amazon Cognito.
+ La funzione Lambda scrive informazioni personalizzate nei CloudWatch log e in una tabella DynamoDB.
+ Acquisisci e visualizza dati personalizzati dalla tabella DynamoDB, quindi elimina le risorse.

------
#### [ Go ]

**SDK per Go V2**  
 C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/workflows/user_pools_and_lambda_triggers#code-examples). 
Esegui uno scenario interattivo al prompt dei comandi.  

```
import (
	"context"
	"errors"
	"log"
	"strings"
	"user_pools_and_lambda_triggers/actions"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
	"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)

// ActivityLog separates the steps of this scenario into individual functions so that
// they are simpler to read and understand.
type ActivityLog struct {
	helper       IScenarioHelper
	questioner   demotools.IQuestioner
	resources    Resources
	cognitoActor *actions.CognitoActions
}

// NewActivityLog constructs a new activity log runner.
func NewActivityLog(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) ActivityLog {
	scenario := ActivityLog{
		helper:       helper,
		questioner:   questioner,
		resources:    Resources{},
		cognitoActor: &actions.CognitoActions{CognitoClient: cognitoidentityprovider.NewFromConfig(sdkConfig)},
	}
	scenario.resources.init(scenario.cognitoActor, questioner)
	return scenario
}

// AddUserToPool selects a user from the known users table and uses administrator credentials to add the user to the user pool.
func (runner *ActivityLog) AddUserToPool(ctx context.Context, userPoolId string, tableName string) (string, string) {
	log.Println("To facilitate this example, let's add a user to the user pool using administrator privileges.")
	users, err := runner.helper.GetKnownUsers(ctx, tableName)
	if err != nil {
		panic(err)
	}
	user := users.Users[0]
	log.Printf("Adding known user %v to the user pool.\n", user.UserName)
	err = runner.cognitoActor.AdminCreateUser(ctx, userPoolId, user.UserName, user.UserEmail)
	if err != nil {
		panic(err)
	}
	pwSet := false
	password := runner.questioner.AskPassword("\nEnter a password that has at least eight characters, uppercase, lowercase, numbers and symbols.\n"+
		"(the password will not display as you type):", 8)
	for !pwSet {
		log.Printf("\nSetting password for user '%v'.\n", user.UserName)
		err = runner.cognitoActor.AdminSetUserPassword(ctx, userPoolId, user.UserName, password)
		if err != nil {
			var invalidPassword *types.InvalidPasswordException
			if errors.As(err, &invalidPassword) {
				password = runner.questioner.AskPassword("\nEnter another password:", 8)
			} else {
				panic(err)
			}
		} else {
			pwSet = true
		}
	}

	log.Println(strings.Repeat("-", 88))

	return user.UserName, password
}

// AddActivityLogTrigger adds a Lambda handler as an invocation target for the PostAuthentication trigger.
func (runner *ActivityLog) AddActivityLogTrigger(ctx context.Context, userPoolId string, activityLogArn string) {
	log.Println("Let's add a Lambda function to handle the PostAuthentication trigger from Cognito.\n" +
		"This trigger happens after a user is authenticated, and lets your function take action, such as logging\n" +
		"the outcome.")
	err := runner.cognitoActor.UpdateTriggers(
		ctx, userPoolId,
		actions.TriggerInfo{Trigger: actions.PostAuthentication, HandlerArn: aws.String(activityLogArn)})
	if err != nil {
		panic(err)
	}
	runner.resources.triggers = append(runner.resources.triggers, actions.PostAuthentication)
	log.Printf("Lambda function %v added to user pool %v to handle PostAuthentication Cognito trigger.\n",
		activityLogArn, userPoolId)

	log.Println(strings.Repeat("-", 88))
}

// SignInUser signs in as the specified user.
func (runner *ActivityLog) SignInUser(ctx context.Context, clientId string, userName string, password string) {
	log.Printf("Now we'll sign in user %v and check the results in the logs and the DynamoDB table.", userName)
	runner.questioner.Ask("Press Enter when you're ready.")
	authResult, err := runner.cognitoActor.SignIn(ctx, clientId, userName, password)
	if err != nil {
		panic(err)
	}
	log.Println("Sign in successful.",
		"The PostAuthentication Lambda handler writes custom information to CloudWatch Logs.")

	runner.resources.userAccessTokens = append(runner.resources.userAccessTokens, *authResult.AccessToken)
}

// GetKnownUserLastLogin gets the login info for a user from the Amazon DynamoDB table and displays it.
func (runner *ActivityLog) GetKnownUserLastLogin(ctx context.Context, tableName string, userName string) {
	log.Println("The PostAuthentication handler also writes login data to the DynamoDB table.")
	runner.questioner.Ask("Press Enter when you're ready to continue.")
	users, err := runner.helper.GetKnownUsers(ctx, tableName)
	if err != nil {
		panic(err)
	}
	for _, user := range users.Users {
		if user.UserName == userName {
			log.Println("The last login info for the user in the known users table is:")
			log.Printf("\t%+v", *user.LastLogin)
		}
	}
	log.Println(strings.Repeat("-", 88))
}

// Run runs the scenario.
func (runner *ActivityLog) Run(ctx context.Context, stackName string) {
	defer func() {
		if r := recover(); r != nil {
			log.Println("Something went wrong with the demo.")
			runner.resources.Cleanup(ctx)
		}
	}()

	log.Println(strings.Repeat("-", 88))
	log.Printf("Welcome\n")

	log.Println(strings.Repeat("-", 88))

	stackOutputs, err := runner.helper.GetStackOutputs(ctx, stackName)
	if err != nil {
		panic(err)
	}
	runner.resources.userPoolId = stackOutputs["UserPoolId"]
	runner.helper.PopulateUserTable(ctx, stackOutputs["TableName"])
	userName, password := runner.AddUserToPool(ctx, stackOutputs["UserPoolId"], stackOutputs["TableName"])

	runner.AddActivityLogTrigger(ctx, stackOutputs["UserPoolId"], stackOutputs["ActivityLogFunctionArn"])
	runner.SignInUser(ctx, stackOutputs["UserPoolClientId"], userName, password)
	runner.helper.ListRecentLogEvents(ctx, stackOutputs["ActivityLogFunction"])
	runner.GetKnownUserLastLogin(ctx, stackOutputs["TableName"], userName)

	runner.resources.Cleanup(ctx)

	log.Println(strings.Repeat("-", 88))
	log.Println("Thanks for watching!")
	log.Println(strings.Repeat("-", 88))
}
```
Gestisci il trigger `PostAuthentication` con una funzione Lambda.  

```
import (
	"context"
	"fmt"
	"log"
	"os"
	"time"

	"github.com/aws/aws-lambda-go/events"
	"github.com/aws/aws-lambda-go/lambda"
	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
	dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)

const TABLE_NAME = "TABLE_NAME"

// LoginInfo defines structured login data that can be marshalled to a DynamoDB format.
type LoginInfo struct {
	UserPoolId string `dynamodbav:"UserPoolId"`
	ClientId   string `dynamodbav:"ClientId"`
	Time       string `dynamodbav:"Time"`
}

// UserInfo defines structured user data that can be marshalled to a DynamoDB format.
type UserInfo struct {
	UserName  string    `dynamodbav:"UserName"`
	UserEmail string    `dynamodbav:"UserEmail"`
	LastLogin LoginInfo `dynamodbav:"LastLogin"`
}

// GetKey marshals the user email value to a DynamoDB key format.
func (user UserInfo) GetKey() map[string]dynamodbtypes.AttributeValue {
	userEmail, err := attributevalue.Marshal(user.UserEmail)
	if err != nil {
		panic(err)
	}
	return map[string]dynamodbtypes.AttributeValue{"UserEmail": userEmail}
}

type handler struct {
	dynamoClient *dynamodb.Client
}

// HandleRequest handles the PostAuthentication event by writing custom data to the logs and
// to an Amazon DynamoDB table.
func (h *handler) HandleRequest(ctx context.Context, event events.CognitoEventUserPoolsPostAuthentication) (events.CognitoEventUserPoolsPostAuthentication, error) {
	log.Printf("Received post authentication trigger from %v for user '%v'", event.TriggerSource, event.UserName)
	tableName := os.Getenv(TABLE_NAME)
	user := UserInfo{
		UserName:  event.UserName,
		UserEmail: event.Request.UserAttributes["email"],
		LastLogin: LoginInfo{
			UserPoolId: event.UserPoolID,
			ClientId:   event.CallerContext.ClientID,
			Time:       time.Now().Format(time.UnixDate),
		},
	}
	// Write to CloudWatch Logs.
	fmt.Printf("%#v", user)

	// Also write to an external system. This examples uses DynamoDB to demonstrate.
	userMap, err := attributevalue.MarshalMap(user)
	if err != nil {
		log.Printf("Couldn't marshal to DynamoDB map. Here's why: %v\n", err)
	} else if len(userMap) == 0 {
		log.Printf("User info marshaled to an empty map.")
	} else {
		_, err := h.dynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
			Item:      userMap,
			TableName: aws.String(tableName),
		})
		if err != nil {
			log.Printf("Couldn't write to DynamoDB. Here's why: %v\n", err)
		} else {
			log.Printf("Wrote user info to DynamoDB table %v.\n", tableName)
		}
	}

	return event, nil
}

func main() {
	ctx := context.Background()
	sdkConfig, err := config.LoadDefaultConfig(ctx)
	if err != nil {
		log.Panicln(err)
	}
	h := handler{
		dynamoClient: dynamodb.NewFromConfig(sdkConfig),
	}
	lambda.Start(h.HandleRequest)
}
```
Crea una struttura che esegue operazioni comuni.  

```
import (
	"context"
	"log"
	"strings"
	"time"
	"user_pools_and_lambda_triggers/actions"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/cloudformation"
	"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
	"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)

// IScenarioHelper defines common functions used by the workflows in this example.
type IScenarioHelper interface {
	Pause(secs int)
	GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error)
	PopulateUserTable(ctx context.Context, tableName string)
	GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error)
	AddKnownUser(ctx context.Context, tableName string, user actions.User)
	ListRecentLogEvents(ctx context.Context, functionName string)
}

// ScenarioHelper contains AWS wrapper structs used by the workflows in this example.
type ScenarioHelper struct {
	questioner  demotools.IQuestioner
	dynamoActor *actions.DynamoActions
	cfnActor    *actions.CloudFormationActions
	cwlActor    *actions.CloudWatchLogsActions
	isTestRun   bool
}

// NewScenarioHelper constructs a new scenario helper.
func NewScenarioHelper(sdkConfig aws.Config, questioner demotools.IQuestioner) ScenarioHelper {
	scenario := ScenarioHelper{
		questioner:  questioner,
		dynamoActor: &actions.DynamoActions{DynamoClient: dynamodb.NewFromConfig(sdkConfig)},
		cfnActor:    &actions.CloudFormationActions{CfnClient: cloudformation.NewFromConfig(sdkConfig)},
		cwlActor:    &actions.CloudWatchLogsActions{CwlClient: cloudwatchlogs.NewFromConfig(sdkConfig)},
	}
	return scenario
}

// Pause waits for the specified number of seconds.
func (helper ScenarioHelper) Pause(secs int) {
	if !helper.isTestRun {
		time.Sleep(time.Duration(secs) * time.Second)
	}
}

// GetStackOutputs gets the outputs from the specified CloudFormation stack in a structured format.
func (helper ScenarioHelper) GetStackOutputs(ctx context.Context, stackName string) (actions.StackOutputs, error) {
	return helper.cfnActor.GetOutputs(ctx, stackName), nil
}

// PopulateUserTable fills the known user table with example data.
func (helper ScenarioHelper) PopulateUserTable(ctx context.Context, tableName string) {
	log.Printf("First, let's add some users to the DynamoDB %v table we'll use for this example.\n", tableName)
	err := helper.dynamoActor.PopulateTable(ctx, tableName)
	if err != nil {
		panic(err)
	}
}

// GetKnownUsers gets the users from the known users table in a structured format.
func (helper ScenarioHelper) GetKnownUsers(ctx context.Context, tableName string) (actions.UserList, error) {
	knownUsers, err := helper.dynamoActor.Scan(ctx, tableName)
	if err != nil {
		log.Printf("Couldn't get known users from table %v. Here's why: %v\n", tableName, err)
	}
	return knownUsers, err
}

// AddKnownUser adds a user to the known users table.
func (helper ScenarioHelper) AddKnownUser(ctx context.Context, tableName string, user actions.User) {
	log.Printf("Adding user '%v' with email '%v' to the DynamoDB known users table...\n",
		user.UserName, user.UserEmail)
	err := helper.dynamoActor.AddUser(ctx, tableName, user)
	if err != nil {
		panic(err)
	}
}

// ListRecentLogEvents gets the most recent log stream and events for the specified Lambda function and displays them.
func (helper ScenarioHelper) ListRecentLogEvents(ctx context.Context, functionName string) {
	log.Println("Waiting a few seconds to let Lambda write to CloudWatch Logs...")
	helper.Pause(10)
	log.Println("Okay, let's check the logs to find what's happened recently with your Lambda function.")
	logStream, err := helper.cwlActor.GetLatestLogStream(ctx, functionName)
	if err != nil {
		panic(err)
	}
	log.Printf("Getting some recent events from log stream %v\n", *logStream.LogStreamName)
	events, err := helper.cwlActor.GetLogEvents(ctx, functionName, *logStream.LogStreamName, 10)
	if err != nil {
		panic(err)
	}
	for _, event := range events {
		log.Printf("\t%v", *event.Message)
	}
	log.Println(strings.Repeat("-", 88))
}
```
Crea una struttura che racchiude le azioni di Amazon Cognito.  

```
import (
	"context"
	"errors"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)

type CognitoActions struct {
	CognitoClient *cognitoidentityprovider.Client
}



// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int

const (
	PreSignUp Trigger = iota
	UserMigration
	PostAuthentication
)

type TriggerInfo struct {
	Trigger    Trigger
	HandlerArn *string
}

// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
	output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
		UserPoolId: aws.String(userPoolId),
	})
	if err != nil {
		log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
		return err
	}
	lambdaConfig := output.UserPool.LambdaConfig
	for _, trigger := range triggers {
		switch trigger.Trigger {
		case PreSignUp:
			lambdaConfig.PreSignUp = trigger.HandlerArn
		case UserMigration:
			lambdaConfig.UserMigration = trigger.HandlerArn
		case PostAuthentication:
			lambdaConfig.PostAuthentication = trigger.HandlerArn
		}
	}
	_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
		UserPoolId:   aws.String(userPoolId),
		LambdaConfig: lambdaConfig,
	})
	if err != nil {
		log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
	}
	return err
}



// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
	confirmed := false
	output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
		ClientId: aws.String(clientId),
		Password: aws.String(password),
		Username: aws.String(userName),
		UserAttributes: []types.AttributeType{
			{Name: aws.String("email"), Value: aws.String(userEmail)},
		},
	})
	if err != nil {
		var invalidPassword *types.InvalidPasswordException
		if errors.As(err, &invalidPassword) {
			log.Println(*invalidPassword.Message)
		} else {
			log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
		}
	} else {
		confirmed = output.UserConfirmed
	}
	return confirmed, err
}



// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
	var authResult *types.AuthenticationResultType
	output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
		AuthFlow:       "USER_PASSWORD_AUTH",
		ClientId:       aws.String(clientId),
		AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
	})
	if err != nil {
		var resetRequired *types.PasswordResetRequiredException
		if errors.As(err, &resetRequired) {
			log.Println(*resetRequired.Message)
		} else {
			log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
		}
	} else {
		authResult = output.AuthenticationResult
	}
	return authResult, err
}



// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
	output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
		ClientId: aws.String(clientId),
		Username: aws.String(userName),
	})
	if err != nil {
		log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
	}
	return output.CodeDeliveryDetails, err
}



// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
	_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
		ClientId:         aws.String(clientId),
		ConfirmationCode: aws.String(code),
		Password:         aws.String(password),
		Username:         aws.String(userName),
	})
	if err != nil {
		var invalidPassword *types.InvalidPasswordException
		if errors.As(err, &invalidPassword) {
			log.Println(*invalidPassword.Message)
		} else {
			log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
		}
	}
	return err
}



// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
	_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
		AccessToken: aws.String(userAccessToken),
	})
	if err != nil {
		log.Printf("Couldn't delete user. Here's why: %v\n", err)
	}
	return err
}



// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
	_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
		UserPoolId:     aws.String(userPoolId),
		Username:       aws.String(userName),
		MessageAction:  types.MessageActionTypeSuppress,
		UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
	})
	if err != nil {
		var userExists *types.UsernameExistsException
		if errors.As(err, &userExists) {
			log.Printf("User %v already exists in the user pool.", userName)
			err = nil
		} else {
			log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
		}
	}
	return err
}



// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
	_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
		Password:   aws.String(password),
		UserPoolId: aws.String(userPoolId),
		Username:   aws.String(userName),
		Permanent:  true,
	})
	if err != nil {
		var invalidPassword *types.InvalidPasswordException
		if errors.As(err, &invalidPassword) {
			log.Println(*invalidPassword.Message)
		} else {
			log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
		}
	}
	return err
}
```
Crea una struttura che racchiude le azioni di DynamoDB.  

```
import (
	"context"
	"fmt"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
)

// DynamoActions encapsulates the Amazon Simple Notification Service (Amazon SNS) actions
// used in the examples.
type DynamoActions struct {
	DynamoClient *dynamodb.Client
}

// User defines structured user data.
type User struct {
	UserName  string
	UserEmail string
	LastLogin *LoginInfo `dynamodbav:",omitempty"`
}

// LoginInfo defines structured custom login data.
type LoginInfo struct {
	UserPoolId string
	ClientId   string
	Time       string
}

// UserList defines a list of users.
type UserList struct {
	Users []User
}

// UserNameList returns the usernames contained in a UserList as a list of strings.
func (users *UserList) UserNameList() []string {
	names := make([]string, len(users.Users))
	for i := 0; i < len(users.Users); i++ {
		names[i] = users.Users[i].UserName
	}
	return names
}

// PopulateTable adds a set of test users to the table.
func (actor DynamoActions) PopulateTable(ctx context.Context, tableName string) error {
	var err error
	var item map[string]types.AttributeValue
	var writeReqs []types.WriteRequest
	for i := 1; i < 4; i++ {
		item, err = attributevalue.MarshalMap(User{UserName: fmt.Sprintf("test_user_%v", i), UserEmail: fmt.Sprintf("test_email_%v@example.com", i)})
		if err != nil {
			log.Printf("Couldn't marshall user into DynamoDB format. Here's why: %v\n", err)
			return err
		}
		writeReqs = append(writeReqs, types.WriteRequest{PutRequest: &types.PutRequest{Item: item}})
	}
	_, err = actor.DynamoClient.BatchWriteItem(ctx, &dynamodb.BatchWriteItemInput{
		RequestItems: map[string][]types.WriteRequest{tableName: writeReqs},
	})
	if err != nil {
		log.Printf("Couldn't populate table %v with users. Here's why: %v\n", tableName, err)
	}
	return err
}

// Scan scans the table for all items.
func (actor DynamoActions) Scan(ctx context.Context, tableName string) (UserList, error) {
	var userList UserList
	output, err := actor.DynamoClient.Scan(ctx, &dynamodb.ScanInput{
		TableName: aws.String(tableName),
	})
	if err != nil {
		log.Printf("Couldn't scan table %v for items. Here's why: %v\n", tableName, err)
	} else {
		err = attributevalue.UnmarshalListOfMaps(output.Items, &userList.Users)
		if err != nil {
			log.Printf("Couldn't unmarshal items into users. Here's why: %v\n", err)
		}
	}
	return userList, err
}

// AddUser adds a user item to a table.
func (actor DynamoActions) AddUser(ctx context.Context, tableName string, user User) error {
	userItem, err := attributevalue.MarshalMap(user)
	if err != nil {
		log.Printf("Couldn't marshall user to item. Here's why: %v\n", err)
	}
	_, err = actor.DynamoClient.PutItem(ctx, &dynamodb.PutItemInput{
		Item:      userItem,
		TableName: aws.String(tableName),
	})
	if err != nil {
		log.Printf("Couldn't put item in table %v. Here's why: %v", tableName, err)
	}
	return err
}
```
Crea una struttura che racchiuda le azioni di CloudWatch Logs.  

```
import (
	"context"
	"fmt"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs"
	"github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs/types"
)

type CloudWatchLogsActions struct {
	CwlClient *cloudwatchlogs.Client
}

// GetLatestLogStream gets the most recent log stream for a Lambda function.
func (actor CloudWatchLogsActions) GetLatestLogStream(ctx context.Context, functionName string) (types.LogStream, error) {
	var logStream types.LogStream
	logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
	output, err := actor.CwlClient.DescribeLogStreams(ctx, &cloudwatchlogs.DescribeLogStreamsInput{
		Descending:   aws.Bool(true),
		Limit:        aws.Int32(1),
		LogGroupName: aws.String(logGroupName),
		OrderBy:      types.OrderByLastEventTime,
	})
	if err != nil {
		log.Printf("Couldn't get log streams for log group %v. Here's why: %v\n", logGroupName, err)
	} else {
		logStream = output.LogStreams[0]
	}
	return logStream, err
}

// GetLogEvents gets the most recent eventCount events from the specified log stream.
func (actor CloudWatchLogsActions) GetLogEvents(ctx context.Context, functionName string, logStreamName string, eventCount int32) (
	[]types.OutputLogEvent, error) {
	var events []types.OutputLogEvent
	logGroupName := fmt.Sprintf("/aws/lambda/%s", functionName)
	output, err := actor.CwlClient.GetLogEvents(ctx, &cloudwatchlogs.GetLogEventsInput{
		LogStreamName: aws.String(logStreamName),
		Limit:         aws.Int32(eventCount),
		LogGroupName:  aws.String(logGroupName),
	})
	if err != nil {
		log.Printf("Couldn't get log event for log stream %v. Here's why: %v\n", logStreamName, err)
	} else {
		events = output.Events
	}
	return events, err
}
```
Crea una struttura che racchiuda le azioni. CloudFormation   

```
import (
	"context"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/service/cloudformation"
)

// StackOutputs defines a map of outputs from a specific stack.
type StackOutputs map[string]string

type CloudFormationActions struct {
	CfnClient *cloudformation.Client
}

// GetOutputs gets the outputs from a CloudFormation stack and puts them into a structured format.
func (actor CloudFormationActions) GetOutputs(ctx context.Context, stackName string) StackOutputs {
	output, err := actor.CfnClient.DescribeStacks(ctx, &cloudformation.DescribeStacksInput{
		StackName: aws.String(stackName),
	})
	if err != nil || len(output.Stacks) == 0 {
		log.Panicf("Couldn't find a CloudFormation stack named %v. Here's why: %v\n", stackName, err)
	}
	stackOutputs := StackOutputs{}
	for _, out := range output.Stacks[0].Outputs {
		stackOutputs[*out.OutputKey] = *out.OutputValue
	}
	return stackOutputs
}
```
Eliminare le risorse.  

```
import (
	"context"
	"log"
	"user_pools_and_lambda_triggers/actions"

	"github.com/awsdocs/aws-doc-sdk-examples/gov2/demotools"
)

// Resources keeps track of AWS resources created during an example and handles
// cleanup when the example finishes.
type Resources struct {
	userPoolId       string
	userAccessTokens []string
	triggers         []actions.Trigger

	cognitoActor *actions.CognitoActions
	questioner   demotools.IQuestioner
}

func (resources *Resources) init(cognitoActor *actions.CognitoActions, questioner demotools.IQuestioner) {
	resources.userAccessTokens = []string{}
	resources.triggers = []actions.Trigger{}
	resources.cognitoActor = cognitoActor
	resources.questioner = questioner
}

// Cleanup deletes all AWS resources created during an example.
func (resources *Resources) Cleanup(ctx context.Context) {
	defer func() {
		if r := recover(); r != nil {
			log.Printf("Something went wrong during cleanup.\n%v\n", r)
			log.Println("Use the AWS Management Console to remove any remaining resources \n" +
				"that were created for this scenario.")
		}
	}()

	wantDelete := resources.questioner.AskBool("Do you want to remove all of the AWS resources that were created "+
		"during this demo (y/n)?", "y")
	if wantDelete {
		for _, accessToken := range resources.userAccessTokens {
			err := resources.cognitoActor.DeleteUser(ctx, accessToken)
			if err != nil {
				log.Println("Couldn't delete user during cleanup.")
				panic(err)
			}
			log.Println("Deleted user.")
		}
		triggerList := make([]actions.TriggerInfo, len(resources.triggers))
		for i := 0; i < len(resources.triggers); i++ {
			triggerList[i] = actions.TriggerInfo{Trigger: resources.triggers[i], HandlerArn: nil}
		}
		err := resources.cognitoActor.UpdateTriggers(ctx, resources.userPoolId, triggerList...)
		if err != nil {
			log.Println("Couldn't update Cognito triggers during cleanup.")
			panic(err)
		}
		log.Println("Removed Cognito triggers from user pool.")
	} else {
		log.Println("Be sure to remove resources when you're done with them to avoid unexpected charges!")
	}
}
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Go *.
  + [AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)
  + [AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)
  + [DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)
  + [InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)
  + [UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)

------

Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK.

# Esempi di codice per l'utilizzo di Amazon Cognito Sync AWS SDKs


I seguenti esempi di codice mostrano come usare Amazon Cognito Sync con un kit di sviluppo AWS software (SDK). 

Le *azioni* sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le azioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati.

Per un elenco completo di guide ed esempi di codice per sviluppatori AWS SDK, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK.

**Contents**
+ [Nozioni di base](service_code_examples_cognito-sync_basics.md)
  + [Azioni](service_code_examples_cognito-sync_actions.md)
    + [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)

# Esempi di base per l'utilizzo di Amazon Cognito Sync AWS SDKs


I seguenti esempi di codice mostrano come utilizzare le nozioni di base di Amazon Cognito Sync con. AWS SDKs 

**Contents**
+ [Azioni](service_code_examples_cognito-sync_actions.md)
  + [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)

# Azioni per Amazon Cognito Sync utilizzando AWS SDKs


I seguenti esempi di codice mostrano come eseguire singole azioni di Amazon Cognito Sync con. AWS SDKs Ogni esempio include un collegamento a GitHub, dove puoi trovare le istruzioni per la configurazione e l'esecuzione del codice. 

 Gli esempi seguenti includono solo le azioni più comunemente utilizzate. Per l’elenco completo, consulta la [documentazione di riferimento dell’API Amazon Cognito Sync](https://docs.aws.amazon.com/cognitosync/latest/APIReference/Welcome.html). 

**Topics**
+ [`ListIdentityPoolUsage`](cognito-sync_example_cognito-sync_ListIdentityPoolUsage_section.md)

# Utilizzalo `ListIdentityPoolUsage` con un AWS SDK


Il seguente esempio di codice mostra come utilizzare`ListIdentityPoolUsage`.

------
#### [ Rust ]

**SDK per Rust**  
 C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitosync#code-examples). 

```
async fn show_pools(client: &Client) -> Result<(), Error> {
    let response = client
        .list_identity_pool_usage()
        .max_results(10)
        .send()
        .await?;

    let pools = response.identity_pool_usages();
    println!("Identity pools:");

    for pool in pools {
        println!(
            "  Identity pool ID:    {}",
            pool.identity_pool_id().unwrap_or_default()
        );
        println!(
            "  Data storage:        {}",
            pool.data_storage().unwrap_or_default()
        );
        println!(
            "  Sync sessions count: {}",
            pool.sync_sessions_count().unwrap_or_default()
        );
        println!(
            "  Last modified:       {}",
            pool.last_modified_date().unwrap().to_chrono_utc()?
        );
        println!();
    }

    println!("Next token: {}", response.next_token().unwrap_or_default());

    Ok(())
}
```
+  Per i dettagli sulle API, consulta la [ListIdentityPoolUsage](https://docs.rs/aws-sdk-cognitosync/latest/aws_sdk_cognitosync/client/struct.Client.html#method.list_identity_pool_usage)guida di *riferimento all'API AWS SDK for Rust*. 

------

Per un elenco completo delle guide per sviluppatori AWS SDK e degli esempi di codice, consulta. [Utilizzo di questo servizio con un SDK AWS](sdk-general-information-section.md) Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK.