本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 SDK for Java 2.x 的 Amazon Cognito 身份提供者示例
以下代码示例向您展示了如何使用 AWS SDK for Java 2.x 与 Amazon Cognito 身份提供商配合使用来执行操作和实现常见场景。
*操作*是大型程序的代码摘录,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
*场景*是向您演示如何通过在一个服务中调用多个函数或与其他 AWS 服务结合来完成特定任务的代码示例。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [开始使用](#get_started)
+ [操作](#actions)
+ [场景](#scenarios)
## 开始使用
### 开始使用 Amazon Cognito
以下代码示例显示如何开始使用 Amazon Cognito。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)*中的。
## 操作
### `AdminGetUser`
以下代码示例演示了如何使用 `AdminGetUser`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)*中的。
### `AdminInitiateAuth`
以下代码示例演示了如何使用 `AdminInitiateAuth`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)*中的。
### `AdminRespondToAuthChallenge`
以下代码示例演示了如何使用 `AdminRespondToAuthChallenge`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)*中的。
### `AssociateSoftwareToken`
以下代码示例演示了如何使用 `AssociateSoftwareToken`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)*中的。
### `ConfirmSignUp`
以下代码示例演示了如何使用 `ConfirmSignUp`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)*中的。
### `CreateUserPool`
以下代码示例演示了如何使用 `CreateUserPool`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolName - The name to give your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolName = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
String id = createPool(cognitoClient, userPoolName);
System.out.println("User pool ID: " + id);
cognitoClient.close();
}
public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName) {
try {
CreateUserPoolRequest request = CreateUserPoolRequest.builder()
.poolName(userPoolName)
.build();
CreateUserPoolResponse response = cognitoClient.createUserPool(request);
return response.userPool().id();
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[CreateUserPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPool)*中的。
### `CreateUserPoolClient`
以下代码示例演示了如何使用 `CreateUserPoolClient`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
/**
* A user pool client app is an application that authenticates with Amazon
* Cognito user pools.
* When you create a user pool, you can configure app clients that allow mobile
* or web applications
* to call API operations to authenticate users, manage user attributes and
* profiles,
* and implement sign-up and sign-in flows.
*
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPoolClient {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
clientName - The name for the user pool client to create.
userPoolId - The ID for the user pool.
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientName = args[0];
String userPoolId = args[1];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
createPoolClient(cognitoClient, clientName, userPoolId);
cognitoClient.close();
}
public static void createPoolClient(CognitoIdentityProviderClient cognitoClient, String clientName,
String userPoolId) {
try {
CreateUserPoolClientRequest request = CreateUserPoolClientRequest.builder()
.clientName(clientName)
.userPoolId(userPoolId)
.build();
CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient(request);
System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: "
+ response.userPoolClient().clientId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[CreateUserPoolClient](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPoolClient)*中的。
### `ListUserPools`
以下代码示例演示了如何使用 `ListUserPools`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)*中的。
### `ListUsers`
以下代码示例演示了如何使用 `ListUsers`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUsers {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolId - The ID given to your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolId = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUsers(cognitoClient, userPoolId);
listUsersFilter(cognitoClient, userPoolId);
cognitoClient.close();
}
public static void listAllUsers(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User " + user.username() + " Status " + user.userStatus() + " Created "
+ user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
// Shows how to list users by using a filter.
public static void listUsersFilter(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
String filter = "email = \"tblue@noserver.com\"";
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.filter(filter)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User with filter applied " + user.username() + " Status " + user.userStatus()
+ " Created " + user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)*中的。
### `ResendConfirmationCode`
以下代码示例演示了如何使用 `ResendConfirmationCode`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)*中的。
### `SignUp`
以下代码示例演示了如何使用 `SignUp`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)*中的。
### `VerifySoftwareToken`
以下代码示例演示了如何使用 `VerifySoftwareToken`。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)*中的。
## 场景
### 向需要 MFA 的用户池注册用户
以下代码示例展示了如何:
+ 使用用户名、密码和电子邮件地址注册和确认用户。
+ 通过将 MFA 应用程序与用户关联来设置多重身份验证。
+ 使用密码和 MFA 代码登录。
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples) 中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminGetUserResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminRespondToAuthChallengeResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AssociateSoftwareTokenResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthFlowType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeNameType;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmSignUpRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ResendConfirmationCodeResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.SignUpRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.VerifySoftwareTokenResponse;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Scanner;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*
* TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS
* CDK) script provided in this GitHub repo at
* resources/cdk/cognito_scenario_user_pool_with_mfa.
*
* This code example performs the following operations:
*
* 1. Invokes the signUp method to sign up a user.
* 2. Invokes the adminGetUser method to get the user's confirmation status.
* 3. Invokes the ResendConfirmationCode method if the user requested another
* code.
* 4. Invokes the confirmSignUp method.
* 5. Invokes the AdminInitiateAuth to sign in. This results in being prompted
* to set up TOTP (time-based one-time password). (The response is
* “ChallengeName”: “MFA_SETUP”).
* 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private
* key. This can be used with Google Authenticator.
* 7. Invokes the VerifySoftwareToken method to verify the TOTP and register for
* MFA.
* 8. Invokes the AdminInitiateAuth to sign in again. This results in being
* prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
* 9. Invokes the AdminRespondToAuthChallenge to get back a token.
*/
public class CognitoMVP {
public static final String DASHES = new String(new char[80]).replace("\0", "-");
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
final String usage = """
Usage:
Where:
clientId - The app client Id value that you can get from the AWS CDK script.
poolId - The pool Id that you can get from the AWS CDK script.\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientId = args[0];
String poolId = args[1];
CognitoIdentityProviderClient identityProviderClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
System.out.println(DASHES);
System.out.println("Welcome to the Amazon Cognito example scenario.");
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("*** Enter your user name");
Scanner in = new Scanner(System.in);
String userName = in.nextLine();
System.out.println("*** Enter your password");
String password = in.nextLine();
System.out.println("*** Enter your email");
String email = in.nextLine();
System.out.println("1. Signing up " + userName);
signUp(identityProviderClient, clientId, userName, password, email);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("2. Getting " + userName + " in the user pool");
getAdminUser(identityProviderClient, userName, poolId);
System.out
.println("*** Conformation code sent to " + userName + ". Would you like to send a new code? (Yes/No)");
System.out.println(DASHES);
System.out.println(DASHES);
String ans = in.nextLine();
if (ans.compareTo("Yes") == 0) {
resendConfirmationCode(identityProviderClient, clientId, userName);
System.out.println("3. Sending a new confirmation code");
}
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("4. Enter confirmation code that was emailed");
String code = in.nextLine();
confirmSignUp(identityProviderClient, clientId, code, userName);
System.out.println("Rechecking the status of " + userName + " in the user pool");
getAdminUser(identityProviderClient, userName, poolId);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("5. Invokes the initiateAuth to sign in");
AdminInitiateAuthResponse authResponse = initiateAuth(identityProviderClient, clientId, userName, password,
poolId);
String mySession = authResponse.session();
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("6. Invokes the AssociateSoftwareToken method to generate a TOTP key");
String newSession = getSecretForAppMFA(identityProviderClient, mySession);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("*** Enter the 6-digit code displayed in Google Authenticator");
String myCode = in.nextLine();
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("7. Verify the TOTP and register for MFA");
verifyTOTP(identityProviderClient, newSession, myCode);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("8. Re-enter a 6-digit code displayed in Google Authenticator");
String mfaCode = in.nextLine();
AdminInitiateAuthResponse authResponse1 = initiateAuth(identityProviderClient, clientId, userName, password,
poolId);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("9. Invokes the AdminRespondToAuthChallenge");
String session2 = authResponse1.session();
adminRespondToAuthChallenge(identityProviderClient, userName, clientId, mfaCode, session2);
System.out.println(DASHES);
System.out.println(DASHES);
System.out.println("All Amazon Cognito operations were successfully performed");
System.out.println(DASHES);
}
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS SDK for Java 2.x API Reference》**中的以下主题。
+ [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)