本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用適用於 C\$1\$1 的 SDK 的 Amazon Cognito 身分提供者範例
下列程式碼範例示範如何使用 適用於 C\$1\$1 的 AWS SDK 搭配 Amazon Cognito Identity Provider 執行動作和實作常見案例。
*Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
*案例*是向您展示如何呼叫服務中的多個函數或與其他 AWS 服務組合來完成特定任務的程式碼範例。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
**Topics**
+ [開始使用](#get_started)
+ [動作](#actions)
+ [案例](#scenarios)
## 開始使用
### Hello Amazon Cognito
下列程式碼範例顯示如何開始使用 Amazon Cognito。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito/hello_cognito#code-examples)中設定和執行。
CMakeLists.txt CMake 檔案的程式碼。
```
# Set the minimum required version of CMake for this project.
cmake_minimum_required(VERSION 3.13)
# Set the AWS service components used by this project.
set(SERVICE_COMPONENTS cognito-idp)
# Set this project's name.
project("hello_cognito")
# Set the C++ standard to use to build this target.
# At least C++ 11 is required for the AWS SDK for C++.
set(CMAKE_CXX_STANDARD 11)
# Use the MSVC variable to determine if this is a Windows build.
set(WINDOWS_BUILD ${MSVC})
if (WINDOWS_BUILD) # Set the location where CMake can find the installed libraries for the AWS SDK.
string(REPLACE ";" "/aws-cpp-sdk-all;" SYSTEM_MODULE_PATH "${CMAKE_SYSTEM_PREFIX_PATH}/aws-cpp-sdk-all")
list(APPEND CMAKE_PREFIX_PATH ${SYSTEM_MODULE_PATH})
endif ()
# Find the AWS SDK for C++ package.
find_package(AWSSDK REQUIRED COMPONENTS ${SERVICE_COMPONENTS})
if (WINDOWS_BUILD AND AWSSDK_INSTALL_AS_SHARED_LIBS)
# Copy relevant AWS SDK for C++ libraries into the current binary directory for running and debugging.
# set(BIN_SUB_DIR "/Debug") # If you are building from the command line, you may need to uncomment this
# and set the proper subdirectory to the executables' location.
AWSSDK_CPY_DYN_LIBS(SERVICE_COMPONENTS "" ${CMAKE_CURRENT_BINARY_DIR}${BIN_SUB_DIR})
endif ()
add_executable(${PROJECT_NAME}
hello_cognito.cpp)
target_link_libraries(${PROJECT_NAME}
${AWSSDK_LINK_LIBRARIES})
```
hello\$1cognito.cpp 來源檔案的程式碼。
```
#include
#include
#include
#include
/*
* A "Hello Cognito" starter application which initializes an Amazon Cognito client and lists the Amazon Cognito
* user pools.
*
* main function
*
* Usage: 'hello_cognito'
*
*/
int main(int argc, char **argv) {
Aws::SDKOptions options;
// Optionally change the log level for debugging.
// options.loggingOptions.logLevel = Utils::Logging::LogLevel::Debug;
Aws::InitAPI(options); // Should only be called once.
int result = 0;
{
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient cognitoClient(clientConfig);
Aws::String nextToken; // Used for pagination.
std::vector userPools;
do {
Aws::CognitoIdentityProvider::Model::ListUserPoolsRequest listUserPoolsRequest;
if (!nextToken.empty()) {
listUserPoolsRequest.SetNextToken(nextToken);
}
Aws::CognitoIdentityProvider::Model::ListUserPoolsOutcome listUserPoolsOutcome =
cognitoClient.ListUserPools(listUserPoolsRequest);
if (listUserPoolsOutcome.IsSuccess()) {
for (auto &userPool: listUserPoolsOutcome.GetResult().GetUserPools()) {
userPools.push_back(userPool.GetName());
}
nextToken = listUserPoolsOutcome.GetResult().GetNextToken();
} else {
std::cerr << "ListUserPools error: " << listUserPoolsOutcome.GetError().GetMessage() << std::endl;
result = 1;
break;
}
} while (!nextToken.empty());
std::cout << userPools.size() << " user pools found." << std::endl;
for (auto &userPool: userPools) {
std::cout << " user pool: " << userPool << std::endl;
}
}
Aws::ShutdownAPI(options); // Should only be called once.
return result;
}
```
+ 如需 API 詳細資訊,請參閱 *適用於 C\$1\$1 的 AWS SDK API 參考*中的 [ListUserPools](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPools)。
## 動作
### `AdminGetUser`
以下程式碼範例顯示如何使用 `AdminGetUser`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)。
### `AdminInitiateAuth`
以下程式碼範例顯示如何使用 `AdminInitiateAuth`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)。
### `AdminRespondToAuthChallenge`
以下程式碼範例顯示如何使用 `AdminRespondToAuthChallenge`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)。
### `AssociateSoftwareToken`
以下程式碼範例顯示如何使用 `AssociateSoftwareToken`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)。
### `ConfirmSignUp`
以下程式碼範例顯示如何使用 `ConfirmSignUp`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)。
### `DeleteUser`
以下程式碼範例顯示如何使用 `DeleteUser`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ 如需 API 詳細資訊,請參閱 *適用於 C\$1\$1 的 AWS SDK API Reference* 中的 [DeleteUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUser)。
### `ResendConfirmationCode`
以下程式碼範例顯示如何使用 `ResendConfirmationCode`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)。
### `SignUp`
以下程式碼範例顯示如何使用 `SignUp`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)。
### `VerifySoftwareToken`
以下程式碼範例顯示如何使用 `VerifySoftwareToken`。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 如需 API 詳細資訊,請參閱《適用於 C\$1\$1 的 AWS SDK API 參考》**中的 [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)。
## 案例
### 使用需要 MFA 的使用者集區註冊使用者
以下程式碼範例顯示做法:
+ 使用使用者名稱、密碼和電子郵件地址註冊並確認使用者。
+ 透過將 MFA 應用程式與使用者建立關聯,以設定多重要素身分驗證。
+ 使用密碼和 MFA 代碼登入。
**適用於 C\$1\$1 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中設定和執行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
//! Scenario that adds a user to an Amazon Cognito user pool.
/*!
\sa gettingStartedWithUserPools()
\param clientID: Client ID associated with an Amazon Cognito user pool.
\param userPoolID: An Amazon Cognito user pool ID.
\param clientConfig: Aws client configuration.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::gettingStartedWithUserPools(const Aws::String &clientID,
const Aws::String &userPoolID,
const Aws::Client::ClientConfiguration &clientConfig) {
printAsterisksLine();
std::cout
<< "Welcome to the Amazon Cognito example scenario."
<< std::endl;
printAsterisksLine();
std::cout
<< "This scenario will add a user to an Amazon Cognito user pool."
<< std::endl;
const Aws::String userName = askQuestion("Enter a new username: ");
const Aws::String password = askQuestion("Enter a new password: ");
const Aws::String email = askQuestion("Enter a valid email for the user: ");
std::cout << "Signing up " << userName << std::endl;
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
bool userExists = false;
do {
// 1. Add a user with a username, password, and email address.
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
} while (userExists);
printAsterisksLine();
std::cout << "Retrieving status of " << userName << " in the user pool."
<< std::endl;
// 2. Confirm that the user was added to the user pool.
if (!checkAdminUserStatus(userName, userPoolID, client)) {
return false;
}
std::cout << "A confirmation code was sent to " << email << "." << std::endl;
bool resend = askYesNoQuestion("Would you like to send a new code? (y/n) ");
if (resend) {
// Request a resend of the confirmation code to the email address. (ResendConfirmationCode)
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
printAsterisksLine();
{
// 4. Send the confirmation code that's received in the email. (ConfirmSignUp)
const Aws::String confirmationCode = askQuestion(
"Enter the confirmation code that was emailed: ");
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
std::cout << "Rechecking the status of " << userName << " in the user pool."
<< std::endl;
if (!checkAdminUserStatus(userName, userPoolID, client)) {
return false;
}
printAsterisksLine();
std::cout << "Initiating authorization using the username and password."
<< std::endl;
Aws::String session;
// 5. Initiate authorization with username and password. (AdminInitiateAuth)
if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) {
return false;
}
printAsterisksLine();
std::cout
<< "Starting setup of time-based one-time password (TOTP) multi-factor authentication (MFA)."
<< std::endl;
{
// 6. Request a setup key for one-time password (TOTP)
// multi-factor authentication (MFA). (AssociateSoftwareToken)
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
askQuestion("Type enter to continue...", alwaysTrueTest);
printAsterisksLine();
{
Aws::String userCode = askQuestion(
"Enter the 6 digit code displayed in the authenticator app: ");
// 7. Send the MFA code copied from an authenticator app. (VerifySoftwareToken)
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
}
printAsterisksLine();
std::cout << "You have completed the MFA authentication setup." << std::endl;
std::cout << "Now, sign in." << std::endl;
// 8. Initiate authorization again with username and password. (AdminInitiateAuth)
if (!adminInitiateAuthorization(clientID, userPoolID, userName, password, session, client)) {
return false;
}
Aws::String accessToken;
{
Aws::String mfaCode = askQuestion(
"Re-enter the 6 digit code displayed in the authenticator app: ");
// 9. Send a new MFA code copied from an authenticator app. (AdminRespondToAuthChallenge)
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
std::cout << "You have successfully added a user to Amazon Cognito."
<< std::endl;
}
if (askYesNoQuestion("Would you like to delete the user that you just added? (y/n) ")) {
// 10. Delete the user that you just added. (DeleteUser)
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
}
return true;
}
//! Routine which checks the user status in an Amazon Cognito user pool.
/*!
\sa checkAdminUserStatus()
\param userName: A username.
\param userPoolID: An Amazon Cognito user pool ID.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::checkAdminUserStatus(const Aws::String &userName,
const Aws::String &userPoolID,
const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) {
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
return outcome.IsSuccess();
}
//! Routine which starts authorization of an Amazon Cognito user.
//! This routine requires administrator credentials.
/*!
\sa adminInitiateAuthorization()
\param clientID: Client ID of tracked device.
\param userPoolID: An Amazon Cognito user pool ID.
\param userName: A username.
\param password: A password.
\param sessionResult: String to receive a session token.
\return bool: Successful completion.
*/
bool AwsDoc::Cognito::adminInitiateAuthorization(const Aws::String &clientID,
const Aws::String &userPoolID,
const Aws::String &userName,
const Aws::String &password,
Aws::String &sessionResult,
const Aws::CognitoIdentityProvider::CognitoIdentityProviderClient &client) {
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
return outcome.IsSuccess();
}
```
+ 如需 API 詳細資訊,請參閱《*適用於 C\$1\$1 的 AWS SDK API 參考*》中的下列主題。
+ [AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)
+ [AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)
+ [AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)
+ [AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)
+ [ConfirmDevice](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmDevice)
+ [ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)
+ [InitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/InitiateAuth)
+ [ListUsers](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUsers)
+ [ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)
+ [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RespondToAuthChallenge)
+ [SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)
+ [VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)