LoginSignup
8
5

More than 5 years have passed since last update.

@cobachan

golangでCognito認証(ただしSecure Remote Password(SRP)プロトコルではない)

Posted at

参考

http://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
https://github.com/aws/aws-sdk-go/blob/master/service/cognitoidentityprovider/api.go

構成

ユーザ情報:Amazon Cognito ユーザープール

認証機能:Amazon Cognito フェデレーテッドアイデンティティ

golang:github.com/aws/aws-sdk-go/service/cognitoidentityprovider

golang:実装

version

$ go version
go version go1.8 darwin/amd64

事前準備

AWS Credentialの設定をしておく

ライブラリのインストール

$ go get -v github.com/aws/aws-sdk-go/aws/session
$ github.com/aws/aws-sdk-go/service/cognitoidentityprovider

ログイン、初期パスワードの変更、ログアウト

package main

import (
    "fmt"
    "github.com/aws/aws-sdk-go/aws"
    "github.com/aws/aws-sdk-go/aws/session"
    "github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
)

func main() {
    username := "USERNAME"
    password := "PASSWORD"
    clientId := "CLIENTID" // ユーザープールの管理画面で確認
    userPoolId := "ap-northeast-1_USERPOOLID" // ユーザープールの管理画面で確認

    svc := cognitoidentityprovider.New(session.New(), &aws.Config{Region: aws.String("ap-northeast-1")})

    // ログイン
    params := &cognitoidentityprovider.AdminInitiateAuthInput{
        AuthFlow: aws.String("ADMIN_NO_SRP_AUTH"),
        AuthParameters: map[string]*string{
            "USERNAME": aws.String(username),
            "PASSWORD": aws.String(password),
        },
        ClientId: aws.String(clientId),
        UserPoolId: aws.String(userPoolId),
    }

    resp, err := svc.AdminInitiateAuth(params)
    if err != nil {
        fmt.Println(err.Error())
        return
    }
    fmt.Println(resp)

    // パスワード変更
    session := resp.Session
    newPassword := "NEWPASSWORD"
    r_params := &cognitoidentityprovider.AdminRespondToAuthChallengeInput{
        ChallengeName: aws.String("NEW_PASSWORD_REQUIRED"),
        ChallengeResponses: map[string]*string{
            "NEW_PASSWORD": aws.String(newPassword),
            "USERNAME": aws.String(username),
        },
        ClientId: aws.String(clientId),
        Session: session,
        UserPoolId: aws.String(userPoolId), 
    }

    r_resp, err := svc.AdminRespondToAuthChallenge(r_params)
    if err != nil {
        fmt.Println(err.Error())
        return
    }

    // ログアウト by AccessToken
    o_params := &cognitoidentityprovider.GlobalSignOutInput{
        AccessToken: aws.String(*resp.AuthenticationResult.AccessToken),
    }
    o_resp, err := svc.GlobalSignOut(o_params)
    if err != nil {
        fmt.Println(err.Error())
        return
    }
}
8
5
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
8
5