golangでCognito認証（ただしSecure Remote Password(SRP)プロトコルではない）

参考

http://docs.aws.amazon.com/ja_jp/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
https://github.com/aws/aws-sdk-go/blob/master/service/cognitoidentityprovider/api.go

構成

ユーザ情報：Amazon Cognito ユーザープール
↑
認証機能：Amazon Cognito フェデレーテッドアイデンティティ
↑
golang：github.com/aws/aws-sdk-go/service/cognitoidentityprovider
↑
golang：実装

version

$ go version
go version go1.8 darwin/amd64

事前準備

AWS Credentialの設定をしておく

ライブラリのインストール

$ go get -v github.com/aws/aws-sdk-go/aws/session
$ github.com/aws/aws-sdk-go/service/cognitoidentityprovider

ログイン、初期パスワードの変更、ログアウト

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
)

func main() {
	username := "USERNAME"
	password := "PASSWORD"
	clientId := "CLIENTID" // ユーザープールの管理画面で確認
	userPoolId := "ap-northeast-1_USERPOOLID" // ユーザープールの管理画面で確認

	svc := cognitoidentityprovider.New(session.New(), &aws.Config{Region: aws.String("ap-northeast-1")})

	// ログイン
	params := &cognitoidentityprovider.AdminInitiateAuthInput{
		AuthFlow: aws.String("ADMIN_NO_SRP_AUTH"),
		AuthParameters: map[string]*string{
			"USERNAME": aws.String(username),
			"PASSWORD": aws.String(password),
		},
		ClientId: aws.String(clientId),
		UserPoolId: aws.String(userPoolId),
	}

	resp, err := svc.AdminInitiateAuth(params)
	if err != nil {
		fmt.Println(err.Error())
		return
	}
	fmt.Println(resp)

	// パスワード変更
	session := resp.Session
	newPassword := "NEWPASSWORD"
	r_params := &cognitoidentityprovider.AdminRespondToAuthChallengeInput{
		ChallengeName: aws.String("NEW_PASSWORD_REQUIRED"),
		ChallengeResponses: map[string]*string{
			"NEW_PASSWORD": aws.String(newPassword),
			"USERNAME": aws.String(username),
		},
		ClientId: aws.String(clientId),
		Session: session,
		UserPoolId: aws.String(userPoolId), 
	}

	r_resp, err := svc.AdminRespondToAuthChallenge(r_params)
	if err != nil {
		fmt.Println(err.Error())
		return
	}

	// ログアウト by AccessToken
	o_params := &cognitoidentityprovider.GlobalSignOutInput{
		AccessToken: aws.String(*resp.AuthenticationResult.AccessToken),
	}
	o_resp, err := svc.GlobalSignOut(o_params)
	if err != nil {
		fmt.Println(err.Error())
		return
	}
}