AWS Cognito - 目标身份验证状态:在 Java 中使用 AuthFlow USER_SRP_AUTH 未受到挑战

AWS Cognito - Target auth state: UNCHALLENGED with AuthFlow USER_SRP_AUTH in Java

我是 AWS Cognito 的新手,我正在尝试对使用 Cognito 用户池新创建的用户进行身份验证。

任何人都可以帮助解决这个问题。任何好的 Java 示例都可以用来验证 AWS Cognito。

这是堆栈跟踪错误:


12:07:14.243 [main] DEBUG com.amazonaws.AmazonWebServiceClient - Internal logging successfully configured to commons logger: true
12:07:14.784 [main] DEBUG com.amazonaws.metrics.AwsSdkMetrics - Admin mbean registered under com.amazonaws.management:type=AwsSdkMetrics
AWSCognitoIdentityProviderService.InitiateAuth, Content-Type: application/x-amz-org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://cognito-idp.us-east-1.amazonaws.com:443][total kept alive: 0; route allocated: 1 of 50; total allocated: 1 of 50]
12:07:14.862 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - 
12:07:15.089 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
12:07:15.090 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST / HTTP/1.1
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: cognito-idp.us-east-1.amazonaws.com
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: aws-sdk-java/1.11.251 Windows_10/10.0 Java_HotSpot(TM)_64-Bit_Server_VM/25.144-b01 java/1.8.0_144
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> amz-sdk-invocation-id: e1ebdf5a-f2ec-14b4-c750-3b28d243afb0
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> amz-sdk-retry: 0/0/500
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Type: application/x-amz-json-1.1
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Length: 889
12:07:15.093 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
12:07:15.094 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "POST / HTTP/1.1[\r][\n]"
12:07:15.094 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: cognito-idp.us-east-1.amazonaws.com[\r][\n]"
12:07:15.094 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: aws-sdk-java/1.11.251 Windows_10/10.0 Java_HotSpot(TM)_64-Bit_Server_VM/25.144-b01 java/1.8.0_144[\r][\n]"
12:07:15.094 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "amz-sdk-invocation-id: e1ebdf5a-f2ec-14b4-c750-3b28d243afb0[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "amz-sdk-retry: 0/0/500[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Type: application/x-amz-json-1.1[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Length: 889[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
12:07:15.095 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "{"AuthFlow":"USER_SRP_AUTH","AuthParameters":{"USERNAME":"*************","SRP_A":"9c1d544dc8f22d454d58292148e2d3a121e8a6a77722563d9c838dbc902c1bc48794d2b5a5c9f6509d2c253ce05ca691d8d6f3bd0381817de1232db7c5c1fedc21533aaff98f482510b823d2619e6ab6ad8d0df8661e2927d43de2b654e59bc516deff361caa8dfc07279e6d614dceff32b8bfd94e940393f392e15056a19e05705c10328ec6b683146f9865afa28770560b52848042d56cf78d47fce958d6bedee1aa6950fb28eb0852a374e2c360aa35d9a9be5dd65925e91e26ade9732c1126ccb98fd35c7279717bb7e85914fe446d3d8bc42acb0c8facff124820256cbaed6d9c16efe8823ab0b29457fb9654b2f6d39cfbe7245579231f486ae69eb920afc050ec708ba89f5ab0d11bda5ae55fbec911067049a5ac9407902d80aebce2c949c5e0dc87350987adcfbe9d2467062fb7a02c5323bc74b77c24c28f0369532126cc579a67e271bd06478070de8c6487a26d97da23f8fac1dd68de3c5030f912e389357d5bb433606eae60f9ac434f5cd245a87c728dd8fddc6cffb6346d46"},"ClientId":"4ka2h2ub50ugc9b7enbgmda235"}"
12:07:15.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 400 Bad Request[\r][\n]"
12:07:15.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Fri, 06 Apr 2018 16:08:37 GMT[\r][\n]"
12:07:15.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Type: application/x-amz-json-1.1[\r][\n]"
12:07:15.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 114[\r][\n]"
12:07:15.118 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: keep-alive[\r][\n]"
12:07:15.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "x-amzn-RequestId: c3f044ee-39b4-11e8-b51d-871273fda2e6[\r][\n]"
12:07:15.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "x-amzn-ErrorType: NotAuthorizedException:[\r][\n]"
12:07:15.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "x-amzn-ErrorMessage: Unable to verify secret hash for client 4ka2h2ub50ugc9b7enbgmda235[\r][\n]"
12:07:15.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
12:07:15.119 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 4ka2h2ub50ugc9b7enbgmda235"}"
12:07:15.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 400 Bad Request
12:07:15.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Fri, 06 Apr 2018 16:08:37 GMT
12:07:15.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: application/x-amz-json-1.1
12:07:15.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 114
12:07:15.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: keep-alive
12:07:15.125 [main] DEBUG org.apache.http.headers - http-outgoing-0 << x-amzn-RequestId: c3f044ee-39b4-11e8-b51d-871273fda2e6
12:07:15.126 [main] DEBUG org.apache.http.headers - http-outgoing-0 << x-amzn-ErrorType: NotAuthorizedException:
12:07:15.126 [main] DEBUG org.apache.http.headers - http-outgoing-0 << x-amzn-ErrorMessage: Unable to verify secret hash for client 4ka2h2ub50ugc9b7enbgmda235
12:07:15.135 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 60000 MILLISECONDS
12:07:15.142 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {s}->https://cognito-idp.us-east-1.amazonaws.com:443] can be kept alive for 60.0 seconds
12:07:15.142 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
12:07:15.142 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://cognito-idp.us-east-1.amazonaws.com:443][total kept alive: 1; route allocated: 1 of 50; total allocated: 1 of 50]
12:07:15.185 [main] DEBUG com.amazonaws.request - Received error response: com.amazonaws.services.cognitoidp.model.NotAuthorizedException: Unable to verify secret hash for client 4ka2h2ub50ugc9b7enbgmda235 (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: c3f044ee-39b4-11e8-b51d-871273fda2e6)
Exceptioncom.amazonaws.services.cognitoidp.model.NotAuthorizedException: Unable to verify secret hash for client 4ka2h2ub50ugc9b7enbgmda235 (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: c3f044ee-39b4-11e8-b51d-871273fda2e6)

这是我的代码:

String PerformSRPAuthentication(String username, String password) {
    String authresult = null;

    InitiateAuthRequest initiateAuthRequest = initiateUserSrpAuthRequest(username);
    try {
        AnonymousAWSCredentials awsCreds = new AnonymousAWSCredentials();
        AWSCognitoIdentityProvider cognitoIdentityProvider = AWSCognitoIdentityProviderClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCreds)).withRegion(Regions.fromName(this.region)).build();
        InitiateAuthResult initiateAuthResult = cognitoIdentityProvider.initiateAuth(initiateAuthRequest);
        if (ChallengeNameType.PASSWORD_VERIFIER.toString().equals(initiateAuthResult.getChallengeName())) {
            RespondToAuthChallengeRequest challengeRequest = userSrpAuthRequest(initiateAuthResult, password);
            RespondToAuthChallengeResult result = cognitoIdentityProvider.respondToAuthChallenge(challengeRequest);
            System.out.println("----------------------->>RespondToAuthChallengeResult: " + result);
            System.out.println(CognitoJWTParser.getPayload(result.getAuthenticationResult().getIdToken()));
            authresult = result.getAuthenticationResult().getIdToken();
        }
    } catch(final Exception ex) {
        System.out.println("Exception" + ex);

    }
    return authresult;
}

看来我必须挑战密码并设置新密码了。或类似的东西。预先感谢您的帮助。

纠结了一天,这个问题没人回复。最后我能够解决这个问题(解决方法)。

在 Cognito 用户池中,我刚刚禁用了 "Generate Client Secret",一切都开始工作了。

但还是个问题,我将如何使用生产环境首选的Client Secret?

非常欢迎您提出建议。