AWS Cognito:创建用户问题

AWS Cognito: Create User Issue

我们的要求是在 AWS Cognito 中创建一个用户,使用手机和密码确认,然后在注册过程中更新用户属性,如姓名、城市、电子邮件等。为此,首先调用 'Auth.confirmSignUp' 获取手机号码确认的 OTP,然后调用 'Auth.signIn' 通过 'Auth.updateUserAttributes' 更新属性,但问题是 'Auth.signIn' 失败并返回状态代码为 400,响应如下。

回复:

{"__type":"InvalidParameterException","message":"没有为用户池配置自定义 auth lambda 触发器。"}

要求:

{"AuthFlow":"CUSTOM_AUTH","ClientId":"XXXXXXX","AuthParameters":{"USERNAME":"447XXXXXXXX"},"ClientMetadata":{}}

但是,如果我在登录页面上调用 Auth.signIn,它工作正常,但观察到“AuthFlow”:“CUSTOM_AUTH”更改为“AuthFlow”:“USER_SRP_AUTH”。

无法理解在整个过程中遗漏了什么或为解决问题而需要进行的任何其他配置更改。

我们在前端使用 React 中的 aws-amplify 库。代码片段如下。

awsUtils.js ==========

export const signUp = async (userName, password, attributes = {}) => {
    try {
        const response = await Auth.signUp({
            username: userName,
            password,
            attributes: {
                phone_number: userName,
                'custom:role': USER_ROLES.CUSTOMER,
                ...attributes
            }
        });
        return { success: true, response };
    } catch (error) {
        return { success: false, error };
    }
};

export const confirmSignUp = async (userName, otp) => {
    try {
        const response = await Auth.confirmSignUp(userName, otp);
        return { success: true, response };
    } catch (error) {
        return { success: false, error };
    }
};

export const signIn = async (userName, password) => {
    try {
        const response = await Auth.signIn(userName, password);
        return { success: true, response };
    } catch (error) {
        return { success: false, error };
    }
};

在 React 组件第一步中,我们只显示 phone 号码和密码:===========

const { success } = await signUp(userName, password);
if(success){ //if successfull then show OPT field on client side.
    const { success } = await confirmSignUp(userName, otp);
    if( success ){ //If OPT is confirmed on congnito then a call is made to singin.
         const { success } = await signIn(userName, password); // But breaking here ...
    }
}

参考了https://docs.amplify.aws/lib/auth/emailpassword/q/platform/js/#sign-in

AWS 配置:

第一次在组件上挂载(load)我们调用下面的aws配置函数

export const initializeSDK = async () => {
    const {
        regin,
        redirectSignIn,
        redirectSignOut,
        domain,
        identityPoolId,
        poolId,
        webClientId,
        scope
    } = await getEnvConfig();

    const oauth = {
        domain,
        scope: scope?.split(','),
        redirectSignIn,
        redirectSignOut,
        responseType: 'token'
    };
    Amplify.configure({
        oauth: oauth,
        aws_project_region: regin,
        aws_cognito_identity_pool_id: identityPoolId,
        aws_user_pools_id: poolId,
        aws_user_pools_web_client_id: webClientId,
        domain: domain,
        scope: scope,
        redirectSignIn: redirectSignIn,
        redirectSignOut: redirectSignOut,
        responseType: 'CODE',
        AdvancedSecurityDataCollectionFlag: 'true',
        aws_cognito_region: regin,
        socialResponseType: 'token'
    });
};

问题很明显。您的请求有 CUSTOM_AUTH 个 AuthFlow。自定义身份验证需要 lambda。如果您想要常规的用户名密码身份验证,请选择 USER_PASSWORD_AUTH