All geek questions in one place

AWS Cognito custom pool without password

I want to use the phone number as a name for my application, and I want it to be easy to register by simply checking the phone number every time he wants to log in - not a messy password that remembers the business.

How to do this with AWS Cognito User Pool, as it asks me to configure a password for each user.

I thought of using a dummy password for each user and setting up a mandatory user check. Each time a user logs out, I can "Unverify" the user so that the next time they are automatically asked to confirm the phone number. Also, I will connect my application only to the "login" if the user is verified.

Please let me know if this is the best approach :( I am new to AWS and I could not find any posts for this scenario.

Thank!

+4
source share
1 answer

Since AWS Cognito does not currently support passwordless authentication, you need to implement a workaround with a random password stored externally. You can implement the authentication flow as follows.

  • After registering the user (also indicate the mobile phone number and make it mandatory), save the mobile phone number, username and password also in Dynamodb, encrypted using AWS KMS (For added security).
  • MFA , , (In frontend), (Passthrough) MFA , AWS Cognito SDK ( ).
  • ( MFA) SMS , AWS SNS .

, MFA . .

    var userData = { 
        Username : 'username',
        Pool : userPool
    };

    cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);

    var authenticationData = {
        Username : 'username',
        Password : 'password',
    };

    var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authenticationData);

    cognitoUser.authenticateUser(authenticationDetails, {
        onSuccess: function (result) {
            alert('authentication successful!')
        },

        onFailure: function(err) {
            alert(err);
        },

        mfaRequired: function(codeDeliveryDetails) {
            var verificationCode = prompt('Please input verification code' ,'');
            cognitoUser.sendMFACode(verificationCode, this);
        }

    });

: MFA MFA, .

+8

Source: https://habr.com/ru/post/1683639/

More articles:


All Articles