Amazon Cognito - 개발자 안내서 · Amazon Cognito 개발자 안내서 Amazon Cognito란 무엇입니까? Amazon Cognito는 웹 및 모바일 앱에 대한 인증, 권한 부여

Amazon Cognito

Amazon Cognito

Amazon Cognito: Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored byAmazon.

Amazon Cognito

Table of ContentsAmazon Cognito ? ............................................................................................................ 1

Amazon Cognito .............................................................................................................. 2Amazon Cognito ........................................................................................................... 2Amazon Cognito ................................................................................................................. 3Amazon Cognito .......................................................................................................... 3 ................................................................................................................. 4

Amazon Cognito ................................................................................................................... 5 Amazon Cognito ...................................................................................................... 6

................................................................................................................. 6 ................................................................................................................. 6API Lambda ............................................................................... 7 AWS ............................................................ 8 AWS ........................................................... 8Amazon Cognito AWS AppSync .................................................................. 9

............................................................................................................................................. 10 ......................................................................................................................... 10

...................................................................................................................... 10 ..................................................................................................................... 10

...................................................................................................................... 11SDK ................................................................................................................... 11AWS ..................................................................................................................... 12

Amazon Cognito ................................................................................................................ 13 ................................................................................................................... 14

: AWS ................................................................................................. 14 1. .................................................................. 14 2. UI ........................................................................... 15 3. () .......................................................................... 17 4. SAML () ...................................... 20 5. Amazon Cognito SDK ....................................................................... 22 ......................................................................................................................... 23

.............................................................................................................. 23JavaScript ............................................................................................................ 23Android ................................................................................................................ 39iOS ..................................................................................................................... 59

................................................................................................................... 73 (AWS Management ) ....................................................................... 73 .................................................................................................... 75 ...................................................................................................................... 77 ................................................................................................. 82 .............................................................................................................. 85

............................................................................................................ 87 ................................................................................................ 88SAML ............................................................................................................ 91OIDC ............................................................................................................. 98 ................................................................................................................ 104

............................................................................................................................... 106 (MFA) ................................................................................................ 106 ........................................................................................................ 109

Lambda ................................................................................................................ 117Lambda ........................................................................................................ 118 Lambda ...................................................................................... 118 Lambda ............................................................................ 119Lambda ........................................................................................................ 119 Lambda ................................................................................................ 121

iii

Amazon Cognito

Lambda ................................................................................................ 126 Lambda ................................................................................................ 129 Lambda ................................................................................................ 131 Lambda ........................................................................................................ 134 Lambda ......................................................................................... 142 Lambda ................................................................................. 145 Lambda ................................................................................... 148

Amazon Pinpoint ...................................................................................................... 153Amazon Pinpoint .............................................................................................. 153Amazon Pinpoint (AWS CLI AWS API) ....................................................... 154

............................................................................................................................ 154 ................................................................................................. 154 ...................................................................................................... 158 ..................................................................................................... 161 ........................................................................................................ 163 ............................................................................................ 166

...................................................................................................................................... 176 ........................................................................................................ 178 ....................................................................................................................... 181

.......................................................................................................... 188 ......................................................................................................... 6API Lambda ............................................................. 189 AWS ...................................................................... 190

................................................................................................................ 192 .............................................................................................................................. 194 ................................................................................................................ 194 .............................................................................................................................. 194 .............................................................................................................................. 199 ........................................................................................................ 200 ......................................................................................................... 201Tags .............................................................................................................................. 204 ........................................................................................................................ 204 ................................................................................................................. 205 ........................................................................................................................... 206 .............................................................................................................................. 206 .............................................................................................................................. 206 ......................................................................................................... 207 .................................................................................................................... 208UI ................................................................................................................ 208 .................................................................................................................... 209 ............................................................................................................. 209 ....................................................................................................................... 212

Amazon Cognito ........................................................................................................... 214 ............................................................................................................. 214

AWS ............................................................................................................ 215Amazon Cognito .......................................................................... 215Mobile JavaScript SDK ...................................................................................... 215 ..................................................................................................... 216 ................................................................................................................ 216

................................................................................................................... 216 IAM ............................................................................................................. 217 ...................................................................... 217 .............................................................................. 217 .................................................................................... 217 ........................................................................................... 218 ........................................................................................................... 218 ....................................................................................... 218

iv

Amazon Cognito

............................................................................................................. 219 ...................................................................................................... 219 ......................................................................................................... 220Amazon Cognito ............................................................................................ 220Amazon Cognito ............................................................................................ 220

................................................................................................................... 220 .................................................................................................... 221IAM ........................................................................................................................ 225 ........................................................................................................... 228

............................................................................................................. 229 ........................................................................................... 229 ........................................................................................................ 230 ............................................................................... 230 ................................................................. 231 ................................................................................. 231 ............................................................................. 232

........................................................................................................................ 232Android .......................................................................................................................... 232iOS - Objective-C ............................................................................................................ 233iOS - Swift ..................................................................................................................... 234JavaScript ...................................................................................................................... 235Unity ............................................................................................................................. 236Xamarin ......................................................................................................................... 237

AWS .................................................................................................................... 237Android .......................................................................................................................... 238iOS - Objective-C ............................................................................................................ 238iOS - Swift ..................................................................................................................... 238JavaScript ...................................................................................................................... 238Unity ............................................................................................................................. 238Xamarin ......................................................................................................................... 239

........................................................................................... 239Facebook ....................................................................................................................... 239Login with Amazon .......................................................................................................... 244Google ........................................................................................................................... 247OpenID Connect ................................................................................................... 253SAML ................................................................................................... 255

............................................................................................................. 257 ................................................................................................................ 257 .................................................... 257 ..................................................................................................... 257 (Android iOS ) ........................................................................... 263 ( ) .................................................................................................... 263 .............................................................................................. 264 ........................................................................................................ 265

........................................................................................................................ 267Android .......................................................................................................................... 267iOS - Objective-C ............................................................................................................ 268iOS - Swift ..................................................................................................................... 268JavaScript ...................................................................................................................... 268Unity ............................................................................................................................. 268Xamarin ......................................................................................................................... 269

Amazon Cognito Sync ..................................................................................................................... 270Amazon Cognito Sync ................................................................................................ 270

AWS ............................................................................................................ 270Amazon Cognito ............................................................................. 271 ..................................................................................................... 271

......................................................................................................................... 271

v

Amazon Cognito

Amazon Cognito Sync ........................................................................... 271 ............................................................................................................. 273 .................................................................................... 274 Sync ................................................................................. 276

............................................................................................................................... 278Android .......................................................................................................................... 278iOS - Objective-C ............................................................................................................ 280iOS - Swift ..................................................................................................................... 282JavaScript ...................................................................................................................... 284Unity ............................................................................................................................. 286Xamarin ......................................................................................................................... 288

............................................................................................................................ 290Amazon Simple Notification Service(Amazon SNS) .................................................... 290Amazon Cognito console ................................................................ 290 : Android ...................................................................................... 290 : iOS - Objective-C ........................................................................ 292 : iOS - Swift ................................................................................. 294

Amazon Cognito ........................................................................................................... 296Amazon Cognito ........................................................................................................... 297

.............................................................................................................................................. 301 ....................................................................................................................................... 304

AWS CloudTrail Amazon Cognito API ............................................................. 304CloudTrail Amazon Cognito .................................................................................... 304Amazon Cognito ................................................................................ 305

API ........................................................................................................................................ 307 API ................................................................................................................. 307 Auth API .......................................................................................................... 307

...................................................................................................... 307 .............................................................................................................. 311USERINFO .................................................................................................... 315 ........................................................................................................... 316 ........................................................................................................ 317

API ................................................................................................................. 318Cognito API .......................................................................................................... 318

.................................................................................................................................... 319Amazon (ARN) ....................................................................................................... 319 ............................................................................................................................... 319 ............................................................................................................................ 320 API API ........................................................................................ 321

....................................................................................................................................... 322AWS Glossary ................................................................................................................................ 325

vi

Amazon Cognito

Amazon Cognito ?Amazon Cognito , . Facebook, Amazon, Google .

Amazon Cognito . . .

Amazon Cognito

Amazon Cognito . AWS .

1. .2. AWS .3. AWS Amazon S3 DynamoDB AWS

.

Amazon Cognito (p. 6) .

Amazon Cognito SOC 1-3, PCI DSS, ISO 27001 , HIPAA-BAA . AWS . (p. 4) .

Amazon Cognito (p. 2) Amazon Cognito (p. 2)

1

http://aws.amazon.com/compliance/services-in-scope/

Amazon Cognito Amazon Cognito

Amazon Cognito (p. 3) Amazon Cognito (p. 3) (p. 4)

Amazon Cognito

Amazon Cognito . Amazon Cognito , (IdP) . ,SDK .

:

. UI Facebook, Google, Login with Amazon SAML OIDC

. . (MFA), , , . AWS Lambda .

(p. 14) Amazon Cognito API .

AWS Amazon S3 DynamoDB AWS . .

Amazon Cognito Facebook, Google, Login with Amazon OpenID Connect(OIDC) SAML

.

Amazon Cognito ( ) (p. 214) Amazon Cognito API .

Amazon Cognito Amazon Cognito (p. 5) .

, , Amazon Cognito .

2

http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/http://docs.aws.amazon.com/cognitoidentity/latest/APIReference/https://aws.amazon.com/cognito/dev-resources/

Amazon Cognito Amazon Cognito

Amazon Cognito AWS . Amazon Cognito (p. 3) .

Amazon Cognito Amazon Cognito Amazon Cognito .

Amazon Cognito Amazon Cognito .

Amazon Cognito

1. Amazon Cognito AWS .2. Amazon Cognito . AWS .3. [Manage your User Pools] .

(p. 14) .4. [Manage Federated Identities] .

Amazon Cognito ( ) (p. 214) .

Amazon Cognito AWS Management . AWS Management .

3

https://aws.amazon.com/cognito/pricing/https://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/cognito/latest/developerguide/aws-cognito-sign-up-aws-account.htmlhttps://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/getting-started.html

Amazon Cognito

Amazon Cognito AWS , . AWS .

Amazon Cognito [email protected] () .

Amazon Cognito Amazon Simple Email Service(Amazon SES) Amazon SES AWS .

Amazon Cognito SMS Amazon SNS SMS AWS .

Amazon Cognito Amazon Pinpoint ( ) .

4

Amazon Cognito

Amazon Cognito Amazon Cognito . Amazon Cognito AmazonCognito ? (p. 1) .

Amazon Cognito . . AWS AWS . .

1. 2. UI 3. 4. SAML (IdP) .5. OpenID Connect(OIDC) IdP .6. SDK 7. UI 8. 9. Lambda 10. Amazon Pinpoint

Amazon Cognito

API Lambda AWS AWS AWS AppSync

5

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-configuring-app-integration.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-oidc-idp.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sdk-links.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-ui-customization.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/managing-security.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/how-to-create-user-accounts.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-import-users.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-basic-user-poolhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-backendhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-api-gatewayhttp://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-integrating-user-pools-with-identity-pools.htmlhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-identity-poolhttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-appsync

Amazon Cognito

Amazon Cognito Amazon Cognito 6 .

Amazon Cognito . . AWS AWS .

Amazon Cognito . (IdP) . Facebook, Google Amazon OpenID Connect(OIDC) SAML IdP . , SDK .

AWS Amazon S3 DynamoDB AWS . IdP .

(p. 6) (p. 6) API Lambda (p. 7) AWS (p. 8) AWS (p. 8) Amazon Cognito AWS AppSync (p. 9)

. (IdP) . Facebook, Google Amazon OpenID Connect(OIDC) SAML IdP .

Amazon Cognito . AWS AWS . Amazon API Gateway .

(p. 178) (p. 181) .

Amazon Cognito . .

6

Amazon Cognito API Lambda

. (p. 161) .

Amazon Cognito UI . OAuth 2.0 . (p. 85) .

(p. 178) (p. 181) .

API Lambda

API API . API , Lambda API .

IAM API . ID . (p. 161) .

Amazon Cognito Lambda API . API Amazon Cognito API .

7

http://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.htmlhttp://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

Amazon Cognito AWS

AWS

Amazon Cognito . AWS . AWS (p. 190) Amazon Cognito ( ) (p. 214) .

AWS

AWS . IdP ( ). AWS , AWS . Amazon Cognito ( ) (p. 214) .

8

Amazon Cognito Amazon Cognito AWS AppSync

Amazon Cognito AWS AppSync

Amazon Cognito AWSAppSync . AWS AppSync .

9

http://docs.aws.amazon.com/appsync/latest/devguide/security.htmlhttp://docs.aws.amazon.com/appsync/latest/devguide/security.html

Amazon Cognito

Amazon Cognito Amazon Cognito . . AWS AWS .

(p. 10) (p. 10) SDK (p. 11) AWS (p. 12)

Amazon Cognito .

1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. [Create a User Pool] .4. [Review Defaults] .5. [Review] [Create pool] .

Amazon Cognito (p. 13) .

(p. 178) (p. 181) .

AWS Amazon S3 DynamoDB AWS .

1. Amazon Cognito . AWS .2. [Manage Federated Identities] .3. [Create new identity pool] .4. .5. [Unauthenticated identities] [Enable

access to unauthenticated identities] .6. [Create Pool] .7. AWS .

10

https://console.aws.amazon.com/cognito/homehttps://console.aws.amazon.com/cognito/home

Amazon Cognito

[Allow] 2( 1, 1) . Amazon Cognito Sync . IAM .

8. ID . Amazon Simple StorageService DynamoDB AWS .

Amazon Cognito ( ) (p. 214) .

S3 Uploading Photos to Amazon S3 from a Browser .

SDK Amazon Cognito JavaScript SDK signUp . JavaScript, Android iOS .

: JavaScript (p. 24) : Android (p. 40) : iOS (p. 60)

var data = { UserPoolId: 'us-east-1_aBcD9efgh', // Insert your user pool id ClientId: '12abcdef3gh4i5j67klmn890p1' // Insert your app client id }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(data); Cognito Sign Up User Demo User name:

Password:

Sign Up User var attributeList = []; document.getElementById('signupUser').addEventListener('click', function () { userPool.signUp(document.getElementById('username').value, document.getElementById('password').value, attributeList, null,

11

http://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html

Amazon Cognito AWS

function (err, result) { if (err) { alert(err); return; } document.getElementById('signupUserResults').innerHTML = "Results: " + JSON.stringify( result.user, null, 2); cognitoUser = result.user; console.log(cognitoUser); }); });

Amazon Cognito

Amazon Cognito Amazon Cognito . Amazon Cognito . Facebook Amazon , SAML . , SDK .

:

. UI Facebook, Google, Login with Amazon SAML

. . (MFA), , , . AWS Lambda .

Amazon Cognito JSON (JWT) , API AWS .

Amazon Cognito JavaScript, Android iOS Amazon Cognito Identity SDK . (p. 14) (p. 181) .

Amazon Cognito . AWS AWS . AWS AWS . AWS (p. 190) AmazonCognito ( ) (p. 214) .

(p. 14) Amazon Cognito (p. 23) (p. 73) (p. 87) Amazon Cognito (p. 106) Lambda (p. 117) Amazon Cognito Amazon Pinpoint (p. 153) (p. 154) (p. 176)

13

Amazon Cognito

(p. 188) () (p. 192)

Amazon Cognito . Amazon Cognito Amazon Cognito (p. 5) .

: AWS (p. 14) 1. (p. 14) 2. UI (p. 15) 3. () (p. 17) 4. SAML () (p. 20) 5. Amazon Cognito SDK (p. 22) (p. 23)

: AWS Amazon Cognito AWS . .

AWS .

1. https://aws.amazon.com/ [Create an AWS Account] .

Note

AWS Management . [Sign in to a different account] , [Create a newAWS account] .

2. .

PIN .

1. (p. 14)

1. Amazon Cognito .

1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. [Create a User Pool] .

14

https://console.aws.amazon.com/cognito/homehttps://aws.amazon.com/https://console.aws.amazon.com/cognito/home

Amazon Cognito 2. UI

4. [Review Defaults] .5. [Attributes] [Email address or phone number] [Allow email addresses] .6. [Next Step] .7. [Review] .8. [Review] [Create pool] .

2. UI (p. 15)

2. UI .

1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. .4. [General settings] [App clients] .5. [Add an app client] .6. .7. . JavaScript

URL . .

8. [Create app client] .9. [App client ID] .10. [Return to pool details] .11. .

a. [App client settings] .b. [Enabled Identity Providers] [Cognito User Pool] .

Note

Facebook, Amazon Google (IdP) OpenIDConnect(OIDC) SAML IdP , .

c. Amazon Cognito URL . URL https:// (: https://www.example.com).

iOS Android myapp:// URL .d. [Authorization code grant] .

. . Proof Key for Code Exchange (PKCE) .

[Allowed OAuth Flows] [Implicit grant] Amazon Cognito JSON (JWT) . . .

15

https://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.htmlhttps://tools.ietf.org/html/rfc7636

Amazon Cognito 2. UI

[Authorization code grant] [Implicit code grant] .

[Allowed OAuth scopes] .

Note

[Clientcredentials] .

e. [Save changes] .12. .

a. [Domain name] .b. .c. [Save changes] .

URL UI . response_type . response_type=code .

https://your_domain/login?response_type=code&client_id=your_app_client_id&redirect_uri=your_callback_url

URL UI . response_type=token . Amazon Cognito .

https://your_domain/login?response_type=token&client_id=your_app_client_id&redirect_uri=your_callback_url

#idtoken= JSON (JWT) .

. .

https://www.example.com/#id_token=123456789tokens123456789&expires_in=3600&token_type=Bearer

AWS Lambda . AWS GitHub Decode and verify Amazon Cognito JWT tokens .

Amazon Cognito RS256 .

.

[Domain name] . [App client settings] ID URL .

3. () (p. 17)

16

https://github.com/awslabs/aws-support-tools/tree/master/Cognito/decode-verify-jwt

Amazon Cognito 3. ()

3. () Facebook, Google Login with Amazon (IdP) . . .

1: IdP Amazon Cognito IdP IdP ID .

Facebook

1. Facebook .2. Facebook .3. My Apps( ) Create New App( ) .4. Facebook Create App ID( ID ) .5. .6. App ID( ID) . .7. + Add Platform( ) .8. .9. /oauth2/idpresponse Site URL( URL)

.

https:///oauth2/idpresponse

10. [Save changes] .11. App Domains( ) .

https://

12. [Save changes] .13. Facebook Set up() .14. Facebook .

Valid OAuth Redirect URIs( OAuth URI) URL . /oauth2/idpresponse .


15. [Save changes] .

Amazon

1. Amazon .2. Amazon .3. Amazon Amazon ID .

17

https://developers.facebook.com/docs/facebook-loginhttps://developers.facebook.com/https://developer.amazon.com/login-with-amazonhttps://developer.amazon.com/lwa/sp/overview.html


Apps and Services( ) Amazon .

4. Create a Security Profile( ) .5. Security Profile Name( ), Security Profile Description( ) Consent

Privacy Notice URL( URL ) .6. [Save] .7. ID ID .

.8. Web Settings( ) .9. [Allowed Origins] .

https://

10. /oauth2/idpresponse Allowed Return URLs( URL).


11. .

Google

1. Google .2. Google .3. CONFIGURE A PROJECT( ) .4. .5. .6. Web browser( ) ( Where are you calling from? ).7. [Authorized JavaScript origins] .

https://

8. . ID .9. [DONE] .10. Google .11. [Credentials] .12. OAuth client ID(OAuth ID) OAuth 2.0

.13. [Web application] .14. [Authorized JavaScript origins] .

https://

15. /oauth2/idpresponse Authorized Redirect URIs( URI)] .

18

https://developers.google.com/identityhttps://developers.google.com/identity/sign-in/web/sign-inhttps://console.developers.google.com



16. [Create] .17. [OAuth client ID] [client secret] . .18. .

2: IdP ID IdP .

AWS Management

1. Amazon Cognito . AWS .2. [Manage your User Pools] .3. .4. .5. [Facebook], [Google], [Login with Amazon] .6. ID .7. . (: name

email) . Facebook . Google Login with Amazon .

Facebook public_profile, email

Google profile email openid

Login with Amazon profile postal_code

. Google, Facebook Login with Amazon .

8. [Enable] .9. [App client settings] .10. .11. [Callback URL(s)] URL .

URL.

https://www.example.com

12. [Save changes] .13. [Attribute mapping] ( email)

.

a. Facebook, Google Amazon . Amazon Cognito .

b. .c. [Save changes] .d. [Go to summary] .

19

https://console.aws.amazon.com/cognito/homehttp://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.html

Amazon Cognito 4. SAML

()

3: IdP URL . IdP .

https://your_user_pool_domain/login?response_type=code&client_id=your_client_id&redirect_uri=https://www.example.com

[Domain name] . client_id [App clientsettings] . redirect_uri URL . URL .

4. SAML () (p. 20)

4. SAML () SAML (IdP) . . SAML .

SAML . SAML 2.0 SAML .

SAML . SAML 2.0 POST SAML .

https://.auth..amazoncognito.com/saml2/idpresponse

Amazon Cognito [Domain name] .

SAML SP urn / URI / SP ID .

urn:amazon:cognito:sp:

Amazon Cognito [App client settings] ID .

SAML . email . SAML SAML email () .

Amazon Cognito SAML 2.0 . SAML SAML .

SAML 2.0

1. Amazon Cognito . AWS .

20

https://console.aws.amazon.com/cognito/homehttps://console.aws.amazon.com/cognito/homehttps://console.aws.amazon.com/cognito/home

Amazon Cognito 4. SAML

()

2. [Manage your User Pools] .3. .4. .5. SAML SAML .6. SAML IdP .

URL . SAML Amazon Cognito (p. 97) .

Note

Amazon Cognito URL . 6 .

7. SAML [Provider name] . SAML SAML (p. 93) .

8. SAML [Identifiers]() .9. Amazon Cognito SAML IdP [Enable IdP sign

out flow] .

(p. 317) SAML IdP .

IdP . .

https://.auth..amazoncognito.com/saml2/logout

Note

SAML SAML IdP Amazon Cognito .SAML IdP Amazon Cognito .

10. [Create provider] .11. [Attribute mapping] ( email)

.

a. SAML SAML . SAML . email .

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

b. .12. [Save changes] .13. [Go to summary] .

SAML (p. 91) .

5. Amazon Cognito SDK (p. 22)

21

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.html

Amazon Cognito 5. Amazon Cognito SDK

5. Amazon Cognito SDK Amazon Cognito SDK .

Amazon Cognito Identity SDK . Amazon Cognito API .

Amazon Cognito Auth SDK UI . , , , (MFA) .

JavaScript

SDK Documentation

JavaScript Identity SDK. Identity SDK

AWS Mobile React

Amazon Cognito JavaScript (p. 23)

AWS Amplify

JavaScript Auth SDK Auth SDK Amazon Cognito AuthAPI (p. 307)

Android

SDK Documentation

Android Identity SDK. Identity SDK

Android Mobile SDK

Amazon Cognito Android (p. 39)

Android Mobile SDK

Android Auth SDK. Auth SDK Amazon Cognito AuthAPI (p. 307)

iOS

SDK Documentation

iOS Identity SDK. Identity SDK

Mobile SDK for iOS

Amazon Cognito iOS (p. 59)

AWS Mobile SDK for iOS

iOS Auth SDK .

Mobile SDK for iOS.

Auth SDK Amazon Cognito AuthAPI (p. 307)

AWS SDK SDK AWS SDK .

22

https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.htmlhttps://github.com/awslabs/aws-mobile-react-samplehttps://aws.github.io/aws-amplify/https://github.com/aws/amazon-cognito-auth-jshttps://github.com/aws/amazon-cognito-auth-js/tree/master/sample/https://github.com/aws/aws-sdk-android/tree/master/aws-android-sdk-cognitoidentityproviderhttp://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.htmlhttps://github.com/awslabs/aws-sdk-android-sampleshttps://aws.amazon.com/documentation/sdk-for-android/https://github.com/aws/aws-sdk-android/tree/master/aws-android-sdk-cognitoauthhttps://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemohttps://github.com/aws/aws-sdk-ios/tree/master/AWSCognitoIdentityProviderhttp://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-ios-sdk.htmlhttps://github.com/awslabs/aws-sdk-ios-sampleshttps://aws.amazon.com/documentation/sdk-for-ios/http://docs.aws.amazon.com/aws-mobile/latest/developerguide/cognito-getting-started.htmlhttps://github.com/awslabs/aws-sdk-ios-samples/tree/master/CognitoAuth-Samplehttps://aws.amazon.com/tools/#sdk

Amazon Cognito

SDK . .

JavaScript, Android iOS Amazon Cognito .

Amazon Cognito JavaScript (p. 23) Amazon Cognito Android (p. 39) Amazon Cognito iOS (p. 59)

:

(p. 82) (MFA) (p. 106) (p. 109) Lambda (p. 117) Amazon Cognito Amazon Pinpoint (p. 153)

Amazon Cognito Amazon Cognito (p. 6) .

AWS AWS (p. 190) .

AWS Management SDK AWS Command LineInterface .

Amazon Cognito

Amazon Cognito . .

Amazon Cognito JavaScript, Android iOS Identity SDK . Amazon Cognito JSON (JWT) . (p. 181) .

Amazon Cognito JavaScript (p. 23) Amazon Cognito Android (p. 39) Amazon Cognito iOS (p. 59)

Amazon Cognito JavaScript Amazon Cognito . . Amazon Cognito .

23

http://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.htmlhttp://docs.aws.amazon.com/cli/latest/reference/cognito-idp/index.htmlhttps://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/

Amazon Cognito JavaScript

Amazon Cognito AWS Amplify JavaScript . AWS Amplify . AWS Amplify Library .

Note

JavaScript Amazon Cognito Identity SDK AWS Amplify Library .

: JavaScript (p. 24) : JavaScript SDK (p. 27) : SDK for JavaScript AdminCreateUser API

(p. 37) : Lambda JavaScript (p. 38)

: JavaScript JavaScript Amazon Cognito SDK .

1: JavaScript (p. 24) 2: (p. 25) 3: (p. 25) 4: (p. 26) 5: (p. 26) 6: (p. 27) 7: AWS (p. 27) (p. 27)

1: JavaScript . ID ID . () (p. 192) .

1. Amazon Cognito .2. [Manage your User Pools] .3. [Create a User Pool] .4. [Pool name] [Review defaults] .

.5. [Attributes] .

.

a. email [Required] [Alias] .b. phone number [Required] [Alias] .c. given name [Required] .d. [Save changes] .

6. [Policies] . .

24

https://github.com/aws/aws-amplify#web-development/https://aws.github.io/aws-amplify/media/authentication_guide.htmlhttps://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/https://github.com/aws/aws-amplifyhttps://console.aws.amazon.com/cognito/home


7. [Verifications] . . .

8. [Apps] [Add an app] . .

9. [App name] . [Generate client secret] [Set attribute read and write permissions] . . .

Note

Amazon Cognito JavaScript SDK . SDK .

10. [Create app] [Save changes] .11. [Review] [Create pool] .12. ID ID . [Apps] ID

.

2:

1 ID ID . CognitoUserPool . JavaScript SDK . SDK .

var poolData = { UserPoolId : '...', // your user pool id here ClientId : '...' // your app client id here};var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);var userData = { Username : '...', // your username here Pool : userPool};

3:

. UI signUp CognitoUserAttribute .

var attributeList = []; var dataEmail = { Name : 'email', Value : '...' // your email here};var dataPhoneNumber = { Name : 'phone_number', Value : '...' // your phone number here with +country code and no delimiters in front};var attributeEmail = new AmazonCognitoIdentity.CognitoUserAttribute(dataEmail);var attributePhoneNumber = new AmazonCognitoIdentity.CognitoUserAttribute(dataPhoneNumber); attributeList.push(attributeEmail);attributeList.push(attributePhoneNumber);

25


var cognitoUser;userPool.signUp('username', 'password', attributeList, null, function(err, result){ if (err) { alert(err); return; } cognitoUser = result.user; console.log('user name is ' + cognitoUser.getUsername());});

4: SMS . PreSignUp AWS Lambda . ( '123456') .

cognitoUser.confirmRegistration('123456', true, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result);});

cognitoUser resendConfirmationCode . , ID .

5: . ID . (p. 181) . onSuccess . onFailure . MFA mfaRequired cognitoUser sendMFACode . .

var authenticationData = { Username : '...', // your username here Password : '...', // your password here }; var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData); var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { var accessToken = result.getAccessToken().getJwtToken()); }, onFailure: function(err) { alert(err); }, mfaRequired: function(codeDeliveryDetails) { var verificationCode = prompt('Please input verification code' ,''); cognitoUser.sendMFACode(verificationCode, this); } });

26


6: , (: ), , , , . MFA MFA . .

. . . cognitoUser forgotPassword .

cognitoUser.forgotPassword({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); }, inputVerificationCode() { var verificationCode = prompt('Please input verification code ' ,''); var newPassword = prompt('Enter new password ' ,''); cognitoUser.confirmPassword(verificationCode, newPassword, this); }});

7: AWS AWS Amazon Cognito (p. 216) . ID ID ( ) AWS . IdentityPoolId Logins ID .

AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'us-east-1:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', Logins: { 'cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXXXXXXX': result.getIdToken().getJwtToken() }}); AWS.config.credentials.get(function(err){ if (err) { alert(err); }});

Amazon Cognito JavaScript GitHub .

: JavaScript SDK UserPoolId ClientId , , CognitoUserPool .

27

https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js/


Note

JavaScript :Android Mobile SDK AdminCreateUser API (p. 56) (p. 158) .

var authenticationData = { Username : 'username', Password : 'password', }; var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData); var poolData = { UserPoolId : 'us-east-1_TcoKGbf7n', ClientId : '4pe2usejqcdmhi0a25jp4b5sh3' }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); var userData = { Username : 'username', Pool : userPool }; var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData); cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { var accessToken = result.getAccessToken().getJwtToken(); /* Use the idToken for Logins Map when Federating User Pools with identity pools or when passing through an Authorization Header to an API Gateway Authorizer*/ var idToken = result.idToken.jwtToken; },

onFailure: function(err) { alert(err); },

});

MFA

MFA ( ) MFA( ) .

cognitoUser.enableMFA(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });

MFA

MFA ( ) MFA( ) .

cognitoUser.disableMFA(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result);

29


});

var data = { UserPoolId : 'us-east-1_q2Y6U8uuY', ClientId : '224kjog47ojnt9ov773erj7qn9' };

var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);

var attribute = { Name : 'email', Value : '[email protected]' };

var attributeEmail = new AmazonCognitoIdentity.CognitoUserAttribute(attribute); var attributeList = []; attributeList.push(attributeEmail); var cognitoUser;

userPool.signUp('username', 'password', attributeList, null, function(err, result) { if (err) { alert(err); return; } cognitoUser = result.user; });

MFA

var userData = { Username : 'username', Pool : userPool };

cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);

var authenticationData = { Username : 'username', Password : 'password', };

var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);

cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { alert('authentication successful!') },

onFailure: function(err) { alert(err); },

mfaRequired: function(codeDeliveryDetails) { var verificationCode = prompt('Please input verification code' ,''); cognitoUser.sendMFACode(verificationCode, this);

30


}

});

.

var attributeList = []; var attribute = { Name : 'nickname', Value : 'joe' }; var attribute = new AmazonCognitoIdentity.CognitoUserAttribute(attribute); attributeList.push(attribute);

cognitoUser.updateAttributes(attributeList, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });

.

var attributeList = []; attributeList.push('nickname');

cognitoUser.deleteAttributes(attributeList, function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });

.

cognitoUser.getAttributeVerificationCode('email', { onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); }, inputVerificationCode: function() { var verificationCode = prompt('Please input verification code: ' ,''); cognitoUser.verifyAttribute('email', verificationCode, this); } });

.

31


cognitoUser.getUserAttributes(function(err, result) { if (err) { alert(err); return; } for (i = 0; i < result.length; i++) { console.log('attribute ' + result[i].getName() + ' has value ' + result[i].getValue()); } });

SMS .

cognitoUser.resendConfirmationCode(function(err, result) { if (err) { alert(err); return; } alert(result); });

cognitoUser.confirmRegistration('123456', true, function(err, result) { if (err) { alert(err); return; } alert(result); });

.

cognitoUser.changePassword('oldPassword', 'newPassword', function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });

.

cognitoUser.forgotPassword({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); }, inputVerificationCode() { var verificationCode = prompt('Please input verification code ' ,''); var newPassword = prompt('Enter new password ' ,'');

32


cognitoUser.confirmPassword(verificationCode, newPassword, this); } });

.

cognitoUser.deleteUser(function(err, result) { if (err) { alert(err); return; } console.log('call result: ' + result); });

.

if (cognitoUser != null) { cognitoUser.signOut(); }

.

cognitoUser.globalSignOut();

.

var data = { UserPoolId : '...', // Your user pool id here ClientId : '...' // Your client id here }; var userPool = new AmazonCognitoIdentity.CognitoUserPool(data); var cognitoUser = userPool.getCurrentUser();

if (cognitoUser != null) { cognitoUser.getSession(function(err, session) { if (err) { alert(err); return; } console.log('session validity: ' + session.isValid());

AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId : '...' // your identity pool id here Logins : { // Change the key below according to the specific region your user pool is in. 'cognito-idp..amazonaws.com/' : session.getIdToken().getJwtToken() } });

33


// Instantiate aws sdk service objects now that the credentials have been updated. // example: var s3 = new AWS.S3();

}); }

.

var cognitoUser = userPool.getCurrentUser();

if (cognitoUser != null) { cognitoUser.getSession(function(err, result) { if (result) { console.log('You are now logged in.');

// Add the User's Id Token to the Cognito credentials login map. AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'YOUR_IDENTITY_POOL_ID', Logins: { 'cognito-idp..amazonaws.com/': result.getIdToken().getJwtToken() } }); } }); } //call refresh method in order to authenticate user and get new temp credentials AWS.config.credentials.refresh((error) => { if (error) { console.error(error); } else { console.log('Successfully logged!'); } });

. . null . .

cognitoUser.listDevices(limit, paginationToken, { onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });

.

cognitoUser.listDevices(limit, paginationToken, { onSuccess: function (result) { console.log('call result: ' + result);

34


}, onFailure: function(err) { alert(err); } });

.

cognitoUser.setDeviceStatusRemembered({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });

.

cognitoUser.setDeviceStatusNotRemembered({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });

.

cognitoUser.forgetDevice({ onSuccess: function (result) { console.log('call result: ' + result); }, onFailure: function(err) { alert(err); } });

SMS .

var poolData = { UserPoolId : 'us-east-1_TcoKGbf7n', ClientId : '4pe2usejqcdmhi0a25jp4b5sh3' };

var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData); var userData = { Username : 'username', Pool : userPool };

35


smsMfaSettings = { PreferredMfa : true, Enabled : true }; cognitoUser.setUserMfaPreference(smsMfaSettings, null, function(err, result) { if (err) { alert(err); } console.log('call result ' + result) });

TOTP MFA MFA

TOTP MFA MFA .

totpMfaSettings = { PreferredMfa : true, Enabled : true }; cognitoUser.setUserMfaPreference(null, totpMfaSettings, function(err, result) { if (err) { alert(err); } console.log('call result ' + result) });

: SDK for JavaScript AdminCreateUser API (AdminCreateUser API ) newPasswordRequired . SDK newPasswordRequired . completeNewPasswordChallenge . CognitoUser .

newPasswordRequired userAttributes requiredAttributes .

cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function (result) { // User authentication was successful },

onFailure: function(err) { // User authentication was not successful },

mfaRequired: function(codeDeliveryDetails) { // MFA is required to complete user authentication. // Get the code from user and call cognitoUser.sendMFACode(mfaCode, this) },

newPasswordRequired: function(userAttributes, requiredAttributes) { // User was signed up by an admin and must provide new // password and required attributes, if any, to complete

37


// authentication.

// userAttributes: object, which is the user's current profile. It will list all attributes that are associated with the user. // Required attributes according to schema, which dont have any values yet, will have blank values. // requiredAttributes: list of attributes that must be set by the user along with new password to complete the sign-in.

// Get these details and call // newPassword: password that user has given // attributesData: object with key as attribute name and value that the user has given. cognitoUser.completeNewPasswordChallenge(newPassword, attributesData, this) } });

: Lambda JavaScript Lambda .

Lambda

JavaScript Lambda .

Lambda Lambda (p. 117) .

Lambda Lambda (p. 166) .

JavaScript

AWSCognitoIdentityProvider JavaScript SDK 2.0.2 .

. .

SDK (SRP) . USER_PASSWORD_AUTH SSL . SRP .

USER_PASSWORD_AUTH .

cognitoUser.setAuthenticationFlowType('USER_PASSWORD_AUTH');

cognitoUser.authenticateUser(authenticationDetails, { onSuccess: function(result) { // User authentication was successful }, onFailure: function(err) { // User authentication was not successful }, mfaRequired: function (codeDeliveryDetails) { // MFA is required to complete user authentication.

38

https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js

Amazon Cognito Android

// Get the code from user and call cognitoUser.sendMFACode(verificationCode, this); } });

Amazon Cognito Android Amazon Cognito . . Amazon Cognito . Android Studio Android .

Android AWS Mobile SDK Android Mobile SDK .

React Native Amazon Cognito React Native AWS Amplify React Native . React NativeAWS Amplify . AWS Amplify Library .

Gradle Gradle .

AWS Android Core SDK(aws-android-sdk-core-x.x.x.jar): AWS Android Core aws-android-sdk-core-2.2.8.jar Gradle .

AWS Cognito Android SDK(aws-android-sdk-cognitoidentityprovider:2.3.8.jar): Gradle Cognito Android SDK .

AWS Cognito .

.

Android Mobile SDK (p. 39) : Android (p. 40) Android Mobile SDK (p. 49) : Android Mobile SDK AdminCreateUser API (p. 56) : Lambda Android (p. 57)

Android Mobile SDK Android Mobile SDK Amazon Cognito . SDK (), , API .

39

https://github.com/aws/aws-sdk-android/tree/master/aws-android-sdk-cognitoidentityprovider/http://docs.aws.amazon.com/aws-mobile/latest/developerguide/how-to-android-sdk-setup.htmlhttps://aws.amazon.com/documentation/sdk-for-android/https://github.com/aws/aws-amplify#react-native-development/https://github.com/aws/aws-amplify#react-native-development/https://aws.github.io/aws-amplify/media/authentication_guide.html


Amazon Cognito API . (: signUp()) , (InBackground , : signUpInBackground()) InBackground .

Android Mobile SDK SharedPreferences . SDK .

ID

ID( ID ) ( ) Amazon Cognito . ID Android Mobile SDK . . ID SDK ID .

CognitoUserPool

. CognitoUser .

CognitoUser

. (), . CognitoUserPool .

CognitoUserSession

Amazon Cognito (ID, ) ID .

CognitoUserDetails

CognitoUserAttributes CognitoUserSettings .CognitoUserAttributes

. (p. 194) .

CognitoUserSettings

.

: Android Amazon Cognito Android . GitHub Amazon Cognito .

1: (p. 41) 2: (p. 41) 3: (p. 42) 4: (p. 43)

40

https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoYourUserPoolsDemo


5: (p. 43) 6: (p. 44) 7: (p. 44) 8: AWS (p. 45) 9: AWS IAM (p. 45) 10: (p. 46)

1:

. ID, ID . () (p. 192) .

1. Amazon Cognito .2. [Manage your User Pools] .3. [Create a User Pool] .4. [Pool name] [Review defaults] .

.5. [Attributes] .

.

a. email [Required] [Alias] .b. phone number [Required] [Alias] .c. given name [Required] .d. [Save changes] .

6. [Policies] . .

7. [Verifications] . . .

8. [Apps] [Add an app] . .

9. [App name] . [Generate app client secret] [Set attributeread and write permissions] . . .

10. [Create app] [Save changes] .11. [Review] [Create pool] .12. [Pool ID], [Pool ARN], [App client ID] [App client secret] . [Apps]

ID . [Show details] .

2:

ID, ID, AWS . CognitoUserPool . . userPoolAppHelper.java .

41

https://console.aws.amazon.com/cognito/home


Android Mobile SDK enum AWS .

/* Create a CognitoUserPool instance */CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret, cognitoRegion);

3:

.

1. .

ID: . : . : (, ).

2. .

// Create a CognitoUserAttributes object and add user attributesCognitoUserAttributes userAttributes = new CognitoUserAttributes();

// Add the user attributes. Attributes are added as key-value pairs // Adding user's given name.// Note that the key is "given_name" which is the OIDC claim for given name userAttributes.addAttribute("given_name", userGivenName);

// Adding user's phone number userAttributes.addAttribute("phone_number", phoneNumber);

// Adding user's email address userAttributes.addAttribute("email", emailAddress);

3. . onSuccess .

SignUpHandler signupCallback = new SignUpHandler() {

@Override public void onSuccess(CognitoUser cognitoUser, boolean userConfirmed, CognitoUserCodeDeliveryDetails cognitoUserCodeDeliveryDetails) { // Sign-up was successful

// Check if this user (cognitoUser) needs to be confirmed if(!userConfirmed) { // This user must be confirmed and a confirmation code was sent to the user // cognitoUserCodeDeliveryDetails will indicate where the confirmation code was sent // Get the confirmation code from user } else { // The user has already been confirmed } }

@Override public void onFailure(Exception exception) { // Sign-up failed, check exception for the cause }};

4. API .

42

http://docs.aws.amazon.com/AWSAndroidSDK/latest/javadoc/com/amazonaws/regions/Regions.html


userPool.signUpInBackground(userId, password, userAttributes, null, signupCallback);

4:

. . . Lambda .

. cognitoUserCodeDeliveryDetails . .

.

1. . API SDK .

// Callback handler for confirmSignUp API GenericHandler confirmationCallback = new GenericHandler() {

@Override public void onSuccess() { // User was successfully confirmed }

@Override public void onFailure(Exception exception) { // User confirmation failed. Check exception for the cause. } };

2. ( ) . ( ) .

5:

. . .

forcedAliasCreation false . . . .

// This will cause confirmation to fail if the user attribute has been verified for another user in the same pool boolean forcedAliasCreation = false;

// Call API to confirm this user cognitoUser.confirmSignUpInBackground(confirmationCode, forcedAliasCreation, confirmationCallback);

43


forcedAliasCreation true ( ) . .

. ID . CognitoUserSession .

6:

. SDK .

// Callback handler for the sign-in process AuthenticationHandler authenticationHandler = new AuthenticationHandler() {

@Override public void onSuccess(CognitoUserSession cognitoUserSession) { // Sign-in was successful, cognitoUserSession will contain tokens for the user }

@Override public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { // The API needs user sign-in credentials to continue AuthenticationDetails authenticationDetails = new AuthenticationDetails(userId, password, null);

// Pass the user sign-in credentials to the continuation authenticationContinuation.setAuthenticationDetails(authenticationDetails);

// Allow the sign-in to continue authenticationContinuation.continueTask(); }

@Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // Multi-factor authentication is required; get the verification code from user multiFactorAuthenticationContinuation.setMfaCode(mfaVerificationCode); // Allow the sign-in process to continue multiFactorAuthenticationContinuation.continueTask(); }

@Override public void onFailure(Exception exception) { // Sign-in failed, check exception for the cause } };

// Sign in the user cognitoUser.getSessionInBackground(authenticationHandler);

7:

.

// Implement callback handler for getting details GetDetailsHandler getDetailsHandler = new GetDetailsHandler() {

44


@Override public void onSuccess(CognitoUserDetails cognitoUserDetails) { // The user detail are in cognitoUserDetails }

@Override public void onFailure(Exception exception) { // Fetch user details failed, check exception for the cause }};

// Fetch the user details cognitoUser.getDetailsInBackground(getDetailsHandler);

8: AWS

AWS .

AWS AWS

1. Amazon Cognito .2. [Manage Federated Identities] .3. [Create new identity pool] . [Identity pool name] .4. [Authentication providers] . [Cognito] [User Pool ID]

[App Client ID] .5. [Create Pool] .6. ID .

// Get id token from CognitoUserSession. String idToken = cognitoUserSession.getIdToken().getJWTToken();

// Create a credentials provider, or use the existing provider. CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(context, IDENTITY_POOL_ID, REGION);

// Set up as a credentials provider. Map logins = new HashMap(); logins.put("cognito-idp.us-east-1.amazonaws.com/us-east-1_123456678", cognitoUserSession.getIdToken().getJWTToken()); credentialsProvider.setLogins(logins);

7. Amazon DynamoDB AWS .

AmazonDynamoDBClient ddbClient = new AmazonDynamoDBClient(credentialsProvider);

9: AWS IAM

Amazon Cognito 2 IAM CognitoAuth_Role CognitoUnauth_Role . Amazon Cognito Amazon Cognito Sync . Amazon DynamoDB AWS . , DynamoDB AmazonDynamoDBFullAccess .

45

https://console.aws.amazon.com/cognito/home


AWS IAM

1. AWS Management https://console.aws.amazon.com/iam/ IAM .

2. [Attach Policy] .3. (: AmazonDynamoDBFullAccess) [Attach Policy]

.

DynamoDB , , , .

10:

Amazon Cognito SDK 2.6.8 MFA .Amazon Cognito [MFA and verifications] MFA .

MFA .

(TOTP) MFA

Amazon Cognito (TOTP) (MFA) .

TOTP .

1. : TOTP MFA Amazon Cognito . TOTP MFA . , MFA TOTP .

2. : TOTP MFA . Amazon Cognito SDK VerifyMfaContinuation .

// Create a callback handler. RegisterMfaHandler registerMFAHandler = new RegisterMfaHandler() { @Override public void onSuccess(final String sessionToken) { // Success, new MFA setup is complete. }

@Override public void onVerify(VerifyMfaContinuation continuation) { // Get the secret key from Continuation. String secretKey = continuation.getParameters().get("secretKey");

// Store the secret key in a TOTP code generator and verify using // the generated TOTP code. String verificationCode = storeAndGetTotpVerificationCode(secretKey);

// Set a user friendly name to remember the TOTP generator. String friendlyName = "the best TOTP generator";

// Complete the registration by verifying the TOTP code. continuation.setVerificationResponse(verificationCode, friendlyName); continuation.continueTask(); }

@Override

46

https://console.aws.amazon.com/iam/


public void onFailure(Exception exception) { closeWaitDialog(); showDialogMessage("TOTP MFA registration failed", AppHelper.formatException(exception), false); } }; // Use the CognitoUser to register a new Software Token MFA. associateSoftwareTokenInBackground(sessionToken, registerMFAHandler);

Note

TOTP MFA . MFA .TOTP MFA . TOTP MFA ,Amazon Cognito sessionToken TOTP MFA .

MFA

Amazon Cognito MFA . Amazon Cognito MFA . MFA [Optional] [Required] .

MFA [Optional] MFA .

MFA [Required] MFA . MFA MFA MFA_SETUP . MFA .

MFA Amazon Cognito . SDK MFA . MFA .

MFA_SETUP

MFA_SETUP MFA . Amazon Cognito SDKRegisterMFAContinuation . MFA .

AuthenticationHandler authHandler = new AuthenticationHandler() {

@Override public void onSuccess(CognitoUserSession cognitoUserSession) { // ... }

@Override public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { // ... }

@Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // ... }

47


@Override public void authenticationChallenge(ChallengeContinuation continuation) { // This challenge is invoked for MFA_SETUP Challenge RegisterMFAContinuation regMFAContinuation = (RegisterMFAContinuation) continuation;

// Register the new MFA. registerMfa(regMFAContinuation); } @Override public void onFailure(Exception exception) { // Sign-in failed, check exception for the cause } };

// Register a new MFA. public void registerMfa(RegisterMFAContinuation regMFAContinuation) { // Get the list of MFA's to setup. List mfaOptions = continuation.getMfaOptions();

// Get the session token to register an MFA. final String sessionToken = continuation.getSessionToken();

// ...

// Use the sessionToken to register MFA. associateSoftwareTokenInBackground(sessionToken, registerMFAHandler); }

RegisterMfaHandler registerMFAHandler = new RegisterMfaHandler() { @Override public void onSuccess(final String sessionToken) { // Success, new MFA setup is complete. // Use the sessionToken to continue to authenticate. regMFAContinuation.setSessionToken(sessionToken); }

@Override public void onVerify(VerifyMfaContinuation continuation) { // ... }

@Override public void onFailure(Exception exception) { // ... } };

MFA

API setUserMfaSettings MFA MFA .

GenericHandler updatesMFASettingsHandler = new GenericHandler() { @Override public void onSuccess() { // Update complete. }

@Override public void onFailure(Exception exception) { // Failed update, check exception for details.

48


} };

// Enable SMS MFA and set preferred state void enableSmsMfa(boolean preferred) { CognitoMfaSettings smsMfaSettings = new CognitoMfaSettings(CognitoMfaSettings.SMS_MFA); smsMfaSettings.setEnabled(true); smsMfaSettings.setPreferred(preferred); List settings = new ArrayList(); settings.add(smsMfaSettings); cognitoUser.setUserMfaSettingsInBackground(settings, updateSettingHandler); }

MFA

MFA Amazon CognitoSELECT_MFA_TYPE , MFA .

AuthenticationHandler authHandler = new AuthenticationHandler() {

@Override public void onSuccess(CognitoUserSession cognitoUserSession) { // ... }

@Override public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) { // ... }

@Override public void getMFACode(MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation) { // ... }

@Override public void authenticationChallenge(ChallengeContinuation continuation) { ChooseMfaContinuation mfaOptionsContinuation = (ChooseMfaContinuation) continuation; // Get the list of MFA's to choose from List mfaOptions = mfaOptionsContinuation.getMfaOptions();

// ...

// Set the MFA option and continue to authenticate. mfaOptionsContinuation.setMfaOption(option); mfaOptionsContinuation.continueTask(); } @Override public void onFailure(Exception exception) { // Sign-in failed, check exception for the cause } };

Android Mobile SDK Android Mobile SDK . SDK API .

49


CognitoUserPool

CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret);

// user pool can also be created with client app configuration:CognitoUserPool userPool = new CognitoUserPool(context, userPoolId, clientId, clientSecret, clientConfiguration);

// create a handler for registration SignUpHandler handler = new SignUpHandler() { @Override public void onSuccess(CognitoUser user, CognitoUserCodeDeliveryDetails codeDeliveryDetails) { // If the sign up was successful, "user" is a CognitoUser object of the user who was signed up. // "codeDeliveryDetails" will contain details about where the confirmation codes will be delivered.}

@Override public void onFailure(Exception exception) { // Sign up failed, code check the exception for cause and perform remedial actions. }}

CognitoUser user = userPool.getCurrentUser();

ID

CognitoUser user = userPool.getUser(userId);

// create a callback handler for confirmGenericHandler handler = new GenericHandler() { @Override public void onSuccess() { // User was successfully confirmed! } @Override public void onFailure(Exception exception) { // Confirmation failed, probe exception for details }}

user.confirmSignUp(code, handler);

// create a callback handler for the confirmation code request

50


GenericHandler handler = new GenericHandler() {

@Override public void onSuccess() { /

Documents

Amazon Cognito - 개발자 안내서 · Amazon Cognito 개발자 안내서 Amazon Cognito란 무엇입니까? Amazon Cognito는 웹 및 모바일 앱에 대한 인증, 권한 부여