Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris. # Gunakan `RespondToAuthChallenge` dengan AWS SDK atau CLI Contoh kode berikut menunjukkan cara menggunakan`RespondToAuthChallenge`. Contoh tindakan adalah kutipan kode dari program yang lebih besar dan harus dijalankan dalam konteks. Anda dapat melihat tindakan ini dalam konteks dalam contoh kode berikut: + [Mendaftar pengguna dengan kumpulan pengguna yang membutuhkan MFA](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md) ------ #### [ CLI ] **AWS CLI** **Contoh 1: Untuk menanggapi tantangan NEW\$1PASSWORD\$1REQUIRED** `respond-to-auth-challenge`Contoh berikut merespons tantangan NEW\$1PASSWORD\$1REQUIRED yang dikembalikan initiate-auth. Ini menetapkan kata sandi untuk pengguna`jane@example.com`. ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --challenge-name NEW_PASSWORD_REQUIRED \ --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \ --session AYABeEv5HklEXAMPLE ``` Output: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "ACCESS_TOKEN", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "REFRESH_TOKEN", "IdToken": "ID_TOKEN", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-wt2ha1Zd" } } } ``` Untuk informasi selengkapnya, lihat [Otentikasi](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html) di Panduan Pengembang *Amazon Cognito*. **Contoh 2: Untuk menanggapi tantangan SELECT\$1MFA\$1TYPE** `respond-to-auth-challenge`Contoh berikut memilih TOTP MFA sebagai opsi MFA untuk pengguna saat ini. Pengguna diminta untuk memilih jenis MFA dan selanjutnya akan diminta untuk memasukkan kode MFA mereka. ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 --session AYABeEv5HklEXAMPLE --challenge-name SELECT_MFA_TYPE --challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA ``` Output: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeEv5HklEXAMPLE", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "transparent" } } ``` Untuk informasi selengkapnya, lihat [Menambahkan MFA di Panduan](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) Pengembang *Amazon Cognito*. **Contoh 3: Untuk menanggapi tantangan SOFTWARE\$1TOKEN\$1MFA** `respond-to-auth-challenge`Contoh berikut menyediakan kode MFA TOTP dan menyelesaikan login. ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --session AYABeEv5HklEXAMPLE \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456 ``` Output: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` Untuk informasi selengkapnya, lihat [Menambahkan MFA di Panduan](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) Pengembang *Amazon Cognito*. + Untuk detail API, lihat [RespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)di *Referensi AWS CLI Perintah*. ------ #### [ JavaScript ] **SDK untuk JavaScript (v3)** Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples). ``` const respondToAuthChallenge = ({ clientId, username, session, userPoolId, code, }) => { const client = new CognitoIdentityProviderClient({}); const command = new RespondToAuthChallengeCommand({ ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA, ChallengeResponses: { SOFTWARE_TOKEN_MFA_CODE: code, USERNAME: username, }, ClientId: clientId, UserPoolId: userPoolId, Session: session, }); return client.send(command); }; ``` + Untuk detail API, lihat [RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)di *Referensi AWS SDK untuk JavaScript API*. ------ #### [ Python ] **SDK untuk Python (Boto3)** Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara mengatur dan menjalankannya di [Repositori Contoh Kode AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples). Masuk dengan perangkat yang dilacak. Untuk menyelesaikan proses masuk, klien harus merespons tantangan Secure Remote Password (SRP) dengan benar. ``` class CognitoIdentityProviderWrapper: """Encapsulates Amazon Cognito actions""" def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None): """ :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. :param user_pool_id: The ID of an existing Amazon Cognito user pool. :param client_id: The ID of a client application registered with the user pool. :param client_secret: The client secret, if the client has a secret. """ self.cognito_idp_client = cognito_idp_client self.user_pool_id = user_pool_id self.client_id = client_id self.client_secret = client_secret def sign_in_with_tracked_device( self, user_name, password, device_key, device_group_key, device_password, aws_srp, ): """ Signs in to Amazon Cognito as a user who has a tracked device. Signing in with a tracked device lets a user sign in without entering a new MFA code. Signing in with a tracked device requires that the client respond to the SRP protocol. The scenario associated with this example uses the warrant package to help with SRP calculations. For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol. :param user_name: The user that is associated with the device. :param password: The user's password. :param device_key: The key of a tracked device. :param device_group_key: The group key of a tracked device. :param device_password: The password that is associated with the device. :param aws_srp: A class that helps with SRP calculations. The scenario associated with this example uses the warrant package. :return: The result of the authentication. When successful, this contains an access token for the user. """ try: srp_helper = aws_srp.AWSSRP( username=user_name, password=device_password, pool_id="_", client_id=self.client_id, client_secret=None, client=self.cognito_idp_client, ) response_init = self.cognito_idp_client.initiate_auth( ClientId=self.client_id, AuthFlow="USER_PASSWORD_AUTH", AuthParameters={ "USERNAME": user_name, "PASSWORD": password, "DEVICE_KEY": device_key, }, ) if response_init["ChallengeName"] != "DEVICE_SRP_AUTH": raise RuntimeError( f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}." ) auth_params = srp_helper.get_auth_params() auth_params["DEVICE_KEY"] = device_key response_auth = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName="DEVICE_SRP_AUTH", ChallengeResponses=auth_params, ) if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER": raise RuntimeError( f"Expected DEVICE_PASSWORD_VERIFIER challenge but got " f"{response_init['ChallengeName']}." ) challenge_params = response_auth["ChallengeParameters"] challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name}) cr["USERNAME"] = user_name cr["DEVICE_KEY"] = device_key response_verifier = self.cognito_idp_client.respond_to_auth_challenge( ClientId=self.client_id, ChallengeName="DEVICE_PASSWORD_VERIFIER", ChallengeResponses=cr, ) auth_tokens = response_verifier["AuthenticationResult"] except ClientError as err: logger.error( "Couldn't start client sign in for %s. Here's why: %s: %s", user_name, err.response["Error"]["Code"], err.response["Error"]["Message"], ) raise else: return auth_tokens ``` + Untuk detail API, lihat [RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)di *AWS SDK for Python (Boto3) Referensi* API. ------ Untuk daftar lengkap panduan pengembang AWS SDK dan contoh kode, lihat[Menggunakan layanan ini dengan AWS SDK](sdk-general-information-section.md). Topik ini juga mencakup informasi tentang memulai dan detail tentang versi SDK sebelumnya.