本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 SDK for Kotlin 的 Amazon Cognito 身份提供者示例
以下代码示例向您展示了如何使用带有 Amazon Cognito 身份提供商的 AWS Kotlin 开发工具包来执行操作和实现常见场景。
*操作*是大型程序的代码摘录,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
*场景*是向您演示如何通过在一个服务中调用多个函数或与其他 AWS 服务结合来完成特定任务的代码示例。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [操作](#actions)
+ [场景](#scenarios)
## 操作
### `AdminGetUser`
以下代码示例演示了如何使用 `AdminGetUser`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `AdminInitiateAuth`
以下代码示例演示了如何使用 `AdminInitiateAuth`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
```
+ 有关 API 的详细信息,请参阅适用[AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `AdminRespondToAuthChallenge`
以下代码示例演示了如何使用 `AdminRespondToAuthChallenge`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `AssociateSoftwareToken`
以下代码示例演示了如何使用 `AssociateSoftwareToken`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
```
+ 有关 API 的详细信息,请参阅适用[AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `ConfirmSignUp`
以下代码示例演示了如何使用 `ConfirmSignUp`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
```
+ 有关 API 的详细信息,请参阅适用[ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `ListUsers`
以下代码示例演示了如何使用 `ListUsers`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun listAllUsers(userPoolId: String) {
val request =
ListUsersRequest {
this.userPoolId = userPoolId
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { cognitoClient ->
val response = cognitoClient.listUsers(request)
response.users?.forEach { user ->
println("The user name is ${user.username}")
}
}
}
```
+ 有关 API 的详细信息,请参阅适用[ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `ResendConfirmationCode`
以下代码示例演示了如何使用 `ResendConfirmationCode`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
```
+ 有关 API 的详细信息,请参阅适用[ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `SignUp`
以下代码示例演示了如何使用 `SignUp`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ 有关 API 的详细信息,请参阅适用[SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
### `VerifySoftwareToken`
以下代码示例演示了如何使用 `VerifySoftwareToken`。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
## 场景
### 向需要 MFA 的用户池注册用户
以下代码示例展示了如何:
+ 使用用户名、密码和电子邮件地址注册和确认用户。
+ 通过将 MFA 应用程序与用户关联来设置多重身份验证。
+ 使用密码和 MFA 代码登录。
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
/**
Before running this Kotlin code example, set up your development environment, including your credentials.
For more information, see the following documentation:
https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html
TIP: To set up the required user pool, run the AWS Cloud Development Kit (AWS CDK) script provided in this GitHub repo at resources/cdk/cognito_scenario_user_pool_with_mfa.
This code example performs the following operations:
1. Invokes the signUp method to sign up a user.
2. Invokes the adminGetUser method to get the user's confirmation status.
3. Invokes the ResendConfirmationCode method if the user requested another code.
4. Invokes the confirmSignUp method.
5. Invokes the initiateAuth to sign in. This results in being prompted to set up TOTP (time-based one-time password). (The response is “ChallengeName”: “MFA_SETUP”).
6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private key. This can be used with Google Authenticator.
7. Invokes the VerifySoftwareToken method to verify the TOTP and register for MFA.
8. Invokes the AdminInitiateAuth to sign in again. This results in being prompted to submit a TOTP (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”).
9. Invokes the AdminRespondToAuthChallenge to get back a token.
*/
suspend fun main(args: Array) {
val usage = """
Usage:
Where:
clientId - The app client Id value that you can get from the AWS CDK script.
poolId - The pool Id that you can get from the AWS CDK script.
"""
if (args.size != 2) {
println(usage)
exitProcess(1)
}
val clientId = args[0]
val poolId = args[1]
// Use the console to get data from the user.
println("*** Enter your use name")
val inOb = Scanner(System.`in`)
val userName = inOb.nextLine()
println(userName)
println("*** Enter your password")
val password: String = inOb.nextLine()
println("*** Enter your email")
val email = inOb.nextLine()
println("*** Signing up $userName")
signUp(clientId, userName, password, email)
println("*** Getting $userName in the user pool")
getAdminUser(userName, poolId)
println("*** Conformation code sent to $userName. Would you like to send a new code? (Yes/No)")
val ans = inOb.nextLine()
if (ans.compareTo("Yes") == 0) {
println("*** Sending a new confirmation code")
resendConfirmationCode(clientId, userName)
}
println("*** Enter the confirmation code that was emailed")
val code = inOb.nextLine()
confirmSignUp(clientId, code, userName)
println("*** Rechecking the status of $userName in the user pool")
getAdminUser(userName, poolId)
val authResponse = checkAuthMethod(clientId, userName, password, poolId)
val mySession = authResponse.session
val newSession = getSecretForAppMFA(mySession)
println("*** Enter the 6-digit code displayed in Google Authenticator")
val myCode = inOb.nextLine()
// Verify the TOTP and register for MFA.
verifyTOTP(newSession, myCode)
println("*** Re-enter a 6-digit code displayed in Google Authenticator")
val mfaCode: String = inOb.nextLine()
val authResponse1 = checkAuthMethod(clientId, userName, password, poolId)
val session2 = authResponse1.session
adminRespondToAuthChallenge(userName, clientId, mfaCode, session2)
}
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ 有关 API 详细信息,请参阅《AWS SDK for Kotlin API Reference》**中的以下主题。
+ [AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ConfirmDevice](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [InitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [RespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)
+ [VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)