本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 亚马逊 Cognito 身份提供商使用的基本示例 AWS SDKs
以下代码示例展示了如何使用 Amazon Cognito 身份提供商的基础知识。 AWS SDKs
**Contents**
+ [开始使用 Amazon Cognito](cognito-identity-provider_example_cognito-identity-provider_Hello_section.md)
+ [操作](service_code_examples_cognito-identity-provider_actions.md)
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
# 开始使用 Amazon Cognito
以下代码示例展示了如何开始使用 Amazon Cognito。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito/hello_cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
CMakeLists.txt CMake 文件的代码。
```
# Set the minimum required version of CMake for this project.
cmake_minimum_required(VERSION 3.13)
# Set the AWS service components used by this project.
set(SERVICE_COMPONENTS cognito-idp)
# Set this project's name.
project("hello_cognito")
# Set the C++ standard to use to build this target.
# At least C++ 11 is required for the AWS SDK for C++.
set(CMAKE_CXX_STANDARD 11)
# Use the MSVC variable to determine if this is a Windows build.
set(WINDOWS_BUILD ${MSVC})
if (WINDOWS_BUILD) # Set the location where CMake can find the installed libraries for the AWS SDK.
string(REPLACE ";" "/aws-cpp-sdk-all;" SYSTEM_MODULE_PATH "${CMAKE_SYSTEM_PREFIX_PATH}/aws-cpp-sdk-all")
list(APPEND CMAKE_PREFIX_PATH ${SYSTEM_MODULE_PATH})
endif ()
# Find the AWS SDK for C++ package.
find_package(AWSSDK REQUIRED COMPONENTS ${SERVICE_COMPONENTS})
if (WINDOWS_BUILD AND AWSSDK_INSTALL_AS_SHARED_LIBS)
# Copy relevant AWS SDK for C++ libraries into the current binary directory for running and debugging.
# set(BIN_SUB_DIR "/Debug") # If you are building from the command line, you may need to uncomment this
# and set the proper subdirectory to the executables' location.
AWSSDK_CPY_DYN_LIBS(SERVICE_COMPONENTS "" ${CMAKE_CURRENT_BINARY_DIR}${BIN_SUB_DIR})
endif ()
add_executable(${PROJECT_NAME}
hello_cognito.cpp)
target_link_libraries(${PROJECT_NAME}
${AWSSDK_LINK_LIBRARIES})
```
hello\$1cognito.cpp 源文件的代码。
```
#include
#include
#include
#include
/*
* A "Hello Cognito" starter application which initializes an Amazon Cognito client and lists the Amazon Cognito
* user pools.
*
* main function
*
* Usage: 'hello_cognito'
*
*/
int main(int argc, char **argv) {
Aws::SDKOptions options;
// Optionally change the log level for debugging.
// options.loggingOptions.logLevel = Utils::Logging::LogLevel::Debug;
Aws::InitAPI(options); // Should only be called once.
int result = 0;
{
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient cognitoClient(clientConfig);
Aws::String nextToken; // Used for pagination.
std::vector userPools;
do {
Aws::CognitoIdentityProvider::Model::ListUserPoolsRequest listUserPoolsRequest;
if (!nextToken.empty()) {
listUserPoolsRequest.SetNextToken(nextToken);
}
Aws::CognitoIdentityProvider::Model::ListUserPoolsOutcome listUserPoolsOutcome =
cognitoClient.ListUserPools(listUserPoolsRequest);
if (listUserPoolsOutcome.IsSuccess()) {
for (auto &userPool: listUserPoolsOutcome.GetResult().GetUserPools()) {
userPools.push_back(userPool.GetName());
}
nextToken = listUserPoolsOutcome.GetResult().GetNextToken();
} else {
std::cerr << "ListUserPools error: " << listUserPoolsOutcome.GetError().GetMessage() << std::endl;
result = 1;
break;
}
} while (!nextToken.empty());
std::cout << userPools.size() << " user pools found." << std::endl;
for (auto &userPool: userPools) {
std::cout << " user pool: " << userPool << std::endl;
}
}
Aws::ShutdownAPI(options); // Should only be called once.
return result;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[ListUserPools](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPools)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
// main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service
// (Amazon SNS) client and list the topics in your account.
// This example uses the default settings specified in your shared credentials
// and config files.
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
fmt.Println("Couldn't load default configuration. Have you set up your AWS account?")
fmt.Println(err)
return
}
cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig)
fmt.Println("Let's list the user pools for your account.")
var pools []types.UserPoolDescriptionType
paginator := cognitoidentityprovider.NewListUserPoolsPaginator(
cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)})
for paginator.HasMorePages() {
output, err := paginator.NextPage(ctx)
if err != nil {
log.Printf("Couldn't get user pools. Here's why: %v\n", err)
} else {
pools = append(pools, output.UserPools...)
}
}
if len(pools) == 0 {
fmt.Println("You don't have any user pools!")
} else {
for _, pool := range pools {
fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id)
}
}
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import {
paginateListUserPools,
CognitoIdentityProviderClient,
} from "@aws-sdk/client-cognito-identity-provider";
const client = new CognitoIdentityProviderClient({});
export const helloCognito = async () => {
const paginator = paginateListUserPools({ client }, {});
const userPoolNames = [];
for await (const page of paginator) {
const names = page.UserPools.map((pool) => pool.Name);
userPoolNames.push(...names);
}
console.log("User pool names: ");
console.log(userPoolNames.join("\n"));
return userPoolNames;
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[ListUserPools](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUserPoolsCommand)*中的。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import boto3
# Create a Cognito Identity Provider client
cognitoidp = boto3.client("cognito-idp")
# Initialize a paginator for the list_user_pools operation
paginator = cognitoidp.get_paginator("list_user_pools")
# Create a PageIterator from the paginator
page_iterator = paginator.paginate(MaxResults=10)
# Initialize variables for pagination
user_pools = []
# Handle pagination
for page in page_iterator:
user_pools.extend(page.get("UserPools", []))
# Print the list of user pools
print("User Pools for the account:")
if user_pools:
for pool in user_pools:
print(f"Name: {pool['Name']}, ID: {pool['Id']}")
else:
print("No user pools found.")
```
+ 有关 API 的详细信息,请参阅适用[ListUserPools](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserPools)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ Ruby ]
**适用于 Ruby 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
require 'aws-sdk-cognitoidentityprovider'
require 'logger'
# CognitoManager is a class responsible for managing AWS Cognito operations
# such as listing all user pools in the current AWS account.
class CognitoManager
def initialize(client)
@client = client
@logger = Logger.new($stdout)
end
# Lists and prints all user pools associated with the AWS account.
def list_user_pools
paginator = @client.list_user_pools(max_results: 10)
user_pools = []
paginator.each_page do |page|
user_pools.concat(page.user_pools)
end
if user_pools.empty?
@logger.info('No Cognito user pools found.')
else
user_pools.each do |user_pool|
@logger.info("User pool ID: #{user_pool.id}")
@logger.info("User pool name: #{user_pool.name}")
@logger.info("User pool status: #{user_pool.status}")
@logger.info('---')
end
end
end
end
if $PROGRAM_NAME == __FILE__
cognito_client = Aws::CognitoIdentityProvider::Client.new
manager = CognitoManager.new(cognito_client)
manager.list_user_pools
end
```
+ 有关 API 的详细信息,请参阅 *适用于 Ruby 的 AWS SDK API 参考[ListUserPools](https://docs.aws.amazon.com/goto/SdkForRubyV3/cognito-idp-2016-04-18/ListUserPools)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# 亚马逊 Cognito 身份提供商使用的操作 AWS SDKs
以下代码示例演示了如何使用执行各个 Amazon Cognito 身份提供商操作。 AWS SDKs每个示例都包含一个指向的链接 GitHub,您可以在其中找到有关设置和运行代码的说明。
这些代码节选调用了 Amazon Cognito 身份提供者 API,是必须在上下文中运行的较大型程序的代码节选。您可以在[亚马逊 Cognito 身份提供商使用的场景 AWS SDKs](service_code_examples_cognito-identity-provider_scenarios.md)中结合上下文查看操作。
以下示例仅包括最常用的操作。有关完整列表,请参阅 [Amazon Cognito 身份提供者 API 参考](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/Welcome.html)。
**Topics**
+ [`AdminCreateUser`](cognito-identity-provider_example_cognito-identity-provider_AdminCreateUser_section.md)
+ [`AdminGetUser`](cognito-identity-provider_example_cognito-identity-provider_AdminGetUser_section.md)
+ [`AdminInitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_AdminInitiateAuth_section.md)
+ [`AdminRespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_AdminRespondToAuthChallenge_section.md)
+ [`AdminSetUserPassword`](cognito-identity-provider_example_cognito-identity-provider_AdminSetUserPassword_section.md)
+ [`AssociateSoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_AssociateSoftwareToken_section.md)
+ [`ConfirmDevice`](cognito-identity-provider_example_cognito-identity-provider_ConfirmDevice_section.md)
+ [`ConfirmForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ConfirmForgotPassword_section.md)
+ [`ConfirmSignUp`](cognito-identity-provider_example_cognito-identity-provider_ConfirmSignUp_section.md)
+ [`CreateUserPool`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPool_section.md)
+ [`CreateUserPoolClient`](cognito-identity-provider_example_cognito-identity-provider_CreateUserPoolClient_section.md)
+ [`DeleteUser`](cognito-identity-provider_example_cognito-identity-provider_DeleteUser_section.md)
+ [`ForgotPassword`](cognito-identity-provider_example_cognito-identity-provider_ForgotPassword_section.md)
+ [`InitiateAuth`](cognito-identity-provider_example_cognito-identity-provider_InitiateAuth_section.md)
+ [`ListUserPools`](cognito-identity-provider_example_cognito-identity-provider_ListUserPools_section.md)
+ [`ListUsers`](cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md)
+ [`ResendConfirmationCode`](cognito-identity-provider_example_cognito-identity-provider_ResendConfirmationCode_section.md)
+ [`RespondToAuthChallenge`](cognito-identity-provider_example_cognito-identity-provider_RespondToAuthChallenge_section.md)
+ [`SignUp`](cognito-identity-provider_example_cognito-identity-provider_SignUp_section.md)
+ [`UpdateUserPool`](cognito-identity-provider_example_cognito-identity-provider_UpdateUserPool_section.md)
+ [`VerifySoftwareToken`](cognito-identity-provider_example_cognito-identity-provider_VerifySoftwareToken_section.md)
# `AdminCreateUser`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `AdminCreateUser`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [在完成 Amazon Cognito 用户身份验证后使用 Lambda 函数写入自定义活动数据](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**创建用户**
以下的 `admin-create-user` 示例创建具有指定设置电子邮件地址和电话号码的用户。
```
aws cognito-idp admin-create-user \
--user-pool-id us-west-2_aaaaaaaaa \
--username diego \
--user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \
--message-action SUPPRESS
```
输出:
```
{
"User": {
"Username": "diego",
"Attributes": [
{
"Name": "sub",
"Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2"
},
{
"Name": "phone_number",
"Value": "+15555551212"
},
{
"Name": "email",
"Value": "diego@example.com"
}
],
"UserCreateDate": 1548099495.428,
"UserLastModifiedDate": 1548099495.428,
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD"
}
}
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[AdminCreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-create-user.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// AdminCreateUser uses administrator credentials to add a user to a user pool. This method leaves the user
// in a state that requires they enter a new password next time they sign in.
func (actor CognitoActions) AdminCreateUser(ctx context.Context, userPoolId string, userName string, userEmail string) error {
_, err := actor.CognitoClient.AdminCreateUser(ctx, &cognitoidentityprovider.AdminCreateUserInput{
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
MessageAction: types.MessageActionTypeSuppress,
UserAttributes: []types.AttributeType{{Name: aws.String("email"), Value: aws.String(userEmail)}},
})
if err != nil {
var userExists *types.UsernameExistsException
if errors.As(err, &userExists) {
log.Printf("User %v already exists in the user pool.", userName)
err = nil
} else {
log.Printf("Couldn't create user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[AdminCreateUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminCreateUser)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `AdminGetUser`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `AdminGetUser`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Get the specified user from an Amazon Cognito user pool with administrator access.
///
/// The name of the user.
/// The Id of the Amazon Cognito user pool.
/// Async task.
public async Task GetAdminUserAsync(string userName, string poolId)
{
AdminGetUserRequest userRequest = new AdminGetUserRequest
{
Username = userName,
UserPoolId = poolId,
};
var response = await _cognitoService.AdminGetUserAsync(userRequest);
Console.WriteLine($"User status {response.UserStatus}");
return response.UserStatus;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[AdminGetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminGetUserRequest request;
request.SetUsername(userName);
request.SetUserPoolId(userPoolID);
Aws::CognitoIdentityProvider::Model::AdminGetUserOutcome outcome =
client.AdminGetUser(request);
if (outcome.IsSuccess()) {
std::cout << "The status for " << userName << " is " <<
Aws::CognitoIdentityProvider::Model::UserStatusTypeMapper::GetNameForUserStatusType(
outcome.GetResult().GetUserStatus()) << std::endl;
std::cout << "Enabled is " << outcome.GetResult().GetEnabled() << std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminGetUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[AdminGetUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser)*中的。
------
#### [ CLI ]
**AWS CLI**
**获取用户**
此示例获取有关用户名 jane@example.com 的信息。
命令:
```
aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com
```
输出:
```
{
"Username": "4320de44-2322-4620-999b-5e2e1c8df013",
"Enabled": true,
"UserStatus": "FORCE_CHANGE_PASSWORD",
"UserCreateDate": 1548108509.537,
"UserAttributes": [
{
"Name": "sub",
"Value": "4320de44-2322-4620-999b-5e2e1c8df013"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "phone_number_verified",
"Value": "true"
},
{
"Name": "phone_number",
"Value": "+01115551212"
},
{
"Name": "email",
"Value": "jane@example.com"
}
],
"UserLastModifiedDate": 1548108509.537
}
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[AdminGetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-user.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void getAdminUser(CognitoIdentityProviderClient identityProviderClient, String userName,
String poolId) {
try {
AdminGetUserRequest userRequest = AdminGetUserRequest.builder()
.username(userName)
.userPoolId(poolId)
.build();
AdminGetUserResponse response = identityProviderClient.adminGetUser(userRequest);
System.out.println("User status " + response.userStatusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AdminGetUser](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminGetUser)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const adminGetUser = ({ userPoolId, username }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminGetUserCommand({
UserPoolId: userPoolId,
Username: username,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[AdminGetUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminGetUserCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun getAdminUser(
userNameVal: String?,
poolIdVal: String?,
) {
val userRequest =
AdminGetUserRequest {
username = userNameVal
userPoolId = poolIdVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminGetUser(userRequest)
println("User status ${response.userStatus}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[AdminGetUser](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
```
+ 有关 API 的详细信息,请参阅适用[AdminGetUser](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Get information about a specific user in a user pool.
///
/// - Parameters:
/// - cipClient: The Amazon Cognito Identity Provider client to use.
/// - userName: The user to retrieve information about.
/// - userPoolId: The user pool to search for the specified user.
///
/// - Returns: `true` if the user's information was successfully
/// retrieved. Otherwise returns `false`.
func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String,
userPoolId: String) async -> Bool {
do {
let output = try await cipClient.adminGetUser(
input: AdminGetUserInput(
userPoolId: userPoolId,
username: userName
)
)
guard let userStatus = output.userStatus else {
print("*** Unable to get the user's status.")
return false
}
print("User status: \(userStatus)")
return true
} catch {
return false
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[AdminGetUser](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admingetuser(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `AdminInitiateAuth`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `AdminInitiateAuth`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Initiate an admin auth request.
///
/// The client ID to use.
/// The ID of the user pool.
/// The username to authenticate.
/// The user's password.
/// The session to use in challenge-response.
public async Task AdminInitiateAuthAsync(string clientId, string userPoolId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var request = new AdminInitiateAuthRequest
{
ClientId = clientId,
UserPoolId = userPoolId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
};
var response = await _cognitoService.AdminInitiateAuthAsync(request);
return response.Session;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[AdminInitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthRequest request;
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.AddAuthParameters("USERNAME", userName);
request.AddAuthParameters("PASSWORD", password);
request.SetAuthFlow(
Aws::CognitoIdentityProvider::Model::AuthFlowType::ADMIN_USER_PASSWORD_AUTH);
Aws::CognitoIdentityProvider::Model::AdminInitiateAuthOutcome outcome =
client.AdminInitiateAuth(request);
if (outcome.IsSuccess()) {
std::cout << "Call to AdminInitiateAuth was successful." << std::endl;
sessionResult = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminInitiateAuth. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth)*中的。
------
#### [ CLI ]
**AWS CLI**
**以管理员身份注册用户**
以下 `admin-initiate-auth` 示例注册用户 diego@example.com。此示例还包括威胁防护和 Lambda 触发 ClientMetadata 器的元数据。已为用户配置 TOTP MFA,用户会收到质询,需要先提供来自其身份验证器应用程序的代码,之后才能完成身份验证。
```
aws cognito-idp admin-initiate-auth \
--user-pool-id us-west-2_EXAMPLE \
--client-id 1example23456789 \
--auth-flow ADMIN_USER_PASSWORD_AUTH \
--auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \
--context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \
--client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}"
```
输出:
```
{
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": "AYABeExample...",
"ChallengeParameters": {
"FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp",
"USER_ID_FOR_SRP": "diego@example.com"
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Admin authentication flow](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[AdminInitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-initiate-auth.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static AdminInitiateAuthResponse initiateAuth(CognitoIdentityProviderClient identityProviderClient,
String clientId, String userName, String password, String userPoolId) {
try {
Map authParameters = new HashMap<>();
authParameters.put("USERNAME", userName);
authParameters.put("PASSWORD", password);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.clientId(clientId)
.userPoolId(userPoolId)
.authParameters(authParameters)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.build();
AdminInitiateAuthResponse response = identityProviderClient.adminInitiateAuth(authRequest);
System.out.println("Result Challenge is : " + response.challengeName());
return response;
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return null;
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AdminInitiateAuth](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminInitiateAuth)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider/#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const adminInitiateAuth = ({ clientId, userPoolId, username, password }) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminInitiateAuthCommand({
ClientId: clientId,
UserPoolId: userPoolId,
AuthFlow: AuthFlowType.ADMIN_USER_PASSWORD_AUTH,
AuthParameters: { USERNAME: username, PASSWORD: password },
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[AdminInitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminInitiateAuthCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun checkAuthMethod(
clientIdVal: String,
userNameVal: String,
passwordVal: String,
userPoolIdVal: String,
): AdminInitiateAuthResponse {
val authParas = mutableMapOf()
authParas["USERNAME"] = userNameVal
authParas["PASSWORD"] = passwordVal
val authRequest =
AdminInitiateAuthRequest {
clientId = clientIdVal
userPoolId = userPoolIdVal
authParameters = authParas
authFlow = AuthFlowType.AdminUserPasswordAuth
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.adminInitiateAuth(authRequest)
println("Result Challenge is ${response.challengeName}")
return response
}
}
```
+ 有关 API 的详细信息,请参阅适用[AdminInitiateAuth](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def start_sign_in(self, user_name, password):
"""
Starts the sign-in process for a user by using administrator credentials.
This method of signing in is appropriate for code running on a secure server.
If the user pool is configured to require MFA and this is the first sign-in
for the user, Amazon Cognito returns a challenge response to set up an
MFA application. When this occurs, this function gets an MFA secret from
Amazon Cognito and returns it to the caller.
:param user_name: The name of the user to sign in.
:param password: The user's password.
:return: The result of the sign-in attempt. When sign-in is successful, this
returns an access token that can be used to get AWS credentials. Otherwise,
Amazon Cognito returns a challenge to set up an MFA application,
or a challenge to enter an MFA code from a registered MFA application.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"AuthFlow": "ADMIN_USER_PASSWORD_AUTH",
"AuthParameters": {"USERNAME": user_name, "PASSWORD": password},
}
if self.client_secret is not None:
kwargs["AuthParameters"]["SECRET_HASH"] = self._secret_hash(user_name)
response = self.cognito_idp_client.admin_initiate_auth(**kwargs)
challenge_name = response.get("ChallengeName", None)
if challenge_name == "MFA_SETUP":
if (
"SOFTWARE_TOKEN_MFA"
in response["ChallengeParameters"]["MFAS_CAN_SETUP"]
):
response.update(self.get_mfa_secret(response["Session"]))
else:
raise RuntimeError(
"The user pool requires MFA setup, but the user pool is not "
"configured for TOTP MFA. This example requires TOTP MFA."
)
except ClientError as err:
logger.error(
"Couldn't start sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ 有关 API 的详细信息,请参阅适用[AdminInitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
" Set up authentication parameters
DATA(lt_auth_params) = VALUE /aws1/cl_cgpauthparamstype_w=>tt_authparameterstype(
( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow(
key = 'USERNAME'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_user_name ) ) )
( VALUE /aws1/cl_cgpauthparamstype_w=>ts_authparameterstype_maprow(
key = 'PASSWORD'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_password ) ) )
).
" Add SECRET_HASH if provided
IF iv_secret_hash IS NOT INITIAL.
INSERT VALUE #(
key = 'SECRET_HASH'
value = NEW /aws1/cl_cgpauthparamstype_w( iv_secret_hash )
) INTO TABLE lt_auth_params.
ENDIF.
oo_result = lo_cgp->admininitiateauth(
iv_userpoolid = iv_user_pool_id
iv_clientid = iv_client_id
iv_authflow = 'ADMIN_USER_PASSWORD_AUTH'
it_authparameters = lt_auth_params
).
DATA(lv_challenge) = oo_result->get_challengename( ).
IF lv_challenge IS INITIAL.
MESSAGE 'User successfully signed in.' TYPE 'I'.
ELSE.
MESSAGE |Authentication challenge required: { lv_challenge }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpusernotfoundex INTO DATA(lo_user_ex).
MESSAGE |User { iv_user_name } not found.| TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized. Check credentials.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[AdminInitiateAuth](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Begin an authentication session.
///
/// - Parameters:
/// - cipClient: The `CongitoIdentityProviderClient` to use.
/// - clientId: The app client ID to use.
/// - userName: The username to check.
/// - password: The user's password.
/// - userPoolId: The user pool to use.
///
/// - Returns: The session token associated with this authentication
/// session.
func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, password: String,
userPoolId: String) async -> String? {
var authParams: [String: String] = [:]
authParams["USERNAME"] = userName
authParams["PASSWORD"] = password
do {
let output = try await cipClient.adminInitiateAuth(
input: AdminInitiateAuthInput(
authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth,
authParameters: authParams,
clientId: clientId,
userPoolId: userPoolId
)
)
guard let challengeName = output.challengeName else {
print("*** Invalid response from the auth service.")
return nil
}
print("=====> Response challenge is \(challengeName)")
return output.session
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return nil
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return nil
} catch {
print("*** An unexpected error occurred.")
return nil
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[AdminInitiateAuth](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/admininitiateauth(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `AdminRespondToAuthChallenge`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `AdminRespondToAuthChallenge`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Respond to an admin authentication challenge.
///
/// The name of the user.
/// The client ID.
/// The multi-factor authentication code.
/// The current application session.
/// The user pool ID.
/// The result of the authentication response.
public async Task AdminRespondToAuthChallengeAsync(
string userName,
string clientId,
string mfaCode,
string session,
string userPoolId)
{
Console.WriteLine("SOFTWARE_TOKEN_MFA challenge is generated");
var challengeResponses = new Dictionary();
challengeResponses.Add("USERNAME", userName);
challengeResponses.Add("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
var respondToAuthChallengeRequest = new AdminRespondToAuthChallengeRequest
{
ChallengeName = ChallengeNameType.SOFTWARE_TOKEN_MFA,
ClientId = clientId,
ChallengeResponses = challengeResponses,
Session = session,
UserPoolId = userPoolId,
};
var response = await _cognitoService.AdminRespondToAuthChallengeAsync(respondToAuthChallengeRequest);
Console.WriteLine($"Response to Authentication {response.AuthenticationResult.TokenType}");
return response.AuthenticationResult;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeRequest request;
request.AddChallengeResponses("USERNAME", userName);
request.AddChallengeResponses("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
request.SetChallengeName(
Aws::CognitoIdentityProvider::Model::ChallengeNameType::SOFTWARE_TOKEN_MFA);
request.SetClientId(clientID);
request.SetUserPoolId(userPoolID);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AdminRespondToAuthChallengeOutcome outcome =
client.AdminRespondToAuthChallenge(request);
if (outcome.IsSuccess()) {
std::cout << "Here is the response to the challenge.\n" <<
outcome.GetResult().GetAuthenticationResult().Jsonize().View().WriteReadable()
<< std::endl;
accessToken = outcome.GetResult().GetAuthenticationResult().GetAccessToken();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AdminRespondToAuthChallenge. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)*中的。
------
#### [ CLI ]
**AWS CLI**
**响应身份验证质询**
可以通过多种方式响应不同的身份验证质询,具体取决于身份验证流程、用户池配置和用户设置。以下 `admin-respond-to-auth-challenge` 示例提供 diego@example.com 的 TOTP MFA 代码并完成登录。此用户池已启用设备记忆功能,因此身份验证结果还将返回新的设备密钥。
```
aws cognito-idp admin-respond-to-auth-challenge \
--user-pool-id us-west-2_EXAMPLE \
--client-id 1example23456789 \
--challenge-name SOFTWARE_TOKEN_MFA \
--challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \
--session AYABeExample...
```
输出:
```
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-ExAmPlE1"
}
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Admin authentication flow](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[AdminRespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Respond to an authentication challenge.
public static void adminRespondToAuthChallenge(CognitoIdentityProviderClient identityProviderClient,
String userName, String clientId, String mfaCode, String session) {
System.out.println("SOFTWARE_TOKEN_MFA challenge is generated");
Map challengeResponses = new HashMap<>();
challengeResponses.put("USERNAME", userName);
challengeResponses.put("SOFTWARE_TOKEN_MFA_CODE", mfaCode);
AdminRespondToAuthChallengeRequest respondToAuthChallengeRequest = AdminRespondToAuthChallengeRequest.builder()
.challengeName(ChallengeNameType.SOFTWARE_TOKEN_MFA)
.clientId(clientId)
.challengeResponses(challengeResponses)
.session(session)
.build();
AdminRespondToAuthChallengeResponse respondToAuthChallengeResult = identityProviderClient
.adminRespondToAuthChallenge(respondToAuthChallengeRequest);
System.out.println("respondToAuthChallengeResult.getAuthenticationResult()"
+ respondToAuthChallengeResult.authenticationResult());
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const adminRespondToAuthChallenge = ({
userPoolId,
clientId,
username,
totp,
session,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new AdminRespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: totp,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AdminRespondToAuthChallengeCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Respond to an authentication challenge.
suspend fun adminRespondToAuthChallenge(
userName: String,
clientIdVal: String?,
mfaCode: String,
sessionVal: String?,
) {
println("SOFTWARE_TOKEN_MFA challenge is generated")
val challengeResponsesOb = mutableMapOf()
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
val adminRespondToAuthChallengeRequest =
AdminRespondToAuthChallengeRequest {
challengeName = ChallengeNameType.SoftwareTokenMfa
clientId = clientIdVal
challengeResponses = challengeResponsesOb
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val respondToAuthChallengeResult = identityProviderClient.adminRespondToAuthChallenge(adminRespondToAuthChallengeRequest)
println("respondToAuthChallengeResult.getAuthenticationResult() ${respondToAuthChallengeResult.authenticationResult}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[AdminRespondToAuthChallenge](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
通过提供关联的 MFA 应用程序生成的代码来响应 MFA 质询。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def respond_to_mfa_challenge(self, user_name, session, mfa_code):
"""
Responds to a challenge for an MFA code. This completes the second step of
a two-factor sign-in. When sign-in is successful, it returns an access token
that can be used to get AWS credentials from Amazon Cognito.
:param user_name: The name of the user who is signing in.
:param session: Session information returned from a previous call to initiate
authentication.
:param mfa_code: A code generated by the associated MFA application.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
kwargs = {
"UserPoolId": self.user_pool_id,
"ClientId": self.client_id,
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": session,
"ChallengeResponses": {
"USERNAME": user_name,
"SOFTWARE_TOKEN_MFA_CODE": mfa_code,
},
}
if self.client_secret is not None:
kwargs["ChallengeResponses"]["SECRET_HASH"] = self._secret_hash(
user_name
)
response = self.cognito_idp_client.admin_respond_to_auth_challenge(**kwargs)
auth_result = response["AuthenticationResult"]
except ClientError as err:
if err.response["Error"]["Code"] == "ExpiredCodeException":
logger.warning(
"Your MFA code has expired or has been used already. You might have "
"to wait a few seconds until your app shows you a new code."
)
else:
logger.error(
"Couldn't respond to mfa challenge for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_result
```
+ 有关 API 的详细信息,请参阅适用[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
" Build challenge responses
DATA(lt_challenge_responses) = VALUE /aws1/cl_cgpchallengerspstyp00=>tt_challengeresponsestype(
( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow(
key = 'USERNAME'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_user_name ) ) )
( VALUE /aws1/cl_cgpchallengerspstyp00=>ts_challengerspstype_maprow(
key = 'SOFTWARE_TOKEN_MFA_CODE'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_mfa_code ) ) )
).
" Add SECRET_HASH if provided
IF iv_secret_hash IS NOT INITIAL.
INSERT VALUE #(
key = 'SECRET_HASH'
value = NEW /aws1/cl_cgpchallengerspstyp00( iv_secret_hash )
) INTO TABLE lt_challenge_responses.
ENDIF.
DATA(lo_result) = lo_cgp->adminrespondtoauthchallenge(
iv_userpoolid = iv_user_pool_id
iv_clientid = iv_client_id
iv_challengename = 'SOFTWARE_TOKEN_MFA'
it_challengeresponses = lt_challenge_responses
iv_session = iv_session
).
oo_auth_result = lo_result->get_authenticationresult( ).
IF oo_auth_result IS BOUND.
MESSAGE 'MFA challenge completed successfully.' TYPE 'I'.
ELSE.
" Another challenge might be required
DATA(lv_next_challenge) = lo_result->get_challengename( ).
MESSAGE |Additional challenge required: { lv_next_challenge }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex).
MESSAGE 'Invalid MFA code provided.' TYPE 'E'.
CATCH /aws1/cx_cgpexpiredcodeex INTO DATA(lo_expired_ex).
MESSAGE 'MFA code has expired.' TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized. Check MFA configuration.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[AdminRespondToAuthChallenge](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Respond to the authentication challenge received from Cognito after
/// initiating an authentication session. This involves sending a current
/// MFA code to the service.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - userName: The user's username.
/// - clientId: The app client ID.
/// - userPoolId: The user pool to sign into.
/// - mfaCode: The 6-digit MFA code currently displayed by the user's
/// authenticator.
/// - session: The authentication session to continue processing.
func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String,
clientId: String, userPoolId: String, mfaCode: String,
session: String) async {
print("=====> SOFTWARE_TOKEN_MFA challenge is generated...")
var challengeResponsesOb: [String: String] = [:]
challengeResponsesOb["USERNAME"] = userName
challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode
do {
let output = try await cipClient.adminRespondToAuthChallenge(
input: AdminRespondToAuthChallengeInput(
challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa,
challengeResponses: challengeResponsesOb,
clientId: clientId,
session: session,
userPoolId: userPoolId
)
)
guard let authenticationResult = output.authenticationResult else {
print("*** Unable to get authentication result.")
return
}
print("=====> Authentication result (JWTs are redacted):")
print(authenticationResult)
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username, \(userName), doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user \(userName) has not been confirmed.")
return
} catch let error as NotAuthorizedException {
print("*** Unauthorized access. Reason: \(error.properties.message ?? "")")
} catch {
print("*** Error responding to the MFA challenge.")
return
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[AdminRespondToAuthChallenge](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/adminrespondtoauthchallenge(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `AdminSetUserPassword`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `AdminSetUserPassword`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [在完成 Amazon Cognito 用户身份验证后使用 Lambda 函数写入自定义活动数据](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**以管理员身份设置用户密码**
以下 `admin-set-user-password` 示例永久设置 diego@example.com 的密码。
```
aws cognito-idp admin-set-user-password \
--user-pool-id us-west-2_EXAMPLE \
--username diego@example.com \
--password MyExamplePassword1! \
--permanent
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Passwords, password recovery, and password policies](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[AdminSetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-password.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// AdminSetUserPassword uses administrator credentials to set a password for a user without requiring a
// temporary password.
func (actor CognitoActions) AdminSetUserPassword(ctx context.Context, userPoolId string, userName string, password string) error {
_, err := actor.CognitoClient.AdminSetUserPassword(ctx, &cognitoidentityprovider.AdminSetUserPasswordInput{
Password: aws.String(password),
UserPoolId: aws.String(userPoolId),
Username: aws.String(userName),
Permanent: true,
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't set password for user %v. Here's why: %v\n", userName, err)
}
}
return err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[AdminSetUserPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.AdminSetUserPassword)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `AssociateSoftwareToken`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `AssociateSoftwareToken`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Get an MFA token to authenticate the user with the authenticator.
///
/// The session name.
/// The session name.
public async Task AssociateSoftwareTokenAsync(string session)
{
var softwareTokenRequest = new AssociateSoftwareTokenRequest
{
Session = session,
};
var tokenResponse = await _cognitoService.AssociateSoftwareTokenAsync(softwareTokenRequest);
var secretCode = tokenResponse.SecretCode;
Console.WriteLine($"Use the following secret code to set up the authenticator: {secretCode}");
return tokenResponse.Session;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[AssociateSoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenRequest request;
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::AssociateSoftwareTokenOutcome outcome =
client.AssociateSoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout
<< "Enter this setup key into an authenticator app, for example Google Authenticator."
<< std::endl;
std::cout << "Setup key: " << outcome.GetResult().GetSecretCode()
<< std::endl;
#ifdef USING_QR
printAsterisksLine();
std::cout << "\nOr scan the QR code in the file '" << QR_CODE_PATH << "."
<< std::endl;
saveQRCode(std::string("otpauth://totp/") + userName + "?secret=" +
outcome.GetResult().GetSecretCode());
#endif // USING_QR
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::AssociateSoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken)*中的。
------
#### [ CLI ]
**AWS CLI**
**为 MFA 身份验证器应用程序生成私有密钥**
以下 `associate-software-token` 示例为已注册并收到访问令牌的用户生成 TOTP 私有密钥。可手动将生成的私有密钥输入到身份验证器应用程序中,或者应用程序可以将私有密钥呈现为用户可扫描的二维码。
```
aws cognito-idp associate-software-token \
--access-token eyJra456defEXAMPLE
```
输出:
```
{
"SecretCode": "QWERTYUIOP123456EXAMPLE"
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [TOTP software token MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[AssociateSoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/associate-software-token.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static String getSecretForAppMFA(CognitoIdentityProviderClient identityProviderClient, String session) {
AssociateSoftwareTokenRequest softwareTokenRequest = AssociateSoftwareTokenRequest.builder()
.session(session)
.build();
AssociateSoftwareTokenResponse tokenResponse = identityProviderClient
.associateSoftwareToken(softwareTokenRequest);
String secretCode = tokenResponse.secretCode();
System.out.println("Enter this token into Google Authenticator");
System.out.println(secretCode);
return tokenResponse.session();
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[AssociateSoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/AssociateSoftwareToken)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const associateSoftwareToken = (session) => {
const client = new CognitoIdentityProviderClient({});
const command = new AssociateSoftwareTokenCommand({
Session: session,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[AssociateSoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/AssociateSoftwareTokenCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun getSecretForAppMFA(sessionVal: String?): String? {
val softwareTokenRequest =
AssociateSoftwareTokenRequest {
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val tokenResponse = identityProviderClient.associateSoftwareToken(softwareTokenRequest)
val secretCode = tokenResponse.secretCode
println("Enter this token into Google Authenticator")
println(secretCode)
return tokenResponse.session
}
}
```
+ 有关 API 的详细信息,请参阅适用[AssociateSoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def get_mfa_secret(self, session):
"""
Gets a token that can be used to associate an MFA application with the user.
:param session: Session information returned from a previous call to initiate
authentication.
:return: An MFA token that can be used to set up an MFA application.
"""
try:
response = self.cognito_idp_client.associate_software_token(Session=session)
except ClientError as err:
logger.error(
"Couldn't get MFA secret. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ 有关 API 的详细信息,请参阅适用[AssociateSoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
DATA(lo_result) = lo_cgp->associatesoftwaretoken(
iv_session = iv_session
).
ov_secret_code = lo_result->get_secretcode( ).
MESSAGE 'MFA secret code generated successfully.' TYPE 'I'.
CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex).
MESSAGE 'Session not found or expired.' TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized to associate software token.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[AssociateSoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Request and display an MFA secret token that the user should enter
/// into their authenticator to set it up for the user account.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - authSession: The authentication session to request an MFA secret
/// for.
///
/// - Returns: A string containing the MFA secret token that should be
/// entered into the authenticator software.
func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? {
do {
let output = try await cipClient.associateSoftwareToken(
input: AssociateSoftwareTokenInput(
session: authSession
)
)
guard let secretCode = output.secretCode else {
print("*** Unable to get the secret code")
return nil
}
print("=====> Enter this token into Google Authenticator: \(secretCode)")
return output.session
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return nil
} catch {
print("*** An unexpected error occurred getting the secret for the app's MFA.")
return nil
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[AssociateSoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/associatesoftwaretoken(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ConfirmDevice`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ConfirmDevice`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Initiates and confirms tracking of the device.
///
/// The user's access token.
/// The key of the device from Amazon Cognito.
/// The device name.
///
public async Task ConfirmDeviceAsync(string accessToken, string deviceKey, string deviceName)
{
var request = new ConfirmDeviceRequest
{
AccessToken = accessToken,
DeviceKey = deviceKey,
DeviceName = deviceName
};
var response = await _cognitoService.ConfirmDeviceAsync(request);
return response.UserConfirmationNecessary;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[ConfirmDevice](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice)*中的。
------
#### [ CLI ]
**AWS CLI**
**确认用户设备**
以下 `confirm-device` 示例为当前用户添加新的记忆设备。
```
aws cognito-idp confirm-device \
--access-token eyJra456defEXAMPLE \
--device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \
--device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0
```
输出:
```
{
"UserConfirmationNecessary": false
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with user devices in your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ConfirmDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-device.html)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const confirmDevice = ({ deviceKey, accessToken, passwordVerifier, salt }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmDeviceCommand({
DeviceKey: deviceKey,
AccessToken: accessToken,
DeviceSecretVerifierConfig: {
PasswordVerifier: passwordVerifier,
Salt: salt,
},
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[ConfirmDevice](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmDeviceCommand)*中的。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def confirm_mfa_device(
self,
user_name,
device_key,
device_group_key,
device_password,
access_token,
aws_srp,
):
"""
Confirms an MFA device to be tracked by Amazon Cognito. When a device is
tracked, its key and password can be used to sign in without requiring a new
MFA code from the MFA application.
:param user_name: The user that is associated with the device.
:param device_key: The key of the device, returned by Amazon Cognito.
:param device_group_key: The group key of the device, returned by Amazon Cognito.
:param device_password: The password that is associated with the device.
:param access_token: The user's access token.
:param aws_srp: A class that helps with Secure Remote Password (SRP)
calculations. The scenario associated with this example uses
the warrant package.
:return: True when the user must confirm the device. Otherwise, False. When
False, the device is automatically confirmed and tracked.
"""
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
device_and_pw = f"{device_group_key}{device_key}:{device_password}"
device_and_pw_hash = aws_srp.hash_sha256(device_and_pw.encode("utf-8"))
salt = aws_srp.pad_hex(aws_srp.get_random(16))
x_value = aws_srp.hex_to_long(aws_srp.hex_hash(salt + device_and_pw_hash))
verifier = aws_srp.pad_hex(pow(srp_helper.val_g, x_value, srp_helper.big_n))
device_secret_verifier_config = {
"PasswordVerifier": base64.standard_b64encode(
bytearray.fromhex(verifier)
).decode("utf-8"),
"Salt": base64.standard_b64encode(bytearray.fromhex(salt)).decode("utf-8"),
}
try:
response = self.cognito_idp_client.confirm_device(
AccessToken=access_token,
DeviceKey=device_key,
DeviceSecretVerifierConfig=device_secret_verifier_config,
)
user_confirm = response["UserConfirmationNecessary"]
except ClientError as err:
logger.error(
"Couldn't confirm mfa device %s. Here's why: %s: %s",
device_key,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return user_confirm
```
+ 有关 API 的详细信息,请参阅适用[ConfirmDevice](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice)于 *Python 的AWS SDK (Boto3) API 参考*。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ConfirmForgotPassword`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ConfirmForgotPassword`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [使用 Lambda 函数自动迁移已知用户](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
------
#### [ CLI ]
**AWS CLI**
**确认忘记的密码**
此示例确认用户名 diego@example.com 的已忘记密码。
命令:
```
aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ConfirmForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-forgot-password.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// ConfirmForgotPassword confirms a user with a confirmation code and a new password.
func (actor CognitoActions) ConfirmForgotPassword(ctx context.Context, clientId string, code string, userName string, password string) error {
_, err := actor.CognitoClient.ConfirmForgotPassword(ctx, &cognitoidentityprovider.ConfirmForgotPasswordInput{
ClientId: aws.String(clientId),
ConfirmationCode: aws.String(code),
Password: aws.String(password),
Username: aws.String(userName),
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't confirm user %v. Here's why: %v", userName, err)
}
}
return err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[ConfirmForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ConfirmForgotPassword)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ConfirmSignUp`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ConfirmSignUp`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Confirm that the user has signed up.
///
/// The Id of this application.
/// The confirmation code sent to the user.
/// The username.
/// True if successful.
public async Task ConfirmSignupAsync(string clientId, string code, string userName)
{
var signUpRequest = new ConfirmSignUpRequest
{
ClientId = clientId,
ConfirmationCode = code,
Username = userName,
};
var response = await _cognitoService.ConfirmSignUpAsync(signUpRequest);
if (response.HttpStatusCode == HttpStatusCode.OK)
{
Console.WriteLine($"{userName} was confirmed");
return true;
}
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[ConfirmSignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpRequest request;
request.SetClientId(clientID);
request.SetConfirmationCode(confirmationCode);
request.SetUsername(userName);
Aws::CognitoIdentityProvider::Model::ConfirmSignUpOutcome outcome =
client.ConfirmSignUp(request);
if (outcome.IsSuccess()) {
std::cout << "ConfirmSignup was Successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ConfirmSignUp. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp)*中的。
------
#### [ CLI ]
**AWS CLI**
**确认注册**
此示例确认用户名 diego@example.com 的注册。
命令:
```
aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-sign-up.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void confirmSignUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String code,
String userName) {
try {
ConfirmSignUpRequest signUpRequest = ConfirmSignUpRequest.builder()
.clientId(clientId)
.confirmationCode(code)
.username(userName)
.build();
identityProviderClient.confirmSignUp(signUpRequest);
System.out.println(userName + " was confirmed");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ConfirmSignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ConfirmSignUp)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const confirmSignUp = ({ clientId, username, code }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ConfirmSignUpCommand({
ClientId: clientId,
Username: username,
ConfirmationCode: code,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[ConfirmSignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ConfirmSignUpCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun confirmSignUp(
clientIdVal: String?,
codeVal: String?,
userNameVal: String?,
) {
val signUpRequest =
ConfirmSignUpRequest {
clientId = clientIdVal
confirmationCode = codeVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.confirmSignUp(signUpRequest)
println("$userNameVal was confirmed")
}
}
```
+ 有关 API 的详细信息,请参阅适用[ConfirmSignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def confirm_user_sign_up(self, user_name, confirmation_code):
"""
Confirms a previously created user. A user must be confirmed before they
can sign in to Amazon Cognito.
:param user_name: The name of the user to confirm.
:param confirmation_code: The confirmation code sent to the user's registered
email address.
:return: True when the confirmation succeeds.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"ConfirmationCode": confirmation_code,
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
self.cognito_idp_client.confirm_sign_up(**kwargs)
except ClientError as err:
logger.error(
"Couldn't confirm sign up for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return True
```
+ 有关 API 的详细信息,请参阅适用[ConfirmSignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Submit a confirmation code for the specified user. This is the code as
/// entered by the user after they've received it by email or text
/// message.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The app client ID the user is signing up for.
/// - userName: The username of the user whose code is being sent.
/// - code: The user's confirmation code.
///
/// - Returns: `true` if the code was successfully confirmed; otherwise `false`.
func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String, code: String) async -> Bool {
do {
_ = try await cipClient.confirmSignUp(
input: ConfirmSignUpInput(
clientId: clientId,
confirmationCode: code,
username: userName
)
)
print("=====> \(userName) has been confirmed.")
return true
} catch {
print("=====> \(userName)'s code was entered incorrectly.")
return false
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[ConfirmSignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/confirmsignup(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `CreateUserPool`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `CreateUserPool`。
------
#### [ CLI ]
**AWS CLI**
**创建最低配置的用户池**
此示例创建了一个 MyUserPool 使用默认值命名的用户池。没有必要的属性,也没有应用程序客户端。MFA 和高级安全功能已禁用。
命令:
```
aws cognito-idp create-user-pool --pool-name MyUserPool
```
输出:
```
{
"UserPool": {
"SchemaAttributes": [
{
"Name": "sub",
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": true,
"AttributeDataType": "String",
"Mutable": false
},
{
"Name": "name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "given_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "family_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "middle_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "nickname",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "preferred_username",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "profile",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "picture",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "website",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "email",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "email_verified",
"Mutable": true
},
{
"Name": "gender",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "birthdate",
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "zoneinfo",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "locale",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "phone_number",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "phone_number_verified",
"Mutable": true
},
{
"Name": "address",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "updated_at",
"NumberAttributeConstraints": {
"MinValue": "0"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "Number",
"Mutable": true
}
],
"MfaConfiguration": "OFF",
"Name": "MyUserPool",
"LastModifiedDate": 1547833345.777,
"AdminCreateUserConfig": {
"UnusedAccountValidityDays": 7,
"AllowAdminCreateUserOnly": false
},
"EmailConfiguration": {},
"Policies": {
"PasswordPolicy": {
"RequireLowercase": true,
"RequireSymbols": true,
"RequireNumbers": true,
"MinimumLength": 8,
"RequireUppercase": true
}
},
"CreationDate": 1547833345.777,
"EstimatedNumberOfUsers": 0,
"Id": "us-west-2_aaaaaaaaa",
"LambdaConfig": {}
}
}
```
**创建具有两个必要属性的用户池**
此示例创建了一个用户池 MyUserPool。该池配置为接受电子邮件作为用户名属性。它还使用 Amazon Simple Email Service 将电子邮件源地址设置为经过验证的地址。
命令:
```
aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com"
```
输出:
```
{
"UserPool": {
"SchemaAttributes": [
{
"Name": "sub",
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": true,
"AttributeDataType": "String",
"Mutable": false
},
{
"Name": "name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "given_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "family_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "middle_name",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "nickname",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "preferred_username",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "profile",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "picture",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "website",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "email",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "email_verified",
"Mutable": true
},
{
"Name": "gender",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "birthdate",
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "zoneinfo",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "locale",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "phone_number",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Required": false,
"Name": "phone_number_verified",
"Mutable": true
},
{
"Name": "address",
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "String",
"Mutable": true
},
{
"Name": "updated_at",
"NumberAttributeConstraints": {
"MinValue": "0"
},
"DeveloperOnlyAttribute": false,
"Required": false,
"AttributeDataType": "Number",
"Mutable": true
}
],
"MfaConfiguration": "OFF",
"Name": "MyUserPool",
"LastModifiedDate": 1547837788.189,
"AdminCreateUserConfig": {
"UnusedAccountValidityDays": 7,
"AllowAdminCreateUserOnly": false
},
"EmailConfiguration": {
"ReplyToEmailAddress": "jane@example.com",
"SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com"
},
"Policies": {
"PasswordPolicy": {
"RequireLowercase": true,
"RequireSymbols": true,
"RequireNumbers": true,
"MinimumLength": 8,
"RequireUppercase": true
}
},
"UsernameAttributes": [
"email"
],
"CreationDate": 1547837788.189,
"EstimatedNumberOfUsers": 0,
"Id": "us-west-2_aaaaaaaaa",
"LambdaConfig": {}
}
}
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[CreateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPool {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolName - The name to give your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolName = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
String id = createPool(cognitoClient, userPoolName);
System.out.println("User pool ID: " + id);
cognitoClient.close();
}
public static String createPool(CognitoIdentityProviderClient cognitoClient, String userPoolName) {
try {
CreateUserPoolRequest request = CreateUserPoolRequest.builder()
.poolName(userPoolName)
.build();
CreateUserPoolResponse response = cognitoClient.createUserPool(request);
return response.userPool().id();
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[CreateUserPool](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPool)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `CreateUserPoolClient`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `CreateUserPoolClient`。
------
#### [ CLI ]
**AWS CLI**
**创建用户池客户端**
以下`create-user-pool-client`示例创建了一个新的用户池客户端,该客户端具有客户端密钥、显式读取和写入属性、使用用户名密码和 SRP 流程登录、使用三个用户名密码登录、对 OAuth 范围子集的访问权限 IdPs、 PinPoint 分析和扩展的身份验证会话有效期。
```
aws cognito-idp create-user-pool-client \
--user-pool-id us-west-2_EXAMPLE \
--client-name MyTestClient \
--generate-secret \
--refresh-token-validity 10 \
--access-token-validity 60 \
--id-token-validity 60 \
--token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \
--read-attributes email phone_number email_verified phone_number_verified \
--write-attributes email phone_number \
--explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \
--supported-identity-providers Google Facebook MyOIDC \
--callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \
--allowed-o-auth-flows code implicit \
--allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \
--allowed-o-auth-flows-user-pool-client \
--analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \
--prevent-user-existence-errors ENABLED \
--enable-token-revocation \
--enable-propagate-additional-user-context-data \
--auth-session-validity 4
```
输出:
```
{
"UserPoolClient": {
"UserPoolId": "us-west-2_EXAMPLE",
"ClientName": "MyTestClient",
"ClientId": "123abc456defEXAMPLE",
"ClientSecret": "this1234is5678my91011example1213client1415secret",
"LastModifiedDate": 1726788459.464,
"CreationDate": 1726788459.464,
"RefreshTokenValidity": 10,
"AccessTokenValidity": 60,
"IdTokenValidity": 60,
"TokenValidityUnits": {
"AccessToken": "minutes",
"IdToken": "minutes",
"RefreshToken": "days"
},
"ReadAttributes": [
"email_verified",
"phone_number_verified",
"phone_number",
"email"
],
"WriteAttributes": [
"phone_number",
"email"
],
"ExplicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"SupportedIdentityProviders": [
"Google",
"MyOIDC",
"Facebook"
],
"CallbackURLs": [
"https://example.com",
"https://www.amazon.com",
"myapp://example",
"http://localhost:8001"
],
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthScopes": [
"aws.cognito.signin.user.admin",
"openid",
"profile",
"solar-system-data/asteroids.add"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AnalyticsConfiguration": {
"ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid",
"RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp",
"UserDataShared": true
},
"PreventUserExistenceErrors": "ENABLED",
"EnableTokenRevocation": true,
"EnablePropagateAdditionalUserContextData": true,
"AuthSessionValidity": 4
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Application-specific settings with app clients](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
/**
* A user pool client app is an application that authenticates with Amazon
* Cognito user pools.
* When you create a user pool, you can configure app clients that allow mobile
* or web applications
* to call API operations to authenticate users, manage user attributes and
* profiles,
* and implement sign-up and sign-in flows.
*
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPoolClient {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
clientName - The name for the user pool client to create.
userPoolId - The ID for the user pool.
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientName = args[0];
String userPoolId = args[1];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
createPoolClient(cognitoClient, clientName, userPoolId);
cognitoClient.close();
}
public static void createPoolClient(CognitoIdentityProviderClient cognitoClient, String clientName,
String userPoolId) {
try {
CreateUserPoolClientRequest request = CreateUserPoolClientRequest.builder()
.clientName(clientName)
.userPoolId(userPoolId)
.build();
CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient(request);
System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: "
+ response.userPoolClient().clientId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[CreateUserPoolClient](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPoolClient)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `DeleteUser`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `DeleteUser`。
操作示例是大型程序的代码摘录,必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文:
+ [使用 Lambda 函数自动确认已知用户](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [使用 Lambda 函数自动迁移已知用户](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [在完成 Amazon Cognito 用户身份验证后使用 Lambda 函数写入自定义活动数据](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::DeleteUserRequest request;
request.SetAccessToken(accessToken);
Aws::CognitoIdentityProvider::Model::DeleteUserOutcome outcome =
client.DeleteUser(request);
if (outcome.IsSuccess()) {
std::cout << "The user " << userName << " was deleted."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::DeleteUser. "
<< outcome.GetError().GetMessage()
<< std::endl;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[DeleteUser](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUser)*中的。
------
#### [ CLI ]
**AWS CLI**
**删除用户**
此示例删除一个用户。
命令:
```
aws cognito-idp delete-user --access-token ACCESS_TOKEN
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// DeleteUser removes a user from the user pool.
func (actor CognitoActions) DeleteUser(ctx context.Context, userAccessToken string) error {
_, err := actor.CognitoClient.DeleteUser(ctx, &cognitoidentityprovider.DeleteUserInput{
AccessToken: aws.String(userAccessToken),
})
if err != nil {
log.Printf("Couldn't delete user. Here's why: %v\n", err)
}
return err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[DeleteUser](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.DeleteUser)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples)中查找完整示例,了解如何进行设置和运行。
```
/**
* Delete the signed-in user. Useful for allowing a user to delete their
* own profile.
* @param {{ region: string, accessToken: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").DeleteUserCommandOutput | null, unknown]>}
*/
export const deleteUser = async ({ region, accessToken }) => {
try {
const client = new CognitoIdentityProviderClient({ region });
const response = await client.send(
new DeleteUserCommand({ AccessToken: accessToken }),
);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/DeleteUserCommand)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ForgotPassword`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ForgotPassword`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [使用 Lambda 函数自动迁移已知用户](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
------
#### [ CLI ]
**AWS CLI**
**强制密码更改**
以下的 `forgot-password` 示例向 jane@example.com 发送一条消息,要求他们更改密码。
```
aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com
```
输出:
```
{
"CodeDeliveryDetails": {
"Destination": "j***@e***.com",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
}
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forgot-password.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// ForgotPassword starts a password recovery flow for a user. This flow typically sends a confirmation code
// to the user's configured notification destination, such as email.
func (actor CognitoActions) ForgotPassword(ctx context.Context, clientId string, userName string) (*types.CodeDeliveryDetailsType, error) {
output, err := actor.CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
ClientId: aws.String(clientId),
Username: aws.String(userName),
})
if err != nil {
log.Printf("Couldn't start password reset for user '%v'. Here;s why: %v\n", userName, err)
}
return output.CodeDeliveryDetails, err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[ForgotPassword](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ForgotPassword)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `InitiateAuth`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `InitiateAuth`。
操作示例是大型程序的代码摘录,必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文:
+ [使用 Lambda 函数自动确认已知用户](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [使用 Lambda 函数自动迁移已知用户](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
+ [在完成 Amazon Cognito 用户身份验证后使用 Lambda 函数写入自定义活动数据](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Initiate authorization.
///
/// The client Id of the application.
/// The name of the user who is authenticating.
/// The password for the user who is authenticating.
/// The response from the initiate auth request.
public async Task InitiateAuthAsync(string clientId, string userName, string password)
{
var authParameters = new Dictionary();
authParameters.Add("USERNAME", userName);
authParameters.Add("PASSWORD", password);
var authRequest = new InitiateAuthRequest
{
ClientId = clientId,
AuthParameters = authParameters,
AuthFlow = AuthFlowType.USER_PASSWORD_AUTH,
};
var response = await _cognitoService.InitiateAuthAsync(authRequest);
Console.WriteLine($"Result Challenge is : {response.ChallengeName}");
return response;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[InitiateAuth](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth)*中的。
------
#### [ CLI ]
**AWS CLI**
**让用户登录**
以下 `initiate-auth` 示例让用户使用基本的用户名/密码流程登录,无需进行其它质询。
```
aws cognito-idp initiate-auth \
--auth-flow USER_PASSWORD_AUTH \
--client-id 1example23456789 \
--analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \
--auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue
```
输出:
```
{
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-v7w9UcY6"
}
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Authentication](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[InitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/initiate-auth.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// SignIn signs in a user to Amazon Cognito using a username and password authentication flow.
func (actor CognitoActions) SignIn(ctx context.Context, clientId string, userName string, password string) (*types.AuthenticationResultType, error) {
var authResult *types.AuthenticationResultType
output, err := actor.CognitoClient.InitiateAuth(ctx, &cognitoidentityprovider.InitiateAuthInput{
AuthFlow: "USER_PASSWORD_AUTH",
ClientId: aws.String(clientId),
AuthParameters: map[string]string{"USERNAME": userName, "PASSWORD": password},
})
if err != nil {
var resetRequired *types.PasswordResetRequiredException
if errors.As(err, &resetRequired) {
log.Println(*resetRequired.Message)
} else {
log.Printf("Couldn't sign in user %v. Here's why: %v\n", userName, err)
}
} else {
authResult = output.AuthenticationResult
}
return authResult, err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[InitiateAuth](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.InitiateAuth)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const initiateAuth = ({ username, password, clientId }) => {
const client = new CognitoIdentityProviderClient({});
const command = new InitiateAuthCommand({
AuthFlow: AuthFlowType.USER_PASSWORD_AUTH,
AuthParameters: {
USERNAME: username,
PASSWORD: password,
},
ClientId: clientId,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[InitiateAuth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/InitiateAuthCommand)*中的。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
此示例演示了如何使用被跟踪设备开始身份验证。要完成登录,客户端必须正确响应安全远程密码(SRP)质询。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
+ 有关 API 的详细信息,请参阅适用[InitiateAuth](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth)于 *Python 的AWS SDK (Boto3) API 参考*。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ListUserPools`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ListUserPools`。
------
#### [ .NET ]
**适用于 .NET 的 SDK (v4)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv4/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// List the Amazon Cognito user pools for an account.
///
/// A list of UserPoolDescriptionType objects.
public async Task> ListUserPoolsAsync()
{
var userPools = new List();
var userPoolsPaginator = _cognitoService.Paginators.ListUserPools(new ListUserPoolsRequest());
await foreach (var response in userPoolsPaginator.Responses)
{
userPools.AddRange(response.UserPools);
}
return userPools;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[ListUserPools](https://docs.aws.amazon.com/goto/DotNetSDKV4/cognito-idp-2016-04-18/ListUserPools)*中的。
------
#### [ CLI ]
**AWS CLI**
**列出用户池**
以下`list-user-pools`示例列出了当前 CLI 凭证 AWS 账户中的 3 个可用用户池。
```
aws cognito-idp list-user-pools \
--max-results 3
```
输出:
```
{
"NextToken": "[Pagination token]",
"UserPools": [
{
"CreationDate": 1681502497.741,
"Id": "us-west-2_EXAMPLE1",
"LambdaConfig": {
"CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"PreTokenGenerationConfig": {
"LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction",
"LambdaVersion": "V1_0"
}
},
"LastModifiedDate": 1681502497.741,
"Name": "user pool 1"
},
{
"CreationDate": 1686064178.717,
"Id": "us-west-2_EXAMPLE2",
"LambdaConfig": {
},
"LastModifiedDate": 1686064178.873,
"Name": "user pool 2"
},
{
"CreationDate": 1627681712.237,
"Id": "us-west-2_EXAMPLE3",
"LambdaConfig": {
"UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction"
},
"LastModifiedDate": 1678486942.479,
"Name": "user pool 3"
}
]
}
```
有关更多信息,请参阅 *Amazon Cognito 开发人员指南*中的 [Amazon Cognito 用户池](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ListUserPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pools.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
package main
import (
"context"
"fmt"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
// main uses the AWS SDK for Go V2 to create an Amazon Simple Notification Service
// (Amazon SNS) client and list the topics in your account.
// This example uses the default settings specified in your shared credentials
// and config files.
func main() {
ctx := context.Background()
sdkConfig, err := config.LoadDefaultConfig(ctx)
if err != nil {
fmt.Println("Couldn't load default configuration. Have you set up your AWS account?")
fmt.Println(err)
return
}
cognitoClient := cognitoidentityprovider.NewFromConfig(sdkConfig)
fmt.Println("Let's list the user pools for your account.")
var pools []types.UserPoolDescriptionType
paginator := cognitoidentityprovider.NewListUserPoolsPaginator(
cognitoClient, &cognitoidentityprovider.ListUserPoolsInput{MaxResults: aws.Int32(10)})
for paginator.HasMorePages() {
output, err := paginator.NextPage(ctx)
if err != nil {
log.Printf("Couldn't get user pools. Here's why: %v\n", err)
} else {
pools = append(pools, output.UserPools...)
}
}
if len(pools) == 0 {
fmt.Println("You don't have any user pools!")
} else {
for _, pool := range pools {
fmt.Printf("\t%v: %v\n", *pool.Name, *pool.Id)
}
}
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[ListUserPools](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.ListUserPools)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsResponse;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUserPoolsRequest;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUserPools {
public static void main(String[] args) {
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUserPools(cognitoClient);
cognitoClient.close();
}
public static void listAllUserPools(CognitoIdentityProviderClient cognitoClient) {
try {
ListUserPoolsRequest request = ListUserPoolsRequest.builder()
.maxResults(10)
.build();
ListUserPoolsResponse response = cognitoClient.listUserPools(request);
response.userPools().forEach(userpool -> {
System.out.println("User pool " + userpool.name() + ", User ID " + userpool.id());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ListUserPools](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUserPools)*中的。
------
#### [ Rust ]
**适用于 Rust 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/cognitoidentityprovider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
async fn show_pools(client: &Client) -> Result<(), Error> {
let response = client.list_user_pools().max_results(10).send().await?;
let pools = response.user_pools();
println!("User pools:");
for pool in pools {
println!(" ID: {}", pool.id().unwrap_or_default());
println!(" Name: {}", pool.name().unwrap_or_default());
println!(" Lambda Config: {:?}", pool.lambda_config().unwrap());
println!(
" Last modified: {}",
pool.last_modified_date().unwrap().to_chrono_utc()?
);
println!(
" Creation date: {:?}",
pool.creation_date().unwrap().to_chrono_utc()
);
println!();
}
println!("Next token: {}", response.next_token().unwrap_or_default());
Ok(())
}
```
+ 有关 API 的详细信息,请参阅适用[ListUserPools](https://docs.rs/aws-sdk-cognitoidentityprovider/latest/aws_sdk_cognitoidentityprovider/client/struct.Client.html#method.list_user_pools)于 *Rust 的AWS SDK API 参考*。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ListUsers`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ListUsers`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Get a list of users for the Amazon Cognito user pool.
///
/// The user pool ID.
/// A list of users.
public async Task> ListUsersAsync(string userPoolId)
{
var request = new ListUsersRequest
{
UserPoolId = userPoolId
};
var users = new List();
var usersPaginator = _cognitoService.Paginators.ListUsers(request);
await foreach (var response in usersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers)*中的。
------
#### [ CLI ]
**AWS CLI**
**示例 1:使用服务器端筛选条件列出用户**
以下 `list-users` 示例列出了所请求的用户池中其电子邮件地址以 `testuser` 开头的 3 个用户。
```
aws cognito-idp list-users \
--user-pool-id us-west-2_EXAMPLE \
--filter email^=\"testuser\" \
--max-items 3
```
输出:
```
{
"PaginationToken": "efgh5678EXAMPLE",
"Users": [
{
"Attributes": [
{
"Name": "sub",
"Value": "eaad0219-2117-439f-8d46-4db20e59268f"
},
{
"Name": "email",
"Value": "testuser@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1682955829.578,
"UserLastModifiedDate": 1689030181.63,
"UserStatus": "CONFIRMED",
"Username": "testuser"
},
{
"Attributes": [
{
"Name": "sub",
"Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90"
},
{
"Name": "email",
"Value": "testuser2@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1684427979.201,
"UserLastModifiedDate": 1684427979.201,
"UserStatus": "UNCONFIRMED",
"Username": "testuser2"
},
{
"Attributes": [
{
"Name": "sub",
"Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7"
},
{
"Name": "email",
"Value": "testuser3@example.com"
}
],
"Enabled": true,
"UserCreateDate": 1684427823.641,
"UserLastModifiedDate": 1684427823.641,
"UserStatus": "UNCONFIRMED",
"Username": "testuser3@example.com"
}
]
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing and searching for users](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html)。
**示例 2:使用客户端筛选条件列出用户**
以下 `list-users` 示例列出了三个用户的属性,这些用户所具有的一个属性(在本例中为他们的电子邮件地址)包含电子邮件域“@example.com”。如果其它属性包含了此字符串,则也会显示这些属性。第二个用户没有与查询匹配的属性,因此会从显示的输出中排除,但不会从服务器响应中排除。
```
aws cognito-idp list-users \
--user-pool-id us-west-2_EXAMPLE \
--max-items 3
--query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\]
```
输出:
```
[
[
{
"Name": "email",
"Value": "admin@example.com"
}
],
[],
[
{
"Name": "email",
"Value": "operator@example.com"
}
]
]
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing and searching for users](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.ListUsersResponse;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ListUsers {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
userPoolId - The ID given to your user pool when it's created.
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String userPoolId = args[0];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
listAllUsers(cognitoClient, userPoolId);
listUsersFilter(cognitoClient, userPoolId);
cognitoClient.close();
}
public static void listAllUsers(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User " + user.username() + " Status " + user.userStatus() + " Created "
+ user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
// Shows how to list users by using a filter.
public static void listUsersFilter(CognitoIdentityProviderClient cognitoClient, String userPoolId) {
try {
String filter = "email = \"tblue@noserver.com\"";
ListUsersRequest usersRequest = ListUsersRequest.builder()
.userPoolId(userPoolId)
.filter(filter)
.build();
ListUsersResponse response = cognitoClient.listUsers(usersRequest);
response.users().forEach(user -> {
System.out.println("User with filter applied " + user.username() + " Status " + user.userStatus()
+ " Created " + user.userCreateDate());
});
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ListUsers](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ListUsers)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const listUsers = ({ userPoolId }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ListUsersCommand({
UserPoolId: userPoolId,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ListUsersCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun listAllUsers(userPoolId: String) {
val request =
ListUsersRequest {
this.userPoolId = userPoolId
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { cognitoClient ->
val response = cognitoClient.listUsers(request)
response.users?.forEach { user ->
println("The user name is ${user.username}")
}
}
}
```
+ 有关 API 的详细信息,请参阅适用[ListUsers](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def list_users(self):
"""
Returns a list of the users in the current user pool.
:return: The list of users.
"""
try:
response = self.cognito_idp_client.list_users(UserPoolId=self.user_pool_id)
users = response["Users"]
except ClientError as err:
logger.error(
"Couldn't list users for %s. Here's why: %s: %s",
self.user_pool_id,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return users
```
+ 有关 API 的详细信息,请参阅适用[ListUsers](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
DATA(lo_result) = lo_cgp->listusers(
iv_userpoolid = iv_user_pool_id
).
ot_users = lo_result->get_users( ).
MESSAGE |Found { lines( ot_users ) } users in the pool.| TYPE 'I'.
CATCH /aws1/cx_cgpresourcenotfoundex INTO DATA(lo_ex).
MESSAGE |User pool { iv_user_pool_id } not found.| TYPE 'E'.
CATCH /aws1/cx_cgpnotauthorizedex INTO DATA(lo_auth_ex).
MESSAGE 'Not authorized to list users.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[ListUsers](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
do {
let output = try await cognitoClient.listUsers(
input: ListUsersInput(
userPoolId: poolId
)
)
guard let users = output.users else {
print("No users found.")
return
}
print("\(users.count) user(s) found.")
for user in users {
print(" \(user.username ?? "")")
}
} catch _ as NotAuthorizedException {
print("*** Please authenticate with AWS before using this command.")
return
} catch _ as ResourceNotFoundException {
print("*** The specified User Pool was not found.")
return
} catch {
print("*** An unexpected type of error occurred.")
return
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[ListUsers](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/listusers(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `ResendConfirmationCode`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `ResendConfirmationCode`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Send a new confirmation code to a user.
///
/// The Id of the client application.
/// The username of user who will receive the code.
/// The delivery details.
public async Task ResendConfirmationCodeAsync(string clientId, string userName)
{
var codeRequest = new ResendConfirmationCodeRequest
{
ClientId = clientId,
Username = userName,
};
var response = await _cognitoService.ResendConfirmationCodeAsync(codeRequest);
Console.WriteLine($"Method of delivery is {response.CodeDeliveryDetails.DeliveryMedium}");
return response.CodeDeliveryDetails;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[ResendConfirmationCode](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeRequest request;
request.SetUsername(userName);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::ResendConfirmationCodeOutcome outcome =
client.ResendConfirmationCode(request);
if (outcome.IsSuccess()) {
std::cout
<< "CognitoIdentityProvider::ResendConfirmationCode was successful."
<< std::endl;
}
else {
std::cerr << "Error with CognitoIdentityProvider::ResendConfirmationCode. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode)*中的。
------
#### [ CLI ]
**AWS CLI**
**重新发送确认码**
以下 `resend-confirmation-code` 示例向用户 `jane` 发送确认码。
```
aws cognito-idp resend-confirmation-code \
--client-id 12a3b456c7de890f11g123hijk \
--username jane
```
输出:
```
{
"CodeDeliveryDetails": {
"Destination": "j***@e***.com",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
}
```
有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[注册并确认用户账户](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[ResendConfirmationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/resend-confirmation-code.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void resendConfirmationCode(CognitoIdentityProviderClient identityProviderClient, String clientId,
String userName) {
try {
ResendConfirmationCodeRequest codeRequest = ResendConfirmationCodeRequest.builder()
.clientId(clientId)
.username(userName)
.build();
ResendConfirmationCodeResponse response = identityProviderClient.resendConfirmationCode(codeRequest);
System.out.println("Method of delivery is " + response.codeDeliveryDetails().deliveryMediumAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[ResendConfirmationCode](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/ResendConfirmationCode)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const resendConfirmationCode = ({ clientId, username }) => {
const client = new CognitoIdentityProviderClient({});
const command = new ResendConfirmationCodeCommand({
ClientId: clientId,
Username: username,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[ResendConfirmationCode](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/ResendConfirmationCodeCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun resendConfirmationCode(
clientIdVal: String?,
userNameVal: String?,
) {
val codeRequest =
ResendConfirmationCodeRequest {
clientId = clientIdVal
username = userNameVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val response = identityProviderClient.resendConfirmationCode(codeRequest)
println("Method of delivery is " + (response.codeDeliveryDetails?.deliveryMedium))
}
}
```
+ 有关 API 的详细信息,请参阅适用[ResendConfirmationCode](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def resend_confirmation(self, user_name):
"""
Prompts Amazon Cognito to resend an email with a new confirmation code.
:param user_name: The name of the user who will receive the email.
:return: Delivery information about where the email is sent.
"""
try:
kwargs = {"ClientId": self.client_id, "Username": user_name}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.resend_confirmation_code(**kwargs)
delivery = response["CodeDeliveryDetails"]
except ClientError as err:
logger.error(
"Couldn't resend confirmation to %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return delivery
```
+ 有关 API 的详细信息,请参阅适用[ResendConfirmationCode](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Requests a new confirmation code be sent to the given user's contact
/// method.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The application client ID.
/// - userName: The user to resend a code for.
///
/// - Returns: `true` if a new code was sent successfully, otherwise
/// `false`.
func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String,
userName: String) async -> Bool {
do {
let output = try await cipClient.resendConfirmationCode(
input: ResendConfirmationCodeInput(
clientId: clientId,
username: userName
)
)
guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else {
print("*** Unable to get the delivery method for the resent code.")
return false
}
print("=====> A new code has been sent by \(deliveryMedium)")
return true
} catch {
print("*** Unable to resend the confirmation code to user \(userName).")
return false
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[ResendConfirmationCode](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/resendconfirmationcode(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `RespondToAuthChallenge`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `RespondToAuthChallenge`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ CLI ]
**AWS CLI**
**示例 1:响应 NEW\$1PASSWORD\$1REQUIRED 质询**
以下 `respond-to-auth-challenge` 示例响应了 initiate-auth 返回的 NEW\$1PASSWORD\$1REQUIRED 质询。它为用户 `jane@example.com` 设置密码。
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789 \
--challenge-name NEW_PASSWORD_REQUIRED \
--challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \
--session AYABeEv5HklEXAMPLE
```
输出:
```
{
"ChallengeParameters": {},
"AuthenticationResult": {
"AccessToken": "ACCESS_TOKEN",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "REFRESH_TOKEN",
"IdToken": "ID_TOKEN",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-wt2ha1Zd"
}
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Authentication](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。
**示例 2:响应 SELECT\$1MFA\$1TYPE 质询**
以下 `respond-to-auth-challenge` 示例选择 TOTP MFA 作为当前用户的 MFA 选项。系统会提示用户选择 MFA 类型,接下来将提示用户输入其 MFA 代码。
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789
--session AYABeEv5HklEXAMPLE
--challenge-name SELECT_MFA_TYPE
--challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA
```
输出:
```
{
"ChallengeName": "SOFTWARE_TOKEN_MFA",
"Session": "AYABeEv5HklEXAMPLE",
"ChallengeParameters": {
"FRIENDLY_DEVICE_NAME": "transparent"
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。
**示例 3:响应 SOFTWARE\$1TOKEN\$1MFA 质询**
以下 `respond-to-auth-challenge` 示例提供 TOTP MFA 代码并完成登录。
```
aws cognito-idp respond-to-auth-challenge \
--client-id 1example23456789 \
--session AYABeEv5HklEXAMPLE \
--challenge-name SOFTWARE_TOKEN_MFA \
--challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456
```
输出:
```
{
"AuthenticationResult": {
"AccessToken": "eyJra456defEXAMPLE",
"ExpiresIn": 3600,
"TokenType": "Bearer",
"RefreshToken": "eyJra123abcEXAMPLE",
"IdToken": "eyJra789ghiEXAMPLE",
"NewDeviceMetadata": {
"DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"DeviceGroupKey": "-v7w9UcY6"
}
}
}
```
有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[RespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const respondToAuthChallenge = ({
clientId,
username,
session,
userPoolId,
code,
}) => {
const client = new CognitoIdentityProviderClient({});
const command = new RespondToAuthChallengeCommand({
ChallengeName: ChallengeNameType.SOFTWARE_TOKEN_MFA,
ChallengeResponses: {
SOFTWARE_TOKEN_MFA_CODE: code,
USERNAME: username,
},
ClientId: clientId,
UserPoolId: userPoolId,
Session: session,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[RespondToAuthChallenge](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/RespondToAuthChallengeCommand)*中的。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
登录跟踪的设备。要完成登录,客户端必须正确响应安全远程密码 (SRP) 质询。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_in_with_tracked_device(
self,
user_name,
password,
device_key,
device_group_key,
device_password,
aws_srp,
):
"""
Signs in to Amazon Cognito as a user who has a tracked device. Signing in
with a tracked device lets a user sign in without entering a new MFA code.
Signing in with a tracked device requires that the client respond to the SRP
protocol. The scenario associated with this example uses the warrant package
to help with SRP calculations.
For more information on SRP, see https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol.
:param user_name: The user that is associated with the device.
:param password: The user's password.
:param device_key: The key of a tracked device.
:param device_group_key: The group key of a tracked device.
:param device_password: The password that is associated with the device.
:param aws_srp: A class that helps with SRP calculations. The scenario
associated with this example uses the warrant package.
:return: The result of the authentication. When successful, this contains an
access token for the user.
"""
try:
srp_helper = aws_srp.AWSSRP(
username=user_name,
password=device_password,
pool_id="_",
client_id=self.client_id,
client_secret=None,
client=self.cognito_idp_client,
)
response_init = self.cognito_idp_client.initiate_auth(
ClientId=self.client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"DEVICE_KEY": device_key,
},
)
if response_init["ChallengeName"] != "DEVICE_SRP_AUTH":
raise RuntimeError(
f"Expected DEVICE_SRP_AUTH challenge but got {response_init['ChallengeName']}."
)
auth_params = srp_helper.get_auth_params()
auth_params["DEVICE_KEY"] = device_key
response_auth = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_SRP_AUTH",
ChallengeResponses=auth_params,
)
if response_auth["ChallengeName"] != "DEVICE_PASSWORD_VERIFIER":
raise RuntimeError(
f"Expected DEVICE_PASSWORD_VERIFIER challenge but got "
f"{response_init['ChallengeName']}."
)
challenge_params = response_auth["ChallengeParameters"]
challenge_params["USER_ID_FOR_SRP"] = device_group_key + device_key
cr = srp_helper.process_challenge(challenge_params, {"USERNAME": user_name})
cr["USERNAME"] = user_name
cr["DEVICE_KEY"] = device_key
response_verifier = self.cognito_idp_client.respond_to_auth_challenge(
ClientId=self.client_id,
ChallengeName="DEVICE_PASSWORD_VERIFIER",
ChallengeResponses=cr,
)
auth_tokens = response_verifier["AuthenticationResult"]
except ClientError as err:
logger.error(
"Couldn't start client sign in for %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
return auth_tokens
```
+ 有关 API 的详细信息,请参阅适用[RespondToAuthChallenge](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge)于 *Python 的AWS SDK (Boto3) API 参考*。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `SignUp`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `SignUp`。
操作示例是大型程序的代码摘录,必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文:
+ [使用 Lambda 函数自动确认已知用户](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [使用 Lambda 函数自动迁移已知用户](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Sign up a new user.
///
/// The client Id of the application.
/// The username to use.
/// The user's password.
/// The email address of the user.
/// A Boolean value indicating whether the user was confirmed.
public async Task SignUpAsync(string clientId, string userName, string password, string email)
{
var userAttrs = new AttributeType
{
Name = "email",
Value = email,
};
var userAttrsList = new List();
userAttrsList.Add(userAttrs);
var signUpRequest = new SignUpRequest
{
UserAttributes = userAttrsList,
Username = userName,
ClientId = clientId,
Password = password
};
var response = await _cognitoService.SignUpAsync(signUpRequest);
return response.HttpStatusCode == HttpStatusCode.OK;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[SignUp](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::SignUpRequest request;
request.AddUserAttributes(
Aws::CognitoIdentityProvider::Model::AttributeType().WithName(
"email").WithValue(email));
request.SetUsername(userName);
request.SetPassword(password);
request.SetClientId(clientID);
Aws::CognitoIdentityProvider::Model::SignUpOutcome outcome =
client.SignUp(request);
if (outcome.IsSuccess()) {
std::cout << "The signup request for " << userName << " was successful."
<< std::endl;
}
else if (outcome.GetError().GetErrorType() ==
Aws::CognitoIdentityProvider::CognitoIdentityProviderErrors::USERNAME_EXISTS) {
std::cout
<< "The username already exists. Please enter a different username."
<< std::endl;
userExists = true;
}
else {
std::cerr << "Error with CognitoIdentityProvider::SignUpRequest. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[SignUp](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp)*中的。
------
#### [ CLI ]
**AWS CLI**
**注册用户**
此示例注册 jane@example.com。
命令:
```
aws cognito-idp sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username jane@example.com --password PASSWORD --user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane"
```
输出:
```
{
"UserConfirmed": false,
"UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862"
}
```
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[SignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/sign-up.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// SignUp signs up a user with Amazon Cognito.
func (actor CognitoActions) SignUp(ctx context.Context, clientId string, userName string, password string, userEmail string) (bool, error) {
confirmed := false
output, err := actor.CognitoClient.SignUp(ctx, &cognitoidentityprovider.SignUpInput{
ClientId: aws.String(clientId),
Password: aws.String(password),
Username: aws.String(userName),
UserAttributes: []types.AttributeType{
{Name: aws.String("email"), Value: aws.String(userEmail)},
},
})
if err != nil {
var invalidPassword *types.InvalidPasswordException
if errors.As(err, &invalidPassword) {
log.Println(*invalidPassword.Message)
} else {
log.Printf("Couldn't sign up user %v. Here's why: %v\n", userName, err)
}
} else {
confirmed = output.UserConfirmed
}
return confirmed, err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[SignUp](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.SignUp)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
public static void signUp(CognitoIdentityProviderClient identityProviderClient, String clientId, String userName,
String password, String email) {
AttributeType userAttrs = AttributeType.builder()
.name("email")
.value(email)
.build();
List userAttrsList = new ArrayList<>();
userAttrsList.add(userAttrs);
try {
SignUpRequest signUpRequest = SignUpRequest.builder()
.userAttributes(userAttrsList)
.username(userName)
.clientId(clientId)
.password(password)
.build();
identityProviderClient.signUp(signUpRequest);
System.out.println("User has been signed up ");
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[SignUp](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/SignUp)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const signUp = ({ clientId, username, password, email }) => {
const client = new CognitoIdentityProviderClient({});
const command = new SignUpCommand({
ClientId: clientId,
Username: username,
Password: password,
UserAttributes: [{ Name: "email", Value: email }],
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[SignUp](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/SignUpCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
suspend fun signUp(
clientIdVal: String?,
userNameVal: String?,
passwordVal: String?,
emailVal: String?,
) {
val userAttrs =
AttributeType {
name = "email"
value = emailVal
}
val userAttrsList = mutableListOf()
userAttrsList.add(userAttrs)
val signUpRequest =
SignUpRequest {
userAttributes = userAttrsList
username = userNameVal
clientId = clientIdVal
password = passwordVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
identityProviderClient.signUp(signUpRequest)
println("User has been signed up")
}
}
```
+ 有关 API 的详细信息,请参阅适用[SignUp](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def sign_up_user(self, user_name, password, user_email):
"""
Signs up a new user with Amazon Cognito. This action prompts Amazon Cognito
to send an email to the specified email address. The email contains a code that
can be used to confirm the user.
When the user already exists, the user status is checked to determine whether
the user has been confirmed.
:param user_name: The user name that identifies the new user.
:param password: The password for the new user.
:param user_email: The email address for the new user.
:return: True when the user is already confirmed with Amazon Cognito.
Otherwise, false.
"""
try:
kwargs = {
"ClientId": self.client_id,
"Username": user_name,
"Password": password,
"UserAttributes": [{"Name": "email", "Value": user_email}],
}
if self.client_secret is not None:
kwargs["SecretHash"] = self._secret_hash(user_name)
response = self.cognito_idp_client.sign_up(**kwargs)
confirmed = response["UserConfirmed"]
except ClientError as err:
if err.response["Error"]["Code"] == "UsernameExistsException":
response = self.cognito_idp_client.admin_get_user(
UserPoolId=self.user_pool_id, Username=user_name
)
logger.warning(
"User %s exists and is %s.", user_name, response["UserStatus"]
)
confirmed = response["UserStatus"] == "CONFIRMED"
else:
logger.error(
"Couldn't sign up %s. Here's why: %s: %s",
user_name,
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
return confirmed
```
+ 有关 API 的详细信息,请参阅适用[SignUp](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Create a new user in a user pool.
///
/// - Parameters:
/// - cipClient: The `CognitoIdentityProviderClient` to use.
/// - clientId: The ID of the app client to create a user for.
/// - userName: The username for the new user.
/// - password: The new user's password.
/// - email: The new user's email address.
///
/// - Returns: `true` if successful; otherwise `false`.
func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool {
let emailAttr = CognitoIdentityProviderClientTypes.AttributeType(
name: "email",
value: email
)
let userAttrsList = [emailAttr]
do {
_ = try await cipClient.signUp(
input: SignUpInput(
clientId: clientId,
password: password,
userAttributes: userAttrsList,
username: userName
)
)
print("=====> User \(userName) signed up.")
} catch _ as AWSCognitoIdentityProvider.UsernameExistsException {
print("*** The username \(userName) already exists. Please use a different one.")
return false
} catch let error as AWSCognitoIdentityProvider.InvalidPasswordException {
print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "").")
return false
} catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException {
print("*** Error: The specified client ID (\(clientId)) doesn't exist.")
return false
} catch {
print("*** Unexpected error: \(error)")
return false
}
return true
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[SignUp](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/signup(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `UpdateUserPool`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `UpdateUserPool`。
操作示例是大型程序的代码摘录,必须在上下文中运行。您可以在以下代码示例中查看此操作的上下文:
+ [使用 Lambda 函数自动确认已知用户](cognito-identity-provider_example_cross_CognitoAutoConfirmUser_section.md)
+ [使用 Lambda 函数自动迁移已知用户](cognito-identity-provider_example_cross_CognitoAutoMigrateUser_section.md)
+ [在完成 Amazon Cognito 用户身份验证后使用 Lambda 函数写入自定义活动数据](cognito-identity-provider_example_cross_CognitoCustomActivityLog_section.md)
------
#### [ CLI ]
**AWS CLI**
**更新用户池**
以下的 `update-user-pool` 示例使用每个可用配置选项的示例语法修改用户池。要更新用户池,必须指定所有先前配置的选项,否则这些选项将重置为默认值。
```
aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \
--policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \
--deletion-protection ACTIVE \
--lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \
--auto-verified-attributes "phone_number" "email" \
--verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \
--sms-authentication-message "Your code is {####}" \
--user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \
--mfa-configuration "OPTIONAL" \
--device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \
--email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \
--sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \
--admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \
--user-pool-add-ons AdvancedSecurityMode="AUDIT" \
--account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\]
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[更新用户池配置](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[UpdateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool.html)*中的。
------
#### [ Go ]
**适用于 Go 的 SDK V2**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/gov2/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import (
"context"
"errors"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
)
type CognitoActions struct {
CognitoClient *cognitoidentityprovider.Client
}
// Trigger and TriggerInfo define typed data for updating an Amazon Cognito trigger.
type Trigger int
const (
PreSignUp Trigger = iota
UserMigration
PostAuthentication
)
type TriggerInfo struct {
Trigger Trigger
HandlerArn *string
}
// UpdateTriggers adds or removes Lambda triggers for a user pool. When a trigger is specified with a `nil` value,
// it is removed from the user pool.
func (actor CognitoActions) UpdateTriggers(ctx context.Context, userPoolId string, triggers ...TriggerInfo) error {
output, err := actor.CognitoClient.DescribeUserPool(ctx, &cognitoidentityprovider.DescribeUserPoolInput{
UserPoolId: aws.String(userPoolId),
})
if err != nil {
log.Printf("Couldn't get info about user pool %v. Here's why: %v\n", userPoolId, err)
return err
}
lambdaConfig := output.UserPool.LambdaConfig
for _, trigger := range triggers {
switch trigger.Trigger {
case PreSignUp:
lambdaConfig.PreSignUp = trigger.HandlerArn
case UserMigration:
lambdaConfig.UserMigration = trigger.HandlerArn
case PostAuthentication:
lambdaConfig.PostAuthentication = trigger.HandlerArn
}
}
_, err = actor.CognitoClient.UpdateUserPool(ctx, &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(userPoolId),
LambdaConfig: lambdaConfig,
})
if err != nil {
log.Printf("Couldn't update user pool %v. Here's why: %v\n", userPoolId, err)
}
return err
}
```
+ 有关 API 的详细信息,请参阅 *适用于 Go 的 AWS SDK API 参考[UpdateUserPool](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider#Client.UpdateUserPool)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-pools-triggers#code-examples)中查找完整示例,了解如何进行设置和运行。
```
/**
* Connect a Lambda function to the PreSignUp trigger for a Cognito user pool
* @param {{ region: string, userPoolId: string, handlerArn: string }} config
* @returns {Promise<[import("@aws-sdk/client-cognito-identity-provider").UpdateUserPoolCommandOutput | null, unknown]>}
*/
export const addPreSignUpHandler = async ({
region,
userPoolId,
handlerArn,
}) => {
try {
const cognitoClient = new CognitoIdentityProviderClient({
region,
});
const command = new UpdateUserPoolCommand({
UserPoolId: userPoolId,
LambdaConfig: {
PreSignUp: handlerArn,
},
});
const response = await cognitoClient.send(command);
return [response, null];
} catch (err) {
return [null, err];
}
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[UpdateUserPool](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/UpdateUserPoolCommand)*中的。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。
# `VerifySoftwareToken`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `VerifySoftwareToken`。
操作示例是大型程序的代码摘录,必须在上下文中运行。在以下代码示例中,您可以查看此操作的上下文:
+ [向需要 MFA 的用户池注册用户](cognito-identity-provider_example_cognito-identity-provider_Scenario_SignUpUserWithMfa_section.md)
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
///
/// Verify the TOTP and register for MFA.
///
/// The name of the session.
/// The MFA code.
/// The status of the software token.
public async Task VerifySoftwareTokenAsync(string session, string code)
{
var tokenRequest = new VerifySoftwareTokenRequest
{
UserCode = code,
Session = session,
};
var verifyResponse = await _cognitoService.VerifySoftwareTokenAsync(tokenRequest);
return verifyResponse.Status;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[VerifySoftwareToken](https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken)*中的。
------
#### [ C\$1\$1 ]
**SDK for C\$1\$1**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
Aws::Client::ClientConfiguration clientConfig;
// Optional: Set to the AWS Region (overrides config file).
// clientConfig.region = "us-east-1";
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient client(clientConfig);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenRequest request;
request.SetUserCode(userCode);
request.SetSession(session);
Aws::CognitoIdentityProvider::Model::VerifySoftwareTokenOutcome outcome =
client.VerifySoftwareToken(request);
if (outcome.IsSuccess()) {
std::cout << "Verification of the code was successful."
<< std::endl;
session = outcome.GetResult().GetSession();
}
else {
std::cerr << "Error with CognitoIdentityProvider::VerifySoftwareToken. "
<< outcome.GetError().GetMessage()
<< std::endl;
return false;
}
```
+ 有关 API 的详细信息,请参阅 *适用于 C\$1\$1 的 AWS SDK API 参考[VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken)*中的。
------
#### [ CLI ]
**AWS CLI**
**确认 TOTP 身份验证器的注册**
以下 `verify-software-token` 示例完成了当前用户的 TOTP 注册。
```
aws cognito-idp verify-software-token \
--access-token eyJra456defEXAMPLE \
--user-code 123456
```
输出:
```
{
"Status": "SUCCESS"
}
```
有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[向用户池添加 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[VerifySoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-software-token.html)*中的。
------
#### [ Java ]
**适用于 Java 的 SDK 2.x**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Verify the TOTP and register for MFA.
public static void verifyTOTP(CognitoIdentityProviderClient identityProviderClient, String session, String code) {
try {
VerifySoftwareTokenRequest tokenRequest = VerifySoftwareTokenRequest.builder()
.userCode(code)
.session(session)
.build();
VerifySoftwareTokenResponse verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest);
System.out.println("The status of the token is " + verifyResponse.statusAsString());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
+ 有关 API 的详细信息,请参阅 *AWS SDK for Java 2.x API 参考[VerifySoftwareToken](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/VerifySoftwareToken)*中的。
------
#### [ JavaScript ]
**适用于 JavaScript (v3) 的软件开发工具包**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
const verifySoftwareToken = (totp) => {
const client = new CognitoIdentityProviderClient({});
// The 'Session' is provided in the response to 'AssociateSoftwareToken'.
const session = process.env.SESSION;
if (!session) {
throw new Error(
"Missing a valid Session. Did you run 'admin-initiate-auth'?",
);
}
const command = new VerifySoftwareTokenCommand({
Session: session,
UserCode: totp,
});
return client.send(command);
};
```
+ 有关 API 的详细信息,请参阅 *适用于 JavaScript 的 AWS SDK API 参考[VerifySoftwareToken](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cognito-identity-provider/command/VerifySoftwareTokenCommand)*中的。
------
#### [ Kotlin ]
**适用于 Kotlin 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
// Verify the TOTP and register for MFA.
suspend fun verifyTOTP(
sessionVal: String?,
codeVal: String?,
) {
val tokenRequest =
VerifySoftwareTokenRequest {
userCode = codeVal
session = sessionVal
}
CognitoIdentityProviderClient.fromEnvironment { region = "us-east-1" }.use { identityProviderClient ->
val verifyResponse = identityProviderClient.verifySoftwareToken(tokenRequest)
println("The status of the token is ${verifyResponse.status}")
}
}
```
+ 有关 API 的详细信息,请参阅适用[VerifySoftwareToken](https://sdk.amazonaws.com/kotlin/api/latest/index.html)于 K *otlin 的AWS SDK API 参考*。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/cognito#code-examples)中查找完整示例,了解如何进行设置和运行。
```
class CognitoIdentityProviderWrapper:
"""Encapsulates Amazon Cognito actions"""
def __init__(self, cognito_idp_client, user_pool_id, client_id, client_secret=None):
"""
:param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client.
:param user_pool_id: The ID of an existing Amazon Cognito user pool.
:param client_id: The ID of a client application registered with the user pool.
:param client_secret: The client secret, if the client has a secret.
"""
self.cognito_idp_client = cognito_idp_client
self.user_pool_id = user_pool_id
self.client_id = client_id
self.client_secret = client_secret
def verify_mfa(self, session, user_code):
"""
Verify a new MFA application that is associated with a user.
:param session: Session information returned from a previous call to initiate
authentication.
:param user_code: A code generated by the associated MFA application.
:return: Status that indicates whether the MFA application is verified.
"""
try:
response = self.cognito_idp_client.verify_software_token(
Session=session, UserCode=user_code
)
except ClientError as err:
logger.error(
"Couldn't verify MFA. Here's why: %s: %s",
err.response["Error"]["Code"],
err.response["Error"]["Message"],
)
raise
else:
response.pop("ResponseMetadata", None)
return response
```
+ 有关 API 的详细信息,请参阅适用[VerifySoftwareToken](https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/cgp#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
DATA(lo_result) = lo_cgp->verifysoftwaretoken(
iv_session = iv_session
iv_usercode = iv_user_code
).
ov_status = lo_result->get_status( ).
IF ov_status = 'SUCCESS'.
MESSAGE 'MFA token verified successfully.' TYPE 'I'.
ELSE.
MESSAGE |MFA verification status: { ov_status }.| TYPE 'I'.
ENDIF.
CATCH /aws1/cx_cgpcodemismatchex INTO DATA(lo_code_ex).
MESSAGE 'Invalid MFA code provided.' TYPE 'E'.
CATCH /aws1/cx_cgpenbsoftwaretokmf00 INTO DATA(lo_enabled_ex).
MESSAGE 'Software token MFA is already enabled.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[VerifySoftwareToken](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
#### [ Swift ]
**适用于 Swift 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/cognito-identity-provider#code-examples)中查找完整示例,了解如何进行设置和运行。
```
import AWSClientRuntime
import AWSCognitoIdentityProvider
/// Confirm that the user's TOTP authenticator is configured correctly by
/// sending a code to it to check that it matches successfully.
///
/// - Parameters:
/// - cipClient: The `CongnitoIdentityProviderClient` to use.
/// - session: An authentication session previously returned by an
/// `associateSoftwareToken()` call.
/// - mfaCode: The 6-digit code currently displayed by the user's
/// authenticator, as provided by the user.
func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async {
do {
let output = try await cipClient.verifySoftwareToken(
input: VerifySoftwareTokenInput(
session: session,
userCode: mfaCode
)
)
guard let tokenStatus = output.status else {
print("*** Unable to get the token's status.")
return
}
print("=====> The token's status is: \(tokenStatus)")
} catch _ as SoftwareTokenMFANotFoundException {
print("*** The specified user pool isn't configured for MFA.")
return
} catch _ as CodeMismatchException {
print("*** The specified MFA code doesn't match the expected value.")
return
} catch _ as UserNotFoundException {
print("*** The specified username doesn't exist.")
return
} catch _ as UserNotConfirmedException {
print("*** The user has not been confirmed.")
return
} catch {
print("*** Error verifying the MFA token!")
return
}
}
```
+ 有关 API 的详细信息,请参阅适用于 S *wift 的AWS SDK API 参考[VerifySoftwareToken](https://sdk.amazonaws.com/swift/api/awscognitoidentityprovider/latest/documentation/awscognitoidentityprovider/cognitoidentityproviderclient/verifysoftwaretoken(input:))*中。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[将此服务与 AWS SDK 配合使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。