En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Password verification in a CUSTOM_AUTH flow, do you need to handle SRP yourself?

0

If I want to verify a username and password, AND go through the custom auth flow, would I need to implement SRP myself? i.e. generate SRP_A and calculate PASSWORD_CLAIM_SIGNATURE

Is there no way to bypass these SRP calculations / Is there no function to do these calculations for me?

Sujets
Sécurité, identité et conformité
Balises
Amazon Cognito
Langue
English
SimonM
demandé il y a 2 ans222 vues
1 réponse
0

Hi,

It's possible to use the SRP flow if you use it before dropping into the custom challenges. This blog shows the process specifically with Duo but you could replace the custom challenges with your own.

Thanks, Owen

AWS
Owen
répondu il y a 2 ans
  • SimonM
    il y a 2 ans

    Oh, I'm trying to avoid SRP. I want to validate the users password/credentials and go through the CUSTOM_AUTH flow, but I don't want to have to work out SRP_A and PASSWORD_CLAIM_SIGNATURE

    So far it seems like SRP_A and PASSWORD_CLAIM_SIGNATURE are unavoidable if I want to validate username and passwords with CUSTOM_AUTH flow

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents