Password verification in a CUSTOM_AUTH flow, do you need to handle SRP yourself?
0
If I want to verify a username and password, AND go through the custom auth flow, would I need to implement SRP myself? i.e. generate SRP_A and calculate PASSWORD_CLAIM_SIGNATURE
Is there no way to bypass these SRP calculations / Is there no function to do these calculations for me?
Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.
0
Hi,
It's possible to use the SRP flow if you use it before dropping into the custom challenges. This blog shows the process specifically with Duo but you could replace the custom challenges with your own.
Oh, I'm trying to avoid SRP. I want to validate the users password/credentials and go through the CUSTOM_AUTH flow, but I don't want to have to work out SRP_A and PASSWORD_CLAIM_SIGNATURE
So far it seems like SRP_A and PASSWORD_CLAIM_SIGNATURE are unavoidable if I want to validate username and passwords with CUSTOM_AUTH flow
AWS OFFICIALUpdated a year ago
Oh, I'm trying to avoid SRP. I want to validate the users password/credentials and go through the CUSTOM_AUTH flow, but I don't want to have to work out SRP_A and PASSWORD_CLAIM_SIGNATURE
So far it seems like SRP_A and PASSWORD_CLAIM_SIGNATURE are unavoidable if I want to validate username and passwords with CUSTOM_AUTH flow