By using AWS re:Post, you agree to the Terms of Use
Questions in Security Identity & Compliance
Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS Official Documentation is Incorrect

I'm following this guide https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pool-remembered-devices/ to set up remembered devices and I'm doing most things from scratch because there is no Ruby library like Warrant. First off, let me just say the PasswordVerifier formula in this doc is incorrect/lacks information (when calling ConfirmDevice). I had to look at js source code and warrant source code to reverse-engineer what it was actually looking for. ![errors](/media/postImages/original/IMz1dMMZs3T2Kfl-Vqzkgh_g) Next for, **Call RespondToAuthChallenge for DEVICE_PASSWORD_VERIFIER** it seems like the forumla given does not work at all. Is there any open source code The formula for S_USER = (SRP_B - k * g^(x))^(a + ux) does not seem to be using modular exponentiation and is returning a number so large, that my code isn't able to deal with it without some extra libraries. That does not seem like it's expected if all the other S values in open source code is using modular exponentiation. **Please provide some client-side code where this final formula for DEVICE_PASSWORD_VERIFIER actually works. There does not seem to be a working example anywhere, and it seems like AWS is just posting incorrect guides.** Edit: I'm looking at the code here to respond to device password verifier and it's completely different from what is described in the blog post: https://github.com/aws/aws-sdk-net-extensions-cognito/blob/e79202c2c622839e36e76659141b329c7a044251/src/Amazon.Extensions.CognitoAuthentication/Util/AuthenticationHelper.cs#L255
1
answers
0
votes
9
views
asked 5 hours ago

cognito verification link to validate users

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed link
0
answers
1
votes
35
views
asked 16 hours ago