Password verification in a CUSTOM_AUTH flow, do you need to handle SRP yourself?

If I want to verify a username and password, AND go through the custom auth flow, would I need to implement SRP myself? i.e. generate SRP_A and calculate PASSWORD_CLAIM_SIGNATURE

Is there no way to bypass these SRP calculations / Is there no function to do these calculations for me?

主題

安全性、身分識別與合規

標籤

Amazon Cognito

語言

English

SimonM

已提問 2 年前檢視次數 222 次

1 個回答

最新
最多得票
最多評論

這些答案是否有幫助？支持正確答案，以幫助社區從您的知識中受益。

Hi,

It's possible to use the SRP flow if you use it before dropping into the custom challenges. This blog shows the process specifically with Duo but you could replace the custom challenges with your own.

Thanks, Owen

Owen

已回答 2 年前

SimonM
2 年前
Oh, I'm trying to avoid SRP. I want to validate the users password/credentials and go through the CUSTOM_AUTH flow, but I don't want to have to work out SRP_A and PASSWORD_CLAIM_SIGNATURE

So far it seems like SRP_A and PASSWORD_CLAIM_SIGNATURE are unavoidable if I want to validate username and passwords with CUSTOM_AUTH flow

Password verification in a CUSTOM_AUTH flow, do you need to handle SRP yourself?

相關內容