black-bits / laravel-cognito-auth Goto Github PK

As of 10/08/2021, with Laravel 8.5.23, trying to run the composer require black-bits/laravel-cognito-auth command on a fresh Laravel installation returns a composer error due to unmet dependencies:

Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - aws/aws-sdk-php[3.61.0, ..., 3.69.10] require guzzlehttp/guzzle ^5.3.1|^6.2.1 -> found guzzlehttp/guzzle[5.3.1, ..., 5.3.x-dev, 6.2.1, ..., 6.5.x-dev] but it conflicts with your root composer.json require (^7.0.1).
    - aws/aws-sdk-php[3.69.11, ..., 3.130.3] require guzzlehttp/guzzle ^5.3.3|^6.2.1 -> found guzzlehttp/guzzle[5.3.3, 5.3.4, 5.3.x-dev, 6.2.1, ..., 6.5.x-dev] but it conflicts with your root composer.json require (^7.0.1).
    - aws/aws-sdk-php[3.131.0, ..., 3.173.19] require guzzlehttp/psr7 ^1.4.1 -> found guzzlehttp/psr7[1.4.1, ..., 1.x-dev] but the package is fixed to 2.0.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
    - aws/aws-sdk-php[3.173.20, ..., 3.188.1] require guzzlehttp/psr7 ^1.7.0 -> found guzzlehttp/psr7[1.7.0, ..., 1.x-dev] but the package is fixed to 2.0.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
    - black-bits/laravel-cognito-auth 0.1.14 requires aws/aws-sdk-php ^3.61 -> satisfiable by aws/aws-sdk-php[3.61.0, ..., 3.188.1].
    - Root composer.json requires black-bits/laravel-cognito-auth ^0.1.14 -> satisfiable by black-bits/laravel-cognito-auth[0.1.14].

Laravel requires "guzzlehttp/guzzle": "^7.0.1".

When running this library on an ECS or EC2 instance, the credentials are normally provided through the ec2 meta data and do not need to be set explicitly. However, it seems that this library does not support this: it needs an explicit KEY and SECRET and leaving it blank will result in invalid calls.

Removing the 'credentials' key in the $config in CognitoAuthServiceProvider works but breaks valid key/secret credentials.

Is there any reason why using adminInitiateAuth and not initiateAuth? Same for "ADMIN_NO_SRP_AUTH" instead of "USER_PASSWORD_AUTH"? Check here.

I work on Laravel 8, and I had follow instruction to set up this package on config/auth.php changed guard like this

'guards' => [
        'web' => [
            'driver' => 'cognito', //session
            'provider' => 'users',
        ],

also had fill config/cognito.php with constant at file .env with my own setup of Cognito User Pool

I create new route on routes/web.php like this :

use App\Http\Controllers\AuthenticateController;

Route::post('login',[AuthenticateController::class,'login'])->name('login');
Route::get('register',[AuthenticateController::class,'register'])->name('register');

on this file I also don't call Auth::routes() as usuall

and in controller AuthenticateController like this,

<?php
use BlackBits\LaravelCognitoAuth\Auth\AuthenticatesUsers;
use BlackBits\LaravelCognitoAuth\Auth\RegistersUsers;
use BlackBits\LaravelCognitoAuth\Auth\ResetsPasswords;

class AuthenticateController extends Controller
{
      use AuthenticatesUsers, RegistersUsers, ResetsPasswords;

    public function showLogin(){
        return view('auth.login');
    }
  
}

but when I test of route with command php artisan route:list has given error like this :

  Trait method guard has not been applied, because there are collisions with other trait methods on App\Http\Controllers\AuthenticateController

did I miss configuration?

I realise that this repo hasn't been updated much recently, however I'm a current user, and looking to allow login by users who have MFA enabled on their account.

Is anyone aware of whether this has been looked at / considered?

Any support for latest laravel?

Thanks!

When CognitoClient::authenticate() is called, it returns an Aws\Result object. This contains useful information, specifically Access Tokens (which for instance can be used to identify the user to an AWS Cognito Identity Pool).

    "AuthenticationResult" => array:5 [▼
      "AccessToken" => "eyJraWQiOiIybGV5NGlRUEdcLzRkRjZ3MUNSNVdFS0hnbkJDZ2NxYjJQazZXa0oxc2RmMD0iLCJhbGciOiJSUzI1NiJ9...."
      "ExpiresIn" => 3600
      "TokenType" => "Bearer"
      "RefreshToken" => "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.aLM8vBERuFjeX5I3yz_1-ghRxPFSyG..."
      "IdToken" => "eyJraWQiOiJmQkdXcldaY2Q4MWpNKzNqTFhsSVwvdlJiK2ZTUHI4azBJZzBwRnBFK0M5bz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2ZjV..."
    ]

I'm sure I'm not the only person who could use this (I notice #16 ).

Can you suggest the best way to extend CognitoGuard and CognitoClient to provide this data to a Laravel Controller without breaking the StatefulGuard::attempt() interface?

I'm happy to do the leg-work and send you a pull-request, just need suggestions for the best way to do this without breaking it for all package users.

In Laravel 7.x some things changed, for example some traits are not there anymore...

in RegistersUsers.php trait you use this old trait and it's not working..

namespace BlackBits\LaravelCognitoAuth\Auth;

use Illuminate\Http\Request;
use Illuminate\Auth\Events\Registered;
use BlackBits\LaravelCognitoAuth\CognitoClient;
use BlackBits\LaravelCognitoAuth\Exceptions\InvalidUserFieldException;
**use Illuminate\Foundation\Auth\RegistersUsers** as BaseSendsRegistersUsers;

result in:

Symfony\Component\ErrorHandler\Error\FatalError
4:25:10 PM
Trait 'Illuminate\Foundation\Auth\RegistersUsers' not found
/var/task/vendor/black-bits/laravel-cognito-auth/src/Auth/RegistersUsers.php:11

php artisan --version
Laravel Framework 5.8.15

laravel new cognitoTest
…
composer require black-bits/laravel-cognito-auth
…
Your requirements could not be resolved to an installable set of packages.

Problem 1
- Installation request for black-bits/laravel-cognito-auth ^0.1.5 -> satisfiable by black-bits/laravel-cognito-auth[0.1.5].
- Conclusion: remove laravel/framework v5.8.15
- Conclusion: don't install laravel/framework v5.8.15
- black-bits/laravel-cognito-auth 0.1.5 requires illuminate/http 5.1.|5.2.|5.3.|5.4.|5.5.|5.6.|5.7.* -> satisfiable by illuminate/http[5.1.x-dev, 5.2.x-dev, 5.3.x-dev, 5.4.x-dev, 5.5.x-dev, 5.6.x-dev, 5.7.17, 5.7.18, 5.7.19, 5.7.x-dev, v5.1.1, v5.1.13, v5.1.16, v5.1.2, v5.1.20, v5.1.22, v5.1.25, v5.1.28, v5.1.30, v5.1.31, v5.1.41, v5.1.6, v5.1.8, v5.2.0, v5.2.19, v5.2.21, v5.2.24, v5.2.25, v5.2.26, v5.2.27, v5.2.28, v5.2.31, v5.2.32, v5.2.37, v5.2.43, v5.2.45, v5.2.6, v5.2.7, v5.3.0, v5.3.16, v5.3.23, v5.3.4, v5.4.0, v5.4.13, v5.4.17, v5.4.19, v5.4.27, v5.4.36, v5.4.9, v5.5.0, v5.5.16, v5.5.17, v5.5.2, v5.5.28, v5.5.33, v5.5.34, v5.5.35, v5.5.36, v5.5.37, v5.5.39, v5.5.40, v5.5.41, v5.5.43, v5.5.44, v5.6.0, v5.6.1, v5.6.10, v5.6.11, v5.6.12, v5.6.13, v5.6.14, v5.6.15, v5.6.16, v5.6.17, v5.6.19, v5.6.2, v5.6.20, v5.6.21, v5.6.22, v5.6.23, v5.6.24, v5.6.25, v5.6.26, v5.6.27, v5.6.28, v5.6.29, v5.6.3, v5.6.30, v5.6.31, v5.6.32, v5.6.33, v5.6.34, v5.6.35, v5.6.36, v5.6.37, v5.6.38, v5.6.39, v5.6.4, v5.6.5, v5.6.6, v5.6.7, v5.6.8, v5.6.9, v5.7.0, v5.7.1, v5.7.10, v5.7.11, v5.7.15, v5.7.2, v5.7.20, v5.7.21, v5.7.22, v5.7.23, v5.7.26, v5.7.27, v5.7.28, v5.7.3, v5.7.4, v5.7.5, v5.7.6, v5.7.7, v5.7.8, v5.7.9].

Is there a way currently to send to cognito a remember device request? Since cognito can be used to login to multiple devices I wanted to see if it was possible here allow device remembering here. Also I think remembering devices may be a no go 🙅‍♂️ using non mobile languages because of API restrictions but I also wanted to ask about MFA support I know for sure there are API points for that but not sure if this package includes support for that too.

My application use the phone number and e-mail as the login account at the same time.

How can I control which one is my username?

Is the package ready to work with Laravel 7?

We are making an AWS app using laravel and we are thinking of using amazon cognito for user authentication.
It is wonderful this package is available (although in beta).

However I have one question maybe stupid..
Can this be used while developing localy on my local computer or does it need tofunction only inside EC2 or beanstalk? I mean while my app is in dev and it doesnt have a public url yet.

whats configuration needs to apply cognito on api routes

Line 104 causes registration by phone to break (since it copies a phone number to an user attribute that is validate as email, invalid email error is thrown). That copy of email to attribute is already done by AWS when the login is setup to use email. Same happens to when it's set to phone_number, it's automatically replicated so that line has no use other than cause a bug.

Also the whole CognitoClient could rename email to username as it would make more sense: you can use email or phone as username. :-)

I start using AWS Cognito for user management with laravel.
Is there example implementation laravel using this package ? Or sample functional for Login and register

Hello! I have an issue with the client secret ! Now my application is configured so as not to use a aws client secret, is it possible to add a check to this field and only in case this AWS_COGNITO_CLIENT_SECRET exists, add this parameter to the aws client query ?

Any support for latest laravel?

Thanks!

The method \BlackBits\LaravelCognitoAuth\CognitoClient::inviteUser uses Str::random(40) to generate a temporary password.
This generation is too simple and incompatible with the possible "require special character" setting.
Please remove the line (204) from the file to fix this issue.

Hi,
Can I get access token of cognito (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html) for each user after login or signup to use it later?

Thanks

Hello, I am having issue with the follow: I already set the SSO to true, but the behaviour its not as expected.

Expected behaviour was that once the SSO is set to true, once I login in app A, if I visit app B, to be already logged in, or to at least be automatically logged in once I press log in.

Current behaviour is that I need to re-enter the same credentials in app B, that I just entered in app A.

Is there any other setup that I must do? or is this not a feature yet?

Thanks

Hi

I try to create a new IAM Role with the following Access Rights:

AmazonCognitoDeveloperAuthenticatedIdentities
AmazonCognitoPowerUser
AmazonESCognitoAccess

But I cannot fetch the AWS_COGNITO_KEY and AWS_COGNITO_SECRET?

Please help me understand it

Thanks.

I also have another question

Where to add following files/traits >>>>>
Can you please give me sample example where should I include it. Thanks

Our package is providing you 5 traits you can just add to your Auth Controllers to get our package running.

BlackBits\LaravelCognitoAuth\Auth\AuthenticatesUsers
BlackBits\LaravelCognitoAuth\Auth\RegistersUsers
BlackBits\LaravelCognitoAuth\Auth\ResetsPasswords
BlackBits\LaravelCognitoAuth\Auth\SendsPasswordResetEmails
BlackBits\LaravelCognitoAuth\Auth\VerifiesEmails

Thank you

Usually when user register, they receive confirmation email. But sometimes due to unknown reason they may not receive email. In that case they are unable to login because the account isn't yet activated. So, how do I resend the confirmation email again.

Because the Service Provider defines this:

// $this->loadRoutesFrom(DIR.'/routes.php');
// $this->loadViewsFrom(DIR.'/Resources/views', 'black-bits/laravel-cognito-auth');
// $this->loadTranslationsFrom(DIR.'/Resources/lang', 'black-bits/laravel-cognito-auth');

I had no longer could run php artisan route:list without having a fatal error:

root@3adc9221d37d:/var/www/html# php artisan route:list

Illuminate\Contracts\Container\BindingResolutionException : Target class [App\Http\Controllers\Auth\VerificationController] does not exist.

at /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php:805
801|
802| try {
803| $reflector = new ReflectionClass($concrete);
804| } catch (ReflectionException $e) {

805| throw new BindingResolutionException("Target class [$concrete] does not exist.", 0, $e);
806| }
807|
808| // If the type is not instantiable, the developer is attempting to resolve
809| // an abstract type such as an Interface or Abstract Class and there is

Exception trace:

1 Illuminate\Foundation\Console\RouteListCommand::Illuminate\Foundation\Console{closure}()
[internal]:0

2 ReflectionException::("Class App\Http\Controllers\Auth\VerificationController does not exist")