This is almost a direct port of capless/warrant
All crypto functions are tested against equivalent values produced by warrant
The version of this package in the master
branch makes the assumption that it will be used directly with aws-sdk-go-v2
. Because of this it intentionally leaks types from the aws package as part of its public API. This has the advantage of reducing code (slightly), but carries the larger disadvantages of complicating dependencies.
It is recommended you use version 2 of this package located in the v2
branch, though for now both versions will be maintained.
Import v2 of this package with go get github.com/alexrudd/cognito-srp/v2
and update your imports and code accordingly.
package main
import (
"fmt"
"time"
"github.com/alexrudd/cognito-srp"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/endpoints"
"github.com/aws/aws-sdk-go-v2/aws/external"
cip "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
)
func main() {
// configure cognito srp
csrp, _ := cognitosrp.NewCognitoSRP("user", "pa55w0rd", "eu-west-1_myPoolId", "client", nil)
// configure cognito identity provider
cfg, _ := external.LoadDefaultAWSConfig()
cfg.Region = endpoints.EuWest1RegionID
cfg.Credentials = aws.AnonymousCredentials
svc := cip.New(cfg)
// initiate auth
req := svc.InitiateAuthRequest(&cip.InitiateAuthInput{
AuthFlow: cip.AuthFlowTypeUserSrpAuth,
ClientId: aws.String(csrp.GetClientId()),
AuthParameters: csrp.GetAuthParams(),
})
resp, _ := req.Send()
// respond to password verifier challenge
if resp.ChallengeName == cip.ChallengeNameTypePasswordVerifier {
challengeInput, _ := csrp.PasswordVerifierChallenge(resp.ChallengeParameters, time.Now())
chal := svc.RespondToAuthChallengeRequest(challengeInput)
resp, _ := chal.Send()
// print the tokens
fmt.Println(resp.AuthenticationResult)
} else {
// other challenges await...
}
}