Amazon web services 当我选择USER_SRP_AUTH作为身份验证流类型时,为什么AWS Amplify会尝试使用CUSTOM_AUTH进行身份验证?
我有一个托管在AWSS3上的web应用程序,它允许用户使用AWS Cognito进行身份验证 用户池在AWS CDK(1.70.0)中使用以下配置:Amazon web services 当我选择USER_SRP_AUTH作为身份验证流类型时,为什么AWS Amplify会尝试使用CUSTOM_AUTH进行身份验证?,amazon-web-services,amazon-cognito,aws-amplify,aws-cdk,amplifyjs,Amazon Web Services,Amazon Cognito,Aws Amplify,Aws Cdk,Amplifyjs,我有一个托管在AWSS3上的web应用程序,它允许用户使用AWS Cognito进行身份验证 用户池在AWS CDK(1.70.0)中使用以下配置: const userPool = new cognito.UserPool(this, "user-pool", { enableSmsRole: false, mfa: cognito.Mfa.OFF, signInAliases: { email: true }, stan
const userPool = new cognito.UserPool(this, "user-pool", {
enableSmsRole: false,
mfa: cognito.Mfa.OFF,
signInAliases: {
email: true
},
standardAttributes: {
email: { mutable: true, required: true }
},
userPoolName: "user-pool"
});
const client = userPool.addClient("user-pool-client", {
preventUserExistenceErrors: true,
authFlows: {
userSrp: true
},
oAuth: {
flows: {
implicitCodeGrant: true,
},
scopes: [cognito.OAuthScope.OPENID, cognito.OAuthScope.EMAIL]
}
});
Amplify.configure({
Auth: {
authenticationFlowType: 'USER_SRP_AUTH',
mandatorySignIn: true,
region: "eu-west-1",
userPoolId: "XXXXXXXXXXXXX",
userPoolWebClientId: "XXXXXXXXXXXXX",
oauth: {
domain: "somedomain.auth.eu-west-1.amazoncognito.com",
redirectSignIn: ["https://abc123.cloudfront.net", "localhost:8080"],
redirectSignOut: "",
responseType: "token",
scope: ["email"]
},
},
});
AWS Amplify配置有以下各项:
const userPool = new cognito.UserPool(this, "user-pool", {
enableSmsRole: false,
mfa: cognito.Mfa.OFF,
signInAliases: {
email: true
},
standardAttributes: {
email: { mutable: true, required: true }
},
userPoolName: "user-pool"
});
const client = userPool.addClient("user-pool-client", {
preventUserExistenceErrors: true,
authFlows: {
userSrp: true
},
oAuth: {
flows: {
implicitCodeGrant: true,
},
scopes: [cognito.OAuthScope.OPENID, cognito.OAuthScope.EMAIL]
}
});
Amplify.configure({
Auth: {
authenticationFlowType: 'USER_SRP_AUTH',
mandatorySignIn: true,
region: "eu-west-1",
userPoolId: "XXXXXXXXXXXXX",
userPoolWebClientId: "XXXXXXXXXXXXX",
oauth: {
domain: "somedomain.auth.eu-west-1.amazoncognito.com",
redirectSignIn: ["https://abc123.cloudfront.net", "localhost:8080"],
redirectSignOut: "",
responseType: "token",
scope: ["email"]
},
},
});
然而,当我尝试使用Auth.sign(电子邮件、密码)登录时代码>,发送到cognito idp的请求负载为
{
"AuthFlow":"CUSTOM_AUTH",
"ClientId":"XXXXXXXXXXX",
"AuthParameters":{"USERNAME":"user@test.com"},
"ClientMetadata":{}
}
并且我收到错误客户机未启用自定义身份验证
我缺少一些配置吗?我很困惑为什么Amplify会尝试使用自定义身份验证,尽管我在配置中明确说明了用户身份验证。已解决。
答案很简单,使用Auth.federatedSignIn()
而不是Auth.signIn()
。没有特别清楚的错误消息或文档。我会把这个留在这里,以防其他人也有同样的问题