Doc AWS SDK 예제 GitHub 리포지토리에서 더 많은 SDK 예제를 사용할 수 있습니다. AWS
기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
SDK for Swift를 사용한 Amazon Cognito 자격 증명 공급자 예제
다음 코드 예제에서는 Amazon Cognito 자격 증명 공급자와 함께 AWS SDK for Swift를 사용하여 작업을 수행하고 일반적인 시나리오를 구현하는 방법을 보여줍니다.
작업은 대규모 프로그램에서 발췌한 코드이며 컨텍스트에 맞춰 실행해야 합니다. 작업은 관련 시나리오의 컨텍스트에 따라 표시되며, 개별 서비스 함수를 직접적으로 호출하는 방법을 보여줍니다.
시나리오는 동일한 서비스 내에서 또는 다른 AWS 서비스와 결합된 상태에서 여러 함수를 호출하여 특정 태스크를 수행하는 방법을 보여주는 코드 예제입니다.
각 예시에는 전체 소스 코드에 대한 링크가 포함되어 있으며, 여기에서 컨텍스트에 맞춰 코드를 설정하고 실행하는 방법에 대한 지침을 찾을 수 있습니다.
작업
다음 코드 예시는 AdminGetUser의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Get information about a specific user in a user pool. /// /// - Parameters: /// - cipClient: The Amazon Cognito Identity Provider client to use. /// - userName: The user to retrieve information about. /// - userPoolId: The user pool to search for the specified user. /// /// - Returns: `true` if the user's information was successfully /// retrieved. Otherwise returns `false`. func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String, userPoolId: String) async -> Bool { do { let output = try await cipClient.adminGetUser( input: AdminGetUserInput( userPoolId: userPoolId, username: userName ) ) guard let userStatus = output.userStatus else { print("*** Unable to get the user's status.") return false } print("User status: \(userStatus)") return true } catch { return false } }-
API 세부 정보는 SDK for Swift API 참조의 AdminGetUser
를 참조하세요. AWS
-
다음 코드 예시는 AdminInitiateAuth의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Begin an authentication session. /// /// - Parameters: /// - cipClient: The `CongitoIdentityProviderClient` to use. /// - clientId: The app client ID to use. /// - userName: The username to check. /// - password: The user's password. /// - userPoolId: The user pool to use. /// /// - Returns: The session token associated with this authentication /// session. func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, userPoolId: String) async -> String? { var authParams: [String: String] = [:] authParams["USERNAME"] = userName authParams["PASSWORD"] = password do { let output = try await cipClient.adminInitiateAuth( input: AdminInitiateAuthInput( authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth, authParameters: authParams, clientId: clientId, userPoolId: userPoolId ) ) guard let challengeName = output.challengeName else { print("*** Invalid response from the auth service.") return nil } print("=====> Response challenge is \(challengeName)") return output.session } catch _ as UserNotFoundException { print("*** The specified username, \(userName), doesn't exist.") return nil } catch _ as UserNotConfirmedException { print("*** The user \(userName) has not been confirmed.") return nil } catch { print("*** An unexpected error occurred.") return nil } }-
API 세부 정보는 SDK for Swift API 참조의 AdminInitiateAuth
를 참조하세요. AWS
-
다음 코드 예시는 AdminRespondToAuthChallenge의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Respond to the authentication challenge received from Cognito after /// initiating an authentication session. This involves sending a current /// MFA code to the service. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - userName: The user's username. /// - clientId: The app client ID. /// - userPoolId: The user pool to sign into. /// - mfaCode: The 6-digit MFA code currently displayed by the user's /// authenticator. /// - session: The authentication session to continue processing. func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String, clientId: String, userPoolId: String, mfaCode: String, session: String) async { print("=====> SOFTWARE_TOKEN_MFA challenge is generated...") var challengeResponsesOb: [String: String] = [:] challengeResponsesOb["USERNAME"] = userName challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode do { let output = try await cipClient.adminRespondToAuthChallenge( input: AdminRespondToAuthChallengeInput( challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa, challengeResponses: challengeResponsesOb, clientId: clientId, session: session, userPoolId: userPoolId ) ) guard let authenticationResult = output.authenticationResult else { print("*** Unable to get authentication result.") return } print("=====> Authentication result (JWTs are redacted):") print(authenticationResult) } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return } catch _ as CodeMismatchException { print("*** The specified MFA code doesn't match the expected value.") return } catch _ as UserNotFoundException { print("*** The specified username, \(userName), doesn't exist.") return } catch _ as UserNotConfirmedException { print("*** The user \(userName) has not been confirmed.") return } catch let error as NotAuthorizedException { print("*** Unauthorized access. Reason: \(error.properties.message ?? "<unknown>")") } catch { print("*** Error responding to the MFA challenge.") return } }-
API 세부 정보는 SDK for Swift API 참조의 AdminRespondToAuthChallenge
를 참조하세요. AWS
-
다음 코드 예시는 AssociateSoftwareToken의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Request and display an MFA secret token that the user should enter /// into their authenticator to set it up for the user account. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - authSession: The authentication session to request an MFA secret /// for. /// /// - Returns: A string containing the MFA secret token that should be /// entered into the authenticator software. func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? { do { let output = try await cipClient.associateSoftwareToken( input: AssociateSoftwareTokenInput( session: authSession ) ) guard let secretCode = output.secretCode else { print("*** Unable to get the secret code") return nil } print("=====> Enter this token into Google Authenticator: \(secretCode)") return output.session } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return nil } catch { print("*** An unexpected error occurred getting the secret for the app's MFA.") return nil } }-
API 세부 정보는 SDK for Swift API 참조의 AssociateSoftwareToken
을 참조하세요. AWS
-
다음 코드 예시는 ConfirmSignUp의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Submit a confirmation code for the specified user. This is the code as /// entered by the user after they've received it by email or text /// message. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The app client ID the user is signing up for. /// - userName: The username of the user whose code is being sent. /// - code: The user's confirmation code. /// /// - Returns: `true` if the code was successfully confirmed; otherwise `false`. func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, code: String) async -> Bool { do { _ = try await cipClient.confirmSignUp( input: ConfirmSignUpInput( clientId: clientId, confirmationCode: code, username: userName ) ) print("=====> \(userName) has been confirmed.") return true } catch { print("=====> \(userName)'s code was entered incorrectly.") return false } }-
API 세부 정보는 AWS SDK for Swift API 참조의 ConfirmSignUp
을 참조하세요.
-
다음 코드 예시는 ResendConfirmationCode의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Requests a new confirmation code be sent to the given user's contact /// method. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The application client ID. /// - userName: The user to resend a code for. /// /// - Returns: `true` if a new code was sent successfully, otherwise /// `false`. func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String) async -> Bool { do { let output = try await cipClient.resendConfirmationCode( input: ResendConfirmationCodeInput( clientId: clientId, username: userName ) ) guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else { print("*** Unable to get the delivery method for the resent code.") return false } print("=====> A new code has been sent by \(deliveryMedium)") return true } catch { print("*** Unable to resend the confirmation code to user \(userName).") return false } }-
API 세부 정보는 SDK for Swift API 참조의 ResendConfirmationCode
를 참조하세요. AWS
-
다음 코드 예시는 SignUp의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Create a new user in a user pool. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The ID of the app client to create a user for. /// - userName: The username for the new user. /// - password: The new user's password. /// - email: The new user's email address. /// /// - Returns: `true` if successful; otherwise `false`. func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool { let emailAttr = CognitoIdentityProviderClientTypes.AttributeType( name: "email", value: email ) let userAttrsList = [emailAttr] do { _ = try await cipClient.signUp( input: SignUpInput( clientId: clientId, password: password, userAttributes: userAttrsList, username: userName ) ) print("=====> User \(userName) signed up.") } catch _ as AWSCognitoIdentityProvider.UsernameExistsException { print("*** The username \(userName) already exists. Please use a different one.") return false } catch let error as AWSCognitoIdentityProvider.InvalidPasswordException { print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "<none available>").") return false } catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException { print("*** Error: The specified client ID (\(clientId)) doesn't exist.") return false } catch { print("*** Unexpected error: \(error)") return false } return true }-
API 세부 정보는 AWS SDK for Swift API 참조의 SignUp
을 참조하세요.
-
다음 코드 예시는 VerifySoftwareToken의 사용 방법을 보여 줍니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. import AWSCognitoIdentityProvider /// Confirm that the user's TOTP authenticator is configured correctly by /// sending a code to it to check that it matches successfully. /// /// - Parameters: /// - cipClient: The `CongnitoIdentityProviderClient` to use. /// - session: An authentication session previously returned by an /// `associateSoftwareToken()` call. /// - mfaCode: The 6-digit code currently displayed by the user's /// authenticator, as provided by the user. func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async { do { let output = try await cipClient.verifySoftwareToken( input: VerifySoftwareTokenInput( session: session, userCode: mfaCode ) ) guard let tokenStatus = output.status else { print("*** Unable to get the token's status.") return } print("=====> The token's status is: \(tokenStatus)") } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return } catch _ as CodeMismatchException { print("*** The specified MFA code doesn't match the expected value.") return } catch _ as UserNotFoundException { print("*** The specified username doesn't exist.") return } catch _ as UserNotConfirmedException { print("*** The user has not been confirmed.") return } catch { print("*** Error verifying the MFA token!") return } }-
API 세부 정보는 SDK for Swift API 참조의 VerifySoftwareToken
을 참조하세요. AWS
-
시나리오
다음 코드 예제에서는 다음과 같은 작업을 수행하는 방법을 보여줍니다.
사용자 이름, 암호 및 이메일 주소로 사용자를 가입시키고 확인합니다.
MFA 애플리케이션을 사용자와 연결하여 다중 인증을 설정합니다.
암호와 MFA 코드를 사용하여 로그인합니다.
- SDK for Swift
-
참고
GitHub에 더 많은 내용이 있습니다. AWS 코드 예 리포지토리
에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요. Package.swift파일입니다.// swift-tools-version: 5.9 // // The swift-tools-version declares the minimum version of Swift required to // build this package. import PackageDescription let package = Package( name: "http-config", // Let Xcode know the minimum Apple platforms supported. platforms: [ .macOS(.v13), .iOS(.v15) ], dependencies: [ // Dependencies declare other packages that this package depends on. .package( url: "https://github.com/awslabs/aws-sdk-swift", from: "1.0.0"), .package( url: "https://github.com/apple/swift-argument-parser.git", branch: "main" ) ], targets: [ // Targets are the basic building blocks of a package, defining a module or a test suite. // Targets can depend on other targets in this package and products // from dependencies. .executableTarget( name: "cognito-scenario", dependencies: [ .product(name: "AWSS3", package: "aws-sdk-swift"), .product(name: "ArgumentParser", package: "swift-argument-parser") ], path: "Sources") ] )Swift 코드 파일입니다.
// An example demonstrating various features of Amazon Cognito. Before running // this Swift code example, set up your development environment, including // your credentials. // // For more information, see the following documentation: // https://docs.aws.amazon.com/sdk-for-kotlin/latest/developer-guide/setup.html // // TIP: To set up the required user pool, run the AWS Cloud Development Kit // (AWS CDK) script provided in this GitHub repo at // resources/cdk/cognito_scenario_user_pool_with_mfa. // // This example performs the following functions: // // 1. Invokes the signUp method to sign up a user. // 2. Invokes the adminGetUser method to get the user's confirmation status. // 3. Invokes the ResendConfirmationCode method if the user requested another // code. // 4. Invokes the confirmSignUp method. // 5. Invokes the initiateAuth to sign in. This results in being prompted to // set up TOTP (time-based one-time password). (The response is // “ChallengeName”: “MFA_SETUP”). // 6. Invokes the AssociateSoftwareToken method to generate a TOTP MFA private // key. This can be used with Google Authenticator. // 7. Invokes the VerifySoftwareToken method to verify the TOTP and register // for MFA. // 8. Invokes the AdminInitiateAuth to sign in again. This results in being // prompted to submit a TOTP (Response: “ChallengeName”: // “SOFTWARE_TOKEN_MFA”). // 9. Invokes the AdminRespondToAuthChallenge to get back a token. import ArgumentParser import AWSClientRuntime import Foundation import AWSCognitoIdentityProvider struct ExampleCommand: ParsableCommand { @Argument(help: "The application clientId.") var clientId: String @Argument(help: "The user pool ID to use.") var poolId: String @Option(help: "Name of the Amazon Region to use") var region = "us-east-1" static var configuration = CommandConfiguration( commandName: "cognito-scenario", abstract: """ Demonstrates various features of Amazon Cognito. """, discussion: """ """ ) /// Prompt for an input string of at least a minimum length. /// /// - Parameters: /// - prompt: The prompt string to display. /// - minLength: The minimum number of characters to allow in the /// response. Default value is 0. /// /// - Returns: The entered string. func stringRequest(_ prompt: String, minLength: Int = 1) -> String { while true { print(prompt, terminator: "") let str = readLine() guard let str else { continue } if str.count >= minLength { return str } else { print("*** Response must be at least \(minLength) character(s) long.") } } } /// Ask a yes/no question. /// /// - Parameter prompt: A prompt string to print. /// /// - Returns: `true` if the user answered "Y", otherwise `false`. func yesNoRequest(_ prompt: String) -> Bool { while true { let answer = stringRequest(prompt).lowercased() if answer == "y" || answer == "n" { return answer == "y" } } } /// Get information about a specific user in a user pool. /// /// - Parameters: /// - cipClient: The Amazon Cognito Identity Provider client to use. /// - userName: The user to retrieve information about. /// - userPoolId: The user pool to search for the specified user. /// /// - Returns: `true` if the user's information was successfully /// retrieved. Otherwise returns `false`. func adminGetUser(cipClient: CognitoIdentityProviderClient, userName: String, userPoolId: String) async -> Bool { do { let output = try await cipClient.adminGetUser( input: AdminGetUserInput( userPoolId: userPoolId, username: userName ) ) guard let userStatus = output.userStatus else { print("*** Unable to get the user's status.") return false } print("User status: \(userStatus)") return true } catch { return false } } /// Create a new user in a user pool. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The ID of the app client to create a user for. /// - userName: The username for the new user. /// - password: The new user's password. /// - email: The new user's email address. /// /// - Returns: `true` if successful; otherwise `false`. func signUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, email: String) async -> Bool { let emailAttr = CognitoIdentityProviderClientTypes.AttributeType( name: "email", value: email ) let userAttrsList = [emailAttr] do { _ = try await cipClient.signUp( input: SignUpInput( clientId: clientId, password: password, userAttributes: userAttrsList, username: userName ) ) print("=====> User \(userName) signed up.") } catch _ as AWSCognitoIdentityProvider.UsernameExistsException { print("*** The username \(userName) already exists. Please use a different one.") return false } catch let error as AWSCognitoIdentityProvider.InvalidPasswordException { print("*** Error: The specified password is invalid. Reason: \(error.properties.message ?? "<none available>").") return false } catch _ as AWSCognitoIdentityProvider.ResourceNotFoundException { print("*** Error: The specified client ID (\(clientId)) doesn't exist.") return false } catch { print("*** Unexpected error: \(error)") return false } return true } /// Requests a new confirmation code be sent to the given user's contact /// method. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The application client ID. /// - userName: The user to resend a code for. /// /// - Returns: `true` if a new code was sent successfully, otherwise /// `false`. func resendConfirmationCode(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String) async -> Bool { do { let output = try await cipClient.resendConfirmationCode( input: ResendConfirmationCodeInput( clientId: clientId, username: userName ) ) guard let deliveryMedium = output.codeDeliveryDetails?.deliveryMedium else { print("*** Unable to get the delivery method for the resent code.") return false } print("=====> A new code has been sent by \(deliveryMedium)") return true } catch { print("*** Unable to resend the confirmation code to user \(userName).") return false } } /// Submit a confirmation code for the specified user. This is the code as /// entered by the user after they've received it by email or text /// message. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - clientId: The app client ID the user is signing up for. /// - userName: The username of the user whose code is being sent. /// - code: The user's confirmation code. /// /// - Returns: `true` if the code was successfully confirmed; otherwise `false`. func confirmSignUp(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, code: String) async -> Bool { do { _ = try await cipClient.confirmSignUp( input: ConfirmSignUpInput( clientId: clientId, confirmationCode: code, username: userName ) ) print("=====> \(userName) has been confirmed.") return true } catch { print("=====> \(userName)'s code was entered incorrectly.") return false } } /// Begin an authentication session. /// /// - Parameters: /// - cipClient: The `CongitoIdentityProviderClient` to use. /// - clientId: The app client ID to use. /// - userName: The username to check. /// - password: The user's password. /// - userPoolId: The user pool to use. /// /// - Returns: The session token associated with this authentication /// session. func initiateAuth(cipClient: CognitoIdentityProviderClient, clientId: String, userName: String, password: String, userPoolId: String) async -> String? { var authParams: [String: String] = [:] authParams["USERNAME"] = userName authParams["PASSWORD"] = password do { let output = try await cipClient.adminInitiateAuth( input: AdminInitiateAuthInput( authFlow: CognitoIdentityProviderClientTypes.AuthFlowType.adminUserPasswordAuth, authParameters: authParams, clientId: clientId, userPoolId: userPoolId ) ) guard let challengeName = output.challengeName else { print("*** Invalid response from the auth service.") return nil } print("=====> Response challenge is \(challengeName)") return output.session } catch _ as UserNotFoundException { print("*** The specified username, \(userName), doesn't exist.") return nil } catch _ as UserNotConfirmedException { print("*** The user \(userName) has not been confirmed.") return nil } catch { print("*** An unexpected error occurred.") return nil } } /// Request and display an MFA secret token that the user should enter /// into their authenticator to set it up for the user account. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - authSession: The authentication session to request an MFA secret /// for. /// /// - Returns: A string containing the MFA secret token that should be /// entered into the authenticator software. func getSecretForAppMFA(cipClient: CognitoIdentityProviderClient, authSession: String?) async -> String? { do { let output = try await cipClient.associateSoftwareToken( input: AssociateSoftwareTokenInput( session: authSession ) ) guard let secretCode = output.secretCode else { print("*** Unable to get the secret code") return nil } print("=====> Enter this token into Google Authenticator: \(secretCode)") return output.session } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return nil } catch { print("*** An unexpected error occurred getting the secret for the app's MFA.") return nil } } /// Confirm that the user's TOTP authenticator is configured correctly by /// sending a code to it to check that it matches successfully. /// /// - Parameters: /// - cipClient: The `CongnitoIdentityProviderClient` to use. /// - session: An authentication session previously returned by an /// `associateSoftwareToken()` call. /// - mfaCode: The 6-digit code currently displayed by the user's /// authenticator, as provided by the user. func verifyTOTP(cipClient: CognitoIdentityProviderClient, session: String?, mfaCode: String?) async { do { let output = try await cipClient.verifySoftwareToken( input: VerifySoftwareTokenInput( session: session, userCode: mfaCode ) ) guard let tokenStatus = output.status else { print("*** Unable to get the token's status.") return } print("=====> The token's status is: \(tokenStatus)") } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return } catch _ as CodeMismatchException { print("*** The specified MFA code doesn't match the expected value.") return } catch _ as UserNotFoundException { print("*** The specified username doesn't exist.") return } catch _ as UserNotConfirmedException { print("*** The user has not been confirmed.") return } catch { print("*** Error verifying the MFA token!") return } } /// Respond to the authentication challenge received from Cognito after /// initiating an authentication session. This involves sending a current /// MFA code to the service. /// /// - Parameters: /// - cipClient: The `CognitoIdentityProviderClient` to use. /// - userName: The user's username. /// - clientId: The app client ID. /// - userPoolId: The user pool to sign into. /// - mfaCode: The 6-digit MFA code currently displayed by the user's /// authenticator. /// - session: The authentication session to continue processing. func adminRespondToAuthChallenge(cipClient: CognitoIdentityProviderClient, userName: String, clientId: String, userPoolId: String, mfaCode: String, session: String) async { print("=====> SOFTWARE_TOKEN_MFA challenge is generated...") var challengeResponsesOb: [String: String] = [:] challengeResponsesOb["USERNAME"] = userName challengeResponsesOb["SOFTWARE_TOKEN_MFA_CODE"] = mfaCode do { let output = try await cipClient.adminRespondToAuthChallenge( input: AdminRespondToAuthChallengeInput( challengeName: CognitoIdentityProviderClientTypes.ChallengeNameType.softwareTokenMfa, challengeResponses: challengeResponsesOb, clientId: clientId, session: session, userPoolId: userPoolId ) ) guard let authenticationResult = output.authenticationResult else { print("*** Unable to get authentication result.") return } print("=====> Authentication result (JWTs are redacted):") print(authenticationResult) } catch _ as SoftwareTokenMFANotFoundException { print("*** The specified user pool isn't configured for MFA.") return } catch _ as CodeMismatchException { print("*** The specified MFA code doesn't match the expected value.") return } catch _ as UserNotFoundException { print("*** The specified username, \(userName), doesn't exist.") return } catch _ as UserNotConfirmedException { print("*** The user \(userName) has not been confirmed.") return } catch let error as NotAuthorizedException { print("*** Unauthorized access. Reason: \(error.properties.message ?? "<unknown>")") } catch { print("*** Error responding to the MFA challenge.") return } } /// Called by ``main()`` to run the bulk of the example. func runAsync() async throws { let config = try await CognitoIdentityProviderClient.CognitoIdentityProviderClientConfiguration(region: region) let cipClient = CognitoIdentityProviderClient(config: config) print(""" This example collects information about a user, then creates that user in the specified user pool. Then, it enables Multi-Factor Authentication (MFA) for that user by associating an authenticator application (such as Google Authenticator or a password manager that supports TOTP). Then, the user uses a code from their authenticator application to sign in. """) let userName = stringRequest("Please enter a new username: ") let password = stringRequest("Enter a password: ") let email = stringRequest("Enter your email address: ", minLength: 5) // Submit the sign-up request to AWS. print("==> Signing up user \(userName)...") if await signUp(cipClient: cipClient, clientId: clientId, userName: userName, password: password, email: email) == false { return } // Check the user's status. This time, it should come back "unconfirmed". print("==> Getting the status of user \(userName) from the user pool (should be 'unconfirmed')...") if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false { return } // Ask the user if they want a replacement code sent, such as if the // code hasn't arrived yet. If the user responds with a "yes," send a // new code. if yesNoRequest("==> A confirmation code was sent to \(userName). Would you like to send a new code (Y/N)? ") { print("==> Sending a new confirmation code...") if await resendConfirmationCode(cipClient: cipClient, clientId: clientId, userName: userName) == false { return } } // Ask the user to enter the confirmation code, then send it to Amazon // Cognito to verify it. let code = stringRequest("==> Enter the confirmation code sent to \(userName): ") if await confirmSignUp(cipClient: cipClient, clientId: clientId, userName: userName, code: code) == false { // The code didn't match. Your application may wish to offer to // re-send the confirmation code here and try again. return } // Check the user's status again. This time it should come back // "confirmed". print("==> Rechecking status of user \(userName) in the user pool (should be 'confirmed')...") if await adminGetUser(cipClient: cipClient, userName: userName, userPoolId: poolId) == false { return } // Check the challenge mode. Here, it should be "mfaSetup", indicating // that the user needs to add MFA before using it. This returns a // session that can be used to register MFA, or nil if an error occurs. let authSession = await initiateAuth(cipClient: cipClient, clientId: clientId, userName: userName, password: password, userPoolId: poolId) if authSession == nil { return } // Ask Cognito for an MFA secret token that the user should enter into // their authenticator software (such as Google Authenticator) or // password manager to configure it for this user account. This // returns a new session that should be used for the new stage of the // authentication process. let newSession = await getSecretForAppMFA(cipClient: cipClient, authSession: authSession) if newSession == nil { return } // Ask the user to enter the current 6-digit code displayed by their // authenticator. Then verify that it matches the value expected for // the session. let mfaCode1 = stringRequest("==> Enter the 6-digit code displayed in your authenticator: ", minLength: 6) await verifyTOTP(cipClient: cipClient, session: newSession, mfaCode: mfaCode1) // Ask the user to authenticate now that the authenticator has been // configured. This creates a new session using the user's username // and password as already entered. print("\nNow starting the sign-in process for user \(userName)...\n") let session2 = await initiateAuth(cipClient: cipClient, clientId: clientId, userName: userName, password: password, userPoolId: poolId) guard let session2 else { return } // Now that we have a new auth session, `session2`, ask the user for a // new 6-digit code from their authenticator, and send it to the auth // session. let mfaCode2 = stringRequest("==> Wait for your authenticator to show a new 6-digit code, then enter it: ", minLength: 6) await adminRespondToAuthChallenge(cipClient: cipClient, userName: userName, clientId: clientId, userPoolId: poolId, mfaCode: mfaCode2, session: session2) } } /// The program's asynchronous entry point. @main struct Main { static func main() async { let args = Array(CommandLine.arguments.dropFirst()) do { let command = try ExampleCommand.parse(args) try await command.runAsync() } catch { ExampleCommand.exit(withError: error) } } }-
API 세부 정보는 AWS SDK for Swift API 참조의 다음 주제를 참조하세요.
-
