GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → aws → aws-sdk-net-extensions-cognito

aws / aws-sdk-net-extensions-cognito

Licence: Apache-2.0 license
An extension library to assist in the Amazon Cognito User Pools authentication process

Programming Languages

C#
18002 projects

Labels

awsamazonsrpaws-cognitoamazon-cognitocognito-identity-poolcognito-user-pool

Projects that are alternatives of or similar to aws-sdk-net-extensions-cognito

Cognito Express
Authenticates API requests on a Node application by verifying the JWT signature of AccessToken or IDToken generated by Amazon Cognito.
Stars: ✭ 165 (+106.25%)
Mutual labels:  amazon, aws-cognito, amazon-cognito
cognises-flask
Flask Cognises: AWS Cognito group based authorization with user management
Stars: ✭ 16 (-80%)
Mutual labels:  aws-cognito, cognito-user-pool
Amazon Cognito Identity Js
Amazon Cognito Identity SDK for JavaScript
Stars: ✭ 965 (+1106.25%)
Mutual labels:  aws-cognito, amazon-cognito
Aws Serverless Auth Reference App
Serverless reference app and backend API, showcasing authentication and authorization patterns using Amazon Cognito, Amazon API Gateway, AWS Lambda, and AWS IAM.
Stars: ✭ 724 (+805%)
Mutual labels:  aws-cognito, amazon-cognito
Amplify Js
A declarative JavaScript library for application development using cloud services.
Stars: ✭ 8,539 (+10573.75%)
Mutual labels:  aws-cognito, amazon-cognito
Cognito Backup Restore
AIO Tool for backing up and restoring AWS Cognito User Pools
Stars: ✭ 142 (+77.5%)
Mutual labels:  aws-cognito, amazon-cognito
aws-amplify-react-custom-ui
Building a Custom UI Authentication For AWS Amplify
Stars: ✭ 21 (-73.75%)
Mutual labels:  aws-cognito, amazon-cognito
Reactjs Cognito Starter
Starter project for ReactJS + Amazon Cognito + Amazon Amplify Framework with AWS CDK support
Stars: ✭ 137 (+71.25%)
Mutual labels:  aws-cognito, amazon-cognito
terraform-aws-cognito-user-pool
Terraform module to create Amazon Cognito User Pools, configure its attributes and resources such as app clients, domain, resource servers. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users.
Stars: ✭ 65 (-18.75%)
Mutual labels:  aws-cognito, cognito-user-pool
cognito-srp
Go library for AWS Cognito SRP
Stars: ✭ 40 (-50%)
Mutual labels:  srp, cognito-user-pool
SelSum
Abstractive opinion summarization system (SelSum) and the largest dataset of Amazon product summaries (AmaSum). EMNLP 2021 conference paper.
Stars: ✭ 36 (-55%)
Mutual labels:  amazon
alexa-verifier-middleware
An express middleware that verifies HTTP requests sent to an Alexa skill are sent from Amazon.
Stars: ✭ 31 (-61.25%)
Mutual labels:  amazon
aws-webrtc-recognition-example
Example with WebRTC , AWS Rekognition 👍
Stars: ✭ 18 (-77.5%)
Mutual labels:  amazon
aws-node-custom-user-pool
Serverless AWS Cognito Custom User Pool Example
Stars: ✭ 15 (-81.25%)
Mutual labels:  cognito-user-pool
cognito-to-dynamodb-lambda
Copy newly-confirmed users from Cognito to DynamoDB
Stars: ✭ 68 (-15%)
Mutual labels:  aws-cognito
alexa-spotify-connect
Control Spotify Connect devices with Alexa
Stars: ✭ 92 (+15%)
Mutual labels:  amazon
go-avs
A simple package for communicating with Amazon’s HTTP/2 API for AVS.
Stars: ✭ 25 (-68.75%)
Mutual labels:  amazon
ngx-aws-deploy
☁️🚀 Deploy your Angular app to Amazon S3 directly from the Angular CLI 🚀☁️
Stars: ✭ 84 (+5%)
Mutual labels:  amazon
srptools
Tools to implement Secure Remote Password (SRP) authentication
Stars: ✭ 22 (-72.5%)
Mutual labels:  srp
golang-tts
Text-to-Speach golang package based in Amazon Polly service
Stars: ✭ 19 (-76.25%)
Mutual labels:  amazon
View All Similar Projects ➔

.NET on AWS Banner

Amazon Cognito Authentication Extension Library

nuget

Amazon.Extensions.CognitoAuthentication simplifies the authentication process of Amazon Cognito User Pools for .NET developers.

It allows you to use various authentication methods for Amazon Cognito User Pools with only a few short method calls, and makes the process intuitive.

Learn more about Amazon Cognito User Pools.

This library targets the .NET Standard 2.0 and introduces the following dependencies:

Getting Started

To take advantage of this library, set up an AWS account and install the AWS SDK for .NET as described in Getting Started with the AWS SDK for .NET.

While this library is in development, you will need to build it manually.

Create a new project in Visual Studio and add the Amazon Cognito Authentication Extension Library as a reference to the project.

Using the library to make calls to the Amazon Cognito Identity Provider API from the AWS SDK for .NET is as simple as creating the necessary CognitoAuthentication objects and calling the appropriate AmazonCognitoIdentityProviderClient methods. The principal Amazon Cognito authentication objects are:

  • CognitoUserPool objects store information about a user pool, including the poolID, clientID, and other pool attributes.
  • CognitoUser objects contain a user’s username, the pool they are associated with, session information, and other user properties.
  • CognitoDevice objects include device information, such as the device key.

Authenticating with Secure Remote Protocol (SRP)

Instead of implementing hundreds of lines of cryptographic methods yourself, you now only need to create the necessary AmazonCognitoIdentityProviderClient, CognitoUserPool, CognitoUser, and InitiateSrpAuthRequest objects and then call StartWithSrpAuthAsync:

using Amazon.Runtime;
using Amazon.CognitoIdentityProvider;
using Amazon.Extensions.CognitoAuthentication;

public async void AuthenticateWithSrpAsync()
{
    var provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(), FallbackRegionFactory.GetRegionEndpoint());
    var userPool = new CognitoUserPool("poolID", "clientID", provider);
    var user = new CognitoUser("username", "clientID", userPool, provider);

    var password = "userPassword";

    AuthFlowResponse authResponse = await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest()
    {
        Password = password
    }).ConfigureAwait(false);
}

The AuthenticationResult property of the AuthFlowResponse object contains the user’s session tokens if the user was successfully authenticated. If more challenge responses are required, this field is null and the ChallengeName property describes the next challenge, such as multi-factor authentication. You would then call the appropriate method to continue the authentication flow.

Authenticating with Multiple Forms of Authentication

Continuing the authentication flow with challenges, such as with NewPasswordRequired and Multi-Factor Authentication (MFA), is simpler as well.

The following code shows one way to check the challenge type and get appropriate responses for MFA and NewPasswordRequired challenges. This processing might be necessary as the authentication flow proceeds, depending on the properties of the AuthFlowResponse object that was retrieved earlier.

while (authResponse.AuthenticationResult == null)
{
    if (authResponse.ChallengeName == ChallengeNameType.NEW_PASSWORD_REQUIRED)
    {
        Console.WriteLine("Enter your desired new password:");
        string newPassword = Console.ReadLine();

        authResponse = 
            await user.RespondToNewPasswordRequiredAsync(new RespondToNewPasswordRequiredRequest()
            {
                SessionID = authResponse.SessionID,
                NewPassword = newPassword
            }).ConfigureAwait(false);
    }
    else if (authResponse.ChallengeName == ChallengeNameType.SMS_MFA)
    {
        Console.WriteLine("Enter the MFA Code sent to your device:");
        string mfaCode = Console.ReadLine();

        authResponse = await user.RespondToSmsMfaAuthAsync(new RespondToSmsMfaRequest()
        {
                SessionID = authResponse.SessionID,
                MfaCode = mfaCode
        }).ConfigureAwait(false);
        }
        else
        {
            Console.WriteLine("Unrecognized authentication challenge.");
            break;
        }
}

Learn more about Amazon Cognito User Pool Authentication Flow.

Authenticating with Different Levels of Authentication

After a user is authenticated by using the Amazon Cognito Authentication Extension Library, you can then allow them to access specific AWS resources.

To allow users to access specific AWS resources, you must create an identity pool through the Amazon Cognito Federated Identities console.

You can also specify different roles for both unauthenticated and authenticated users so that they can access different resources. These roles can be changed in the IAM console where you can add or remove permissions in the Action field of the role’s attached policy. Then, using the appropriate identity pool, user pool, and Amazon Cognito user information, calls can be made to different AWS resources.

The following code shows how a user, who was authenticated with SRP, can access various S3 buckets as permitted by the associated identity pool’s role.

using Amazon;
using Amazon.Runtime;
using Amazon.S3;
using Amazon.S3.Model;
using Amazon.CognitoIdentity;
using Amazon.CognitoIdentityProvider;
using Amazon.Extensions.CognitoAuthentication;

public async void GetS3BucketsAsync()
{
    var provider = new AmazonCognitoIdentityProviderClient(new AnonymousAWSCredentials(),
                                                            FallbackRegionFactory.GetRegionEndpoint());
    var userPool = new CognitoUserPool("poolID", "clientID", provider);
    var user = new CognitoUser("username", "clientID", userPool, provider);

    var password = "userPassword";

    await user.StartWithSrpAuthAsync(new InitiateSrpAuthRequest()
    {
        Password = password
    }).ConfigureAwait(false);

    var credentials = 
        user.GetCognitoAWSCredentials("identityPoolID", RegionEndpoint.<YourIdentityPoolRegion>);

    using (var client = new AmazonS3Client(credentials))
    {
        ListBucketsResponse response = 
            await client.ListBucketsAsync(new ListBucketsRequest()).ConfigureAwait(false);

        foreach (S3Bucket bucket in response.Buckets)
        {
            Console.WriteLine(bucket.BucketName);
        }
    }
}

Authenticating using a Refresh Token from a Previous Session

Access and ID tokens provided by Cognito are only valid for one hour but the refresh token can be configured to be valid for much longer. Below is an example of how to retrieve new Access and ID tokens using a refresh token which is still valid.

See here to learn more about using the tokens returned by Amazon Cognito.

using Amazon;
using Amazon.Runtime;
using Amazon.CognitoIdentity;
using Amazon.CognitoIdentityProvider;
using Amazon.Extensions.CognitoAuthentication;

public async void GetCredsFromRefreshAsync(string refreshToken)
{
    AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials(), FallbackRegionFactory.GetRegionEndpoint());
    CognitoUserPool userPool = new CognitoUserPool("poolID", "clientID", provider);

    CognitoUser user = new CognitoUser("username", "clientID", userPool, provider);

    user.SessionTokens = new CognitoUserSession(null, null, refreshToken, DateTime.UtcNow, DateTime.UtcNow.AddHours(1));

    InitiateRefreshTokenAuthRequest refreshRequest = new InitiateRefreshTokenAuthRequest()
    {
        AuthFlowType = AuthFlowType.REFRESH_TOKEN_AUTH
    };
    
    AuthFlowResponse authResponse = await user.StartWithRefreshTokenAuthAsync(refreshRequest).ConfigureAwait(false);
}

Other Forms of Authentication

In addition to SRP, NewPasswordRequired, MFA and Refresh the Amazon Cognito Authentication Extension Library offers an easier authentication flow for the following:

  • Custom – Begins with a call to StartWithCustomAuthAsync(InitiateCustomAuthRequest customRequest)
  • AdminNoSRP – Begins with a call to StartWithAdminNoSrpAuth(InitiateAdminNoSrpAuthRequest adminAuthRequest)

Getting Help

We use the GitHub issues for tracking bugs and feature requests and have limited bandwidth to address them.

If you think you may have found a bug, please open an issue

Contributing

We welcome community contributions and pull requests. See CONTRIBUTING for information on how to set up a development environment and submit code.

Additional Resources

AWS .NET GitHub Home Page
GitHub home for .NET development on AWS. You'll find libraries, tools, and resources to help you build .NET applications and services on AWS.

AWS Developer Center - Explore .NET on AWS
Find .NET code samples, step-by-step guides, videos, blog content, tools, and information about live events all in one place.

AWS Developer Blog - .NET
Come and see what .NET developers at AWS are up to! Learn about new .NET software announcements, guides, and how-to's.

@dotnetonaws Follow us on twitter!

License

Libraries in this repository are licensed under the Apache 2.0 License.

See LICENSE and NOTICE for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].