1 Answer
- Newest
- Most votes
- Most comments
0
Answering my own post after a discussion with a Solutions Architect from AWS.
AWS told me in substance:
- Building its own SRP lib is non sense because it won't be as tested as AWS or Mozilla did (other example of SRP implementation)
- Not relying on what exists already is non sense also: Amplify lib has already everything to do the job regarding talking to Cognito.
- Amplify team is slowly building a TS version but it takes time as the code is really granular and the Auth lib is tangled with other functions in the package which makes it not autonomous.
- By doing that you have to rebuild the user experience and the chain of screens / forms the user has to complete to authenticate.
What I did;
- I was very reluctant to use amplify but I strictly imported only few bits of it to do the job. The right flavor compatible with typescript is the package named "aws-amplify". In this one, the Auth function handles all the auth flows and generates SRP for us. You might some other repos with JS, don't use those, it's not up to date.
- I rebuild the ux with different screens, one for the signin (email, password), one for the mfa challenge (mfa code sent by email or SMS). You have to maintain a context has you have to pipe value from one form to the cirresponding Auth calls.
- I developped 4 functions. Three of those need a context: one to process the signin (Auth.signIn(username, password)), one to handle the mfa (Auth.confirmSignIn(user, mfa, "SMS_MFA")), and finally to know if the current user is logged in or not (Auth.currentAuthenticatedUser()). If your device is trusted then the challenge is over after the step 1, so you can reload your page directly. The last one is the logout (Auth.signOut()).
- I'm using React Router Dom 6.2 but I guess it's the same of other React Frameworks, I developped a small wrapper around my App object which is handling the logged in state of the application. If the user is not logged in, the login form shows up, if the user is logged in then we send back the children of the wrapper (meaning the app) (return props.children)
package.json
...
"aws-amplify": "^5.3.12",
...
cognito.ts
import { Amplify, Auth } from "aws-amplify"
What I got:
- a clear login interface, with high performance (really)
- a control on the user flow, login and logout, no password forgotten
- the mfa challenge implemented (watch out for the cost during the test phases if you use SMS)
I guess the last step is to wait the Amplify team to clearly untangle their Auth function without the full package of aws-amplify to have something clean. At the moment I use also the axios lib shipped with Amplify to proxy my request toward API Gateway, so that's fine, a good trade off.
Good luck with all this.
W
answered 4 months ago
Relevant content
- asked a month ago
- asked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
I am also having same problem, even I was not able to perform confirmDevice with react/typescript codes.
If you can help me for how did you able to generate or grab passwordVerifer value? I got stuck with this formula here PasswordVerifier = g( SHA256_HASH(salt + FULL_PASSWORD) ) (mod N)