Cognito "confirmDevice" error: "Invalid device credentials given"
I have a Cognito User Pool working with MFA enabled (optional), and I am currently working on setting up Device Tracking so that users can bypass MFA for trusted devices ("Allow users to bypass MFA for trusted devices" set to "Yes").
I am using the AWS SDK for Ruby, and can successfully step through the admin_initiate_auth
and admin_respond_to_auth_challenge
steps. When I run confirm_device
I am getting an exception:
Invalid device credentials given, no credentials given
Searching on Google for the exception message, I've so far been unable to find any examples of error message for Cognito.
The code I'm using:
class Cognito attr_reader :client, :user_pool_id, :app_client_id, :app_client_secret def initialize @client = Aws::CognitoIdentityProvider::Client.new( region: ENV['AWS_REGION'], access_key_id: ENV['AWS_ACCESS_KEY_ID'], secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'] ) @user_pool_id = ENV['AWS_USER_POOL_ID'] @app_client_id = ENV["AWS_APP_CLIENT_ID"] @app_client_secret = ENV["AWS_APP_CLIENT_SECRET_KEY"] end class << self def secret_hash(username) cognito = self.new Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', cognito.app_client_secret, username + cognito.app_client_id)) end def authenticate(username:, password:) cognito = self.new user_object = { USERNAME: username, PASSWORD: password, SECRET_HASH: Cognito.secret_hash(username), } auth_object = { user_pool_id: cognito.user_pool_id, client_id: cognito.app_client_id, auth_flow: "ADMIN_NO_SRP_AUTH", auth_parameters: user_object, } cognito.client.admin_initiate_auth(auth_object) end def admin_respond_to_auth_challenge(session:, mfa_code:, username:) cognito = self.new cognito.client.admin_respond_to_auth_challenge({ user_pool_id: cognito.user_pool_id, client_id: cognito.app_client_id, challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED challenge_responses: { "SMS_MFA_CODE" => mfa_code, "USERNAME" => username, "SECRET_HASH" => Cognito.secret_hash(username), }, session: session, context_data: { # TODO get these from request. ip_address: "127.0.0.1", # required server_name: "localhost", # required server_path: "https://127.0.0.1/", # required http_headers: [ # required { header_name: "StringType", header_value: "StringType", }, ], }, }) end def confirm_device(device_key:, access_token:, device_name: nil) cognito = self.new cognito.client.confirm_device({ device_key: device_key, access_token: access_token, device_name: device_name, }) end end end
And called with:
r = Cognito.authenticate(username: 'user.email@gmail.com', password: "Password1")
challenge = Cognito.admin_respond_to_auth_challenge(session: r.session, mfa_code: "123456", username: 'user.email@gmail.com')
confirm = Cognito.confirm_device(device_key: challenge.authentication_result.new_device_metadata.device_key, access_token: challenge.authentication_result.access_token, device_name: "John's Machine")
With the full error being:
/Users/myname/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/aws-sdk-core-3.126.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call': Invalid device credentials given, no credentials given (Aws::CognitoIdentityProvider::Errors::InvalidParameterException)
I'm not sure what credentials I'm missing. Any help would be appreciated! Thank you.
- 最新
- 最多得票
- 最多評論
Hi JPF,
Are you able to figure out the issue? I ran into the same error.
Thanks
相關內容
- 已提問 1 年前lg...
- 已提問 1 年前lg...
- 已提問 9 個月前lg...
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
Hello WY220 - No, I haven't. I've posted the same question to StackOverflow as well with no responses there either. https://stackoverflow.com/questions/72481312/cognito-sdk-unable-to-confirm-a-trusted-device