我正在使用lambda触发器在AWS Cognito中开发自定义身份验证流。
我将aws给出的示例代码用于lambda触发器DefineAuthChallenge_Authentication
,CreateAuthChallenge_Authentication
和VerifyAuthChallenge_Authentication
,甚至在此答案中进行了解释,
AWS Cognito User Pool without a password
但是当我从前端登录并放大时说
{code: "InvalidLambdaResponseException", name: "InvalidLambdaResponseException", message: "Unrecognizable lambda output"}
在调用“创建身份验证”质询时定义“身份验证”质询后,质询不在event.request.session中,它是一个空数组。 event.response中的ChallengeName属性如下所示,
triggerSource: 'CreateAuthChallenge_Authentication',
request:
{ userAttributes:
{ sub: 'xxxxx-xxxxx-xxxx',
'cognito:user_status': 'CONFIRMED',
name: 'sala',
phone_number_verified: 'true',
'cognito:phone_number_alias': '+947xxxxxxxxx',
phone_number: '+947xxxxxxxxx' },
challengeName: 'CUSTOM_CHALLENGE',
session: [] },
以下是我的定义身份验证挑战, `
exports.handler = async event => {
if (
event.request.session &&
event.request.session.length >= 3 &&
event.request.session.slice(-1)[0].challengeResult === false
) {
// The user provided a wrong answer 3 times; fail auth
event.response.issueTokens = false;
event.response.failAuthentication = true;
} else if (
event.request.session &&
event.request.session.length &&
event.request.session.slice(-1)[0].challengeResult === true
) {
// The user provided the right answer; succeed auth
event.response.issueTokens = true;
event.response.failAuthentication = false;
} else {
// The user did not provide a correct answer yet; present challenge
event.response.issueTokens = false;
event.response.failAuthentication = false;
event.response.challengeName = 'CUSTOM_CHALLENGE';
}
return event;
};