Description
Implement the scenario and service action calls to create examples for each SDK.
Service actions
Service actions can either be pulled out as individual functions or can be incorporated into the scenario, but each service action must be included as an excerpt in the SOS output.
ConfirmSignUp
ConfirmDevice
AssociateSoftwareToken
AdminGetUser
ListUsers
ResendConfirmationCode
RespondToAuthChallenge
AdminRespondToAuthChallenge
SignUp
InitiateAuth
AdminInitiateAuth
VerifySoftwareToken
Scenario
A scenario runs at a command prompt and prints output to the user on the result of each service action. A scenario can run in one of two ways: straight through, printing out progress as it goes, or as an interactive question/answer script.
Scaffolding
CDK/CFN script to set up user pool is provided in resources/cdk/cognito_scenario_user_pool_with_mfa
.
The script creates a user pool configured with:
- self-sign up enabled
- auto verify email
- email required
- sign in case insensitive
- MFA required
- MFA second factor OTP:true, SMS: false
And a client app added to the pool with two auth flows enabled:
- ADMIN_USER_PASSWORD_AUTH
- USER_PASSWORD_AUTH
Sign up users with MFA
- Sign up: SignUp
- [Optional] AdminGetUser to get user confirmation status if user exists.
- [Optional] ResendConfirmationCode if user needs another code.
- Confirm signup: ConfirmSignUp
- Sign in, get prompted to set up TOTP (Time-based one-time password) MFA: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “MFA_SETUP”)
- Generate a TOTP MFA private key: AssociateSoftwareToken, Generate a QR code from response and display to user.
- Verify the TOTP and register for MFA: VerifySoftwareToken
- Sign in again, get prompted to submit TOTP: AdminInitiateAuth with ADMIN_USER_PASSWORD_AUTH (Response: “ChallengeName”: “SOFTWARE_TOKEN_MFA”)
- Provide TOTP, get tokens: AdminRespondToAuthChallenge
[Bonus]
- Register user’s device: ConfirmDevice
- Sign in with device: InitiateAuth with USER_PASSWORD_AUTH (include DEVICE_KEY). Challenge response DEVICE_SRP_AUTH.
- RespondToAuthChallenge with DEVICE_SRP_AUTH, get DEVICE_PASSWORD_VERIFIER challenge.
- RespondToAuthChallenge with DEVICE_PASSWORD_VERIFIER (requires SRP calculations), get access tokens without the need to generate a new MFA code.
- Runnable scenario code.
- Service action code (may be same as scenario code).
- Integration or unit tests.
- Scenario and API examples tagged for SOS.
- README