我正在尝试使用 AWS Cognito 实施 OTP 身份验证。这是身份验证的流程:
我按照 AWS 文档并配置了三个 AWS Cognito 触发器:
defineAuthChallengecreateAuthChallengeverifyAuthChallengeResponse一切正常。然而,如果用户第一次输入错误的验证码,然后发送正确的代码,
verifyAuthChallengeResponsedefineAuthChallengeasync function defineAuthChallengeLambda(event) {
if (event.request.session.length === 0) {
// [CASE-1] If no session, it means the user is authenticating for the first time
event.response.failAuthentication = false;
event.response.issueTokens = false;
event.response.challengeName = "CUSTOM_CHALLENGE";
} else if (event.request.session.length === 1) {
if (event.request.session[0].challengeResult === true) {
// [CASE-2] If the user answered correctly -> authenticated
event.response.failAuthentication = false;
event.response.issueTokens = true;
} else {
// [CASE-3] If the user didn't answer correctly -> repeat the flow again (!!!)
event.response.challengeName = "CUSTOM_CHALLENGE";
event.response.failAuthentication = false;
event.response.issueTokens = false;
}
}
return event;
}
[CASE-3]是社区提出的,但每当这种情况发生时,我触发第二次身份验证尝试的命令就会失败并出现错误(请参阅下面的代码):
import { RespondToAuthChallengeCommand } from "@aws-sdk/client-cognito-identity-provider"
const command = new RespondToAuthChallengeCommand({
ClientId: envs.IL_USER_POOL_CLIENT_ID,
ChallengeName: "CUSTOM_CHALLENGE",
ChallengeResponses: {
USERNAME: bag.phoneNumber,
ANSWER: bag.code
},
Session: bag.session,
})
await new CognitoIdentityProvider().send(command) // Error: Authentication result expected
第二次尝试似乎期望
event.response.failAuthentication = trueevent.response.issueTokens = true你知道我做错了什么吗?”
我必须承认我在逻辑上犯了一个错误,出现的错误是由于我定义的自定义错误造成的。不过,我也找到了解决方案。
每当我调用
RespondToAuthChallengeCommanddefineAuthChallenge换句话说,在我之前的实现中,我对所有代码尝试都使用了 Session 属性,这是不正确的。现在,每当失败时,我都会从
RespondToAuthChallengeCommand