【Python】Boto3でCognitoを使ってみる
共通
import boto3
user_pool_id = "ap-northeast-1_xxxxxxxxxx"
client_id = "xxxxxxxxxx"
client_secret = "xxxxxxxxxx"
# Cognitoクライアント
client = boto3.client(
"cognito-idp",
region_name="ap-northeast-1",
)
# ハッシュ作成関数
def get_secret_hash(user_name):
message = user_name + client_id
dig = hmac.new(
str(client_secret).encode("utf-8"),
msg=str(message).encode("utf-8"),
digestmod=hashlib.sha256,
).digest()
return base64.b64encode(dig).decode()ユーザー取得
@app.get("/user")
def get_user(user_name):
return client.admin_get_user(
UserPoolId=user_pool_id,
Username=user_name,
)パスワード認証
# パスワード認証
@app.post("/login")
def login(user_name, password):
response = client.initiate_auth(
ClientId=client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": user_name,
"PASSWORD": password,
"SECRET_HASH": get_secret_hash(user_name),
},
)
# MFA認証の場合
if response.get("ChallengeName"):
return {
"challenge_name": response["ChallengeName"],
"session": response["Session"],
}
return responseMFA認証
# MFA認証
@app.post("/mfa")
def mfa(otp_code, session, user_name, challenge_name):
response = client.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=challenge_name,
Session=session,
ChallengeResponses={
"USERNAME": user_name,
"EMAIL_OTP_CODE": otp_code,
"SECRET_HASH": get_secret_hash(user_name),
},
)
return responseMFA設定を変更
# MFA設定を変更
@app.post("/set-mfa-preference")
def set_mfa_preference(user_name, is_enable):
return client.admin_set_user_mfa_preference(
EmailMfaSettings={
"Enabled": is_enable,
"PreferredMfa": is_enable,
},
Username=user_name,
UserPoolId=user_pool_id,
)以上になります。
お読み頂き、ありがとうございました。

