List of usage examples for com.amazonaws.services.cognitoidp.model AdminInitiateAuthRequest AdminInitiateAuthRequest
AdminInitiateAuthRequest
From source file:com.kdgregory.example.cognito.servlets.ConfirmSignUp.java
License:Apache License
@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String emailAddress = request.getParameter(Constants.RequestParameters.EMAIL); String tempPassword = request.getParameter(Constants.RequestParameters.TEMPORARY_PASSWORD); String finalPassword = request.getParameter(Constants.RequestParameters.PASSWORD); if (StringUtil.isBlank(emailAddress) || StringUtil.isBlank(tempPassword) || StringUtil.isBlank(finalPassword)) { reportResult(response, Constants.ResponseMessages.INVALID_REQUEST); return;/*from w w w. j av a 2s .c o m*/ } logger.debug("confirming signup of user {}", emailAddress); try { // must attempt signin with temporary password in order to establish session for password change // (even though it's documented as not required) Map<String, String> initialParams = new HashMap<String, String>(); initialParams.put("USERNAME", emailAddress); initialParams.put("PASSWORD", tempPassword); AdminInitiateAuthRequest initialRequest = new AdminInitiateAuthRequest() .withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(initialParams) .withClientId(cognitoClientId()).withUserPoolId(cognitoPoolId()); AdminInitiateAuthResult initialResponse = cognitoClient.adminInitiateAuth(initialRequest); if (!ChallengeNameType.NEW_PASSWORD_REQUIRED.name().equals(initialResponse.getChallengeName())) { throw new RuntimeException("unexpected challenge: " + initialResponse.getChallengeName()); } Map<String, String> challengeResponses = new HashMap<String, String>(); challengeResponses.put("USERNAME", emailAddress); challengeResponses.put("PASSWORD", tempPassword); challengeResponses.put("NEW_PASSWORD", finalPassword); AdminRespondToAuthChallengeRequest finalRequest = new AdminRespondToAuthChallengeRequest() .withChallengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED) .withChallengeResponses(challengeResponses).withClientId(cognitoClientId()) .withUserPoolId(cognitoPoolId()).withSession(initialResponse.getSession()); AdminRespondToAuthChallengeResult challengeResponse = cognitoClient .adminRespondToAuthChallenge(finalRequest); if (StringUtil.isBlank(challengeResponse.getChallengeName())) { updateCredentialCookies(response, challengeResponse.getAuthenticationResult()); reportResult(response, Constants.ResponseMessages.LOGGED_IN); } else { throw new RuntimeException("unexpected challenge: " + challengeResponse.getChallengeName()); } } catch (InvalidPasswordException ex) { logger.debug("{} submitted invalid password", emailAddress); reportResult(response, Constants.ResponseMessages.INVALID_PASSWORD); } catch (UserNotFoundException ex) { logger.debug("not found: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (NotAuthorizedException ex) { logger.debug("invalid credentials: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (TooManyRequestsException ex) { logger.warn("caught TooManyRequestsException, delaying then retrying"); ThreadUtil.sleepQuietly(250); doPost(request, response); } }
From source file:com.kdgregory.example.cognito.servlets.SignIn.java
License:Apache License
@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String emailAddress = request.getParameter(Constants.RequestParameters.EMAIL); String password = request.getParameter(Constants.RequestParameters.PASSWORD); if (StringUtil.isBlank(emailAddress) || StringUtil.isBlank(password)) { reportResult(response, Constants.ResponseMessages.INVALID_REQUEST); return;/*from www . j ava2 s. c o m*/ } logger.debug("authenticating {}", emailAddress); try { Map<String, String> authParams = new HashMap<String, String>(); authParams.put("USERNAME", emailAddress); authParams.put("PASSWORD", password); AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest() .withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(authParams) .withClientId(cognitoClientId()).withUserPoolId(cognitoPoolId()); AdminInitiateAuthResult authResponse = cognitoClient.adminInitiateAuth(authRequest); if (StringUtil.isBlank(authResponse.getChallengeName())) { updateCredentialCookies(response, authResponse.getAuthenticationResult()); reportResult(response, Constants.ResponseMessages.LOGGED_IN); return; } else if (ChallengeNameType.NEW_PASSWORD_REQUIRED.name().equals(authResponse.getChallengeName())) { logger.debug("{} attempted to sign in with temporary password", emailAddress); reportResult(response, Constants.ResponseMessages.FORCE_PASSWORD_CHANGE); } else { throw new RuntimeException("unexpected challenge on signin: " + authResponse.getChallengeName()); } } catch (UserNotFoundException ex) { logger.debug("not found: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (NotAuthorizedException ex) { logger.debug("invalid credentials: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (TooManyRequestsException ex) { logger.warn("caught TooManyRequestsException, delaying then retrying"); ThreadUtil.sleepQuietly(250); doPost(request, response); } }
From source file:com.kdgregory.example.cognito.servlets.ValidatedAction.java
License:Apache License
/** * Attempts to create a new access token based on the provided refresh token. *//* ww w . j a va2s . c o m*/ private void attemptRefresh(String refreshToken, HttpServletResponse response) throws ServletException, IOException { try { Map<String, String> authParams = new HashMap<String, String>(); authParams.put("REFRESH_TOKEN", refreshToken); AdminInitiateAuthRequest refreshRequest = new AdminInitiateAuthRequest() .withAuthFlow(AuthFlowType.REFRESH_TOKEN).withAuthParameters(authParams) .withClientId(cognitoClientId()).withUserPoolId(cognitoPoolId()); AdminInitiateAuthResult refreshResponse = cognitoClient.adminInitiateAuth(refreshRequest); if (StringUtil.isBlank(refreshResponse.getChallengeName())) { logger.debug("successfully refreshed token"); updateCredentialCookies(response, refreshResponse.getAuthenticationResult()); reportResult(response, Constants.ResponseMessages.LOGGED_IN); } else { logger.warn("unexpected challenge when refreshing token: {}", refreshResponse.getChallengeName()); reportResult(response, Constants.ResponseMessages.NOT_LOGGED_IN); } } catch (TooManyRequestsException ex) { logger.warn("caught TooManyRequestsException, delaying then retrying"); ThreadUtil.sleepQuietly(250); attemptRefresh(refreshToken, response); } catch (AWSCognitoIdentityProviderException ex) { logger.debug("exception during token refresh: {}", ex.getMessage()); reportResult(response, Constants.ResponseMessages.NOT_LOGGED_IN); } }