Open5
aws cognito pythonで通すまで
やったこと
- コンソールでemailだけ必要なユーザープールを作成
- 確認用テストpython(cognito.py)作成
cognito.py
import getpass
import json
import boto3
import os
def cognito_auth(username, passwd):
profile=os.environ.get("AWSPROFILE")
userPoolId=os.environ.get("USERPOOLID")
client_id=os.environ.get("APPCLIENTID")
try:
my_session = boto3.Session(profile_name=profile)
cognito_idp = my_session.client('cognito-idp')
cognito_result = cognito_idp.admin_initiate_auth(
UserPoolId = userPoolId,
ClientId = client_id,
AuthFlow = "ADMIN_USER_PASSWORD_AUTH",
AuthParameters = {
"USERNAME": username,
"PASSWORD": passwd,
}
)
return cognito_result
except Exception as e:
print(e)
return None
if __name__ == '__main__':
username = input('cogito: username: ')
password = getpass.getpass('cogito password: ')
cognito_result = cognito_auth(username, password)
print(json.dumps(cognito_result))
$ python cognito.py
cogito: username: xxx
cogito password: yyy
An error occurred (InvalidParameterException) when calling the AdminInitiateAuth operation: Auth flow not enabled for this client
null
エラーが出る
こちらを参考にCLIから通せることを確認
aws cli での作業履歴
$ poolName=sample-user-pool
$ userPool=$(aws cognito-idp create-user-pool --pool-name ${poolName} --profile ${AWSPROFILE})
$ userPoolClient=$(aws cognito-idp create-user-pool-client --user-pool-id ${userPoolId} --client-name {clientName} --profile ${AWSPROFILE})
$ aws cognito-idp sign-up \
--client-id ${clientId} \
--username ${userName} \
--password ${password} \
--profile ${AWSPROFILE}
$ aws cognito-idp admin-confirm-sign-up \
--user-pool-id ${userPoolId} \
--username ${userName}\
--profile ${AWSPROFILE}
$ aws cognito-idp admin-initiate-auth \
--user-pool-id ${userPoolId} \
--client-id ${clientId} \
--auth-flow "ADMIN_USER_PASSWORD_AUTH" \
--auth-parameters USERNAME=${userName},PASSWORD=${password} \
--profile ${AWSPROFILE}
再度pythonから実行
$ python cognito.py
cogito: username: xxx@xxx
cogito password:
{"ChallengeParameters": {}, "AuthenticationResult": {"AccessToken": "xxxxxxxxxxxxxxx
AccessToken取れた!