我想使用boto3和python为awsconito创建/计算一个SECRET_散列。这将被合并到我的warrant分支中。在
我将我的cognito应用程序客户机配置为使用app client secret
。但是,这违反了下面的代码。在
def renew_access_token(self):
"""
Sets a new access token on the User using the refresh token.
NOTE:
Does not work if "App client secret" is enabled. 'SECRET_HASH' is needed in AuthParameters.
'SECRET_HASH' requires HMAC calculations.
Does not work if "Device Tracking" is turned on.
https://stackoverflow.com/a/40875783/1783439
'DEVICE_KEY' is needed in AuthParameters. See AuthParameters section.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
"""
refresh_response = self.client.initiate_auth(
ClientId=self.client_id,
AuthFlow='REFRESH_TOKEN',
AuthParameters={
'REFRESH_TOKEN': self.refresh_token
# 'SECRET_HASH': How to generate this?
},
)
self._set_attributes(
refresh_response,
{
'access_token': refresh_response['AuthenticationResult']['AccessToken'],
'id_token': refresh_response['AuthenticationResult']['IdToken'],
'token_type': refresh_response['AuthenticationResult']['TokenType']
}
)
运行此程序时,我收到以下异常:
^{pr2}$This answer通知我要使用cognito客户机机密,需要SECRET哈希。在
aws API reference docsAuthParameters部分声明如下:
For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: USERNAME (required), SECRET_HASH (required if the app client is configured with a client secret), REFRESH_TOKEN (required), DEVICE_KEY
机密哈希是boto3 docs状态
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user pool client and username plus the client ID in the message.
文件解释了需要什么,但没有说明如何实现这一点。在
下面的
get_secret_hash
方法是我用Python编写的一个Cognito用户池实现的解决方案,其用法如下:相关问题 更多 >
编程相关推荐