Mobile Quickie mobilequickie
mobilequickie
/ DefineAuthChallenge.js
Last active
August 4, 2023 03:46
Amazon Cognito CUSTOM_CHALLENGE Lambda trigger - Define Auth Challenge function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ### About this Flow ### | |
| // Using Custom Auth Flow through Amazon Cognito User Pools with Lambda Triggers to complete a 'CUSTOM_CHALLENGE'. This is the same flow as one-time passcode generated and sent via SMS or Email. | |
| // Instead, the service and user share a secret that was created during registration and both generate a 6-digit code based on the shared secret. | |
| // If the two codes (typically only good for 30 seconds) match, the user is authenticated. | |
| // | |
| // ### About this function ### | |
| // This DefineAuthChallengeCustom function (1st and 4th of 4 triggers) defines the type of challenge-response required for authentication. | |
| // For HOTP, TOTP, U2F, or WebAuthn flows, we'll always use 'CUSTOM_CHALLENGE' and this function code won't change between the various auth methods. | |
| // ### Next steps ### |
mobilequickie
/ CreateAuthChallenge.js
Last active
August 4, 2023 03:45
Amazon Cognito CUSTOM_CHALLENGE Lambda trigger - Create Auth Challenge function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ### About this Flow ### | |
| // Using Custom Auth Flow through Amazon Cognito User Pools with Lambda Triggers to complete a 'CUSTOM_CHALLENGE'. | |
| // | |
| // ### About this function ### | |
| // This CreateAuthChallengeSMS function (2nd of 4 triggers) creates the type of 'CUSTOM_CHALLENGE' as a one-time pass code sent via SMS. A one-time randomly generated 6-digit code (passCode) | |
| // is sent via SMS (through Amazon SNS) to the user's mobile phone number during authentication. The generated passCode is stored in privateChallengeParameters.passCode and passed to the VerifyAuthChallenge function | |
| // that will verify the user's entered passCode (received via SMS) into the mobile/web app matches the passCode passed privately through privateChallengeParameters.passCode. | |
| // ### Next steps ### | |
| // Instead of using the "crypto-secure-random-digit" library to generate random 6-digit codes, create a base32 secret for the user (if not exist) and |
OlderNewer