Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cognito Authentication USER_PASSWORD_AUTH flow not enabled for this client

Tags:

python

amazon-web-services

boto3

amazon-cognito

aws-cognito

I have an mobile app with user pool (username & password). The app works fine with aws-amplify sdk. But, wanted to move the code out to Lambdas. So, I have written the following Lambda using Boto3.

Here is Lambda:

import boto3

def lambda_handler(event, context):
    client = boto3.client('cognito-idp')
    response = client.initiate_auth(
        ClientId='xxxxxxxxxxxxxx',
        AuthFlow='USER_PASSWORD_AUTH',
        AuthParameters={
            'USERNAME': 'xxxxxx',
            'PASSWORD': 'xxxxxx'
        }
    )
    return response

Tried admin_initiate_auth too. 

import boto3
def lambda_handler(event, context):
    client = boto3.client('cognito-idp')
    response = client.initiate_auth(
        UserPoolId='xxxxxxxxx',
        ClientId='xxxxxxxxxxxxxx',
        AuthFlow='USER_PASSWORD_AUTH',
        AuthParameters={
            'USERNAME': 'xxxxxx',
            'PASSWORD': 'xxxxxx'
        }
    )
    return response

Here is the error the I get.

An error occurred (InvalidParameterException) when calling the InitiateAuth operation: USER_PASSWORD_AUTH flow not enabled for this client: InvalidParameterException Traceback (most recent call last):
File "/var/task/lambda_function.py", line 12, in lambda_handler 'PASSWORD': 'xxxxx' File "/var/runtime/botocore/client.py", line 317, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/runtime/botocore/client.py", line 615, in _make_api_call raise error_class(parsed_response, operation_name) InvalidParameterException: An error occurred (InvalidParameterException) when calling the InitiateAuth operation: USER_PASSWORD_AUTH flow not enabled for this client

Any thoughts?

like image 524
user9374347 Avatar asked Feb 27 '18 03:02

user9374347

People also ask

How do I authenticate a Cognito user?

AWS Cognito User Pool will send verification code by email or sms and the user enters the code to get verified with the User Pool. User enters username and password and logs in with Cognito User Pool in which case a token will be provided by Cognito upon successful login.

What is Admin_no_srp_auth?

ADMIN_NO_SRP_AUTH : Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client. ADMIN_USER_PASSWORD_AUTH : Admin-based user password authentication. This replaces the ADMIN_NO_SRP_AUTH authentication flow.

What is ClientMetadata?

ClientMetadata. A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers. You create custom workflows by assigning AWS Lambda functions to user pool triggers.

3 Answers

Figured it. I have goto user pool - > app clients - >show details -> Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH).

That fixed it.

like image 116
user9374347 Avatar answered Sep 22 '22 16:09

user9374347

Figured it. I have goto user pool - > app clients - >show details -> Enable username password auth for admin APIs for authentication (ALLOW_ADMIN_USER_PASSWORD_AUTH).

like image 36
pedro.caicedo.dev Avatar answered Sep 22 '22 16:09

pedro.caicedo.dev

For me I found that my credentials needed a hmac here is the class in case it is useful to someone.

import boto3
import boto3.session
import hmac, base64, hashlib
from botocore.client import ClientMeta

class AwsAuth(object):
    '''
    classdocs
    '''

    def gettoken(self):
        if self.token:
            return self.token
        else:
            return False

    def connect(self):

        if not self.username:
            self.username = raw_input("Username: ")

        if not self.password:
            self.password = raw_input("Password: ")

        digest = self.gethmacdigest(self.username)

        response = self.client.initiate_auth(
            ClientId=self.clientid,
            AuthFlow='USER_PASSWORD_AUTH',
            AuthParameters={
                'USERNAME': self.username,
                'PASSWORD': self.password,
                'SECRET_HASH': digest
            },
            ClientMetadata={
                'UserPoolId': self.userpoolid
            }
        )
        self.token = response
        return response

    def gethmacdigest(self, username):

        message = username + self.clientid
        dig = hmac.new(self.clientsecret, msg=message.encode('UTF-8'), digestmod=hashlib.sha256).digest()    
        return base64.b64encode(dig).decode()


    def __init__(self, path, url, fileout, filein, userpoolid, clientid, clientsecret, region, username = None, password = None):
        '''
        Constructor
        '''

        #boto3.set_stream_logger('botocore', level="DEBUG")

        self.path = path
        self.url = url
        self.fileout = fileout
        self.filein = filein
        self.userpoolid = userpoolid
        self.clientid = clientid
        self.clientsecret = clientsecret
        self.region = region
        self.token = ""

        boto3.setup_default_session(region_name=region) 

        self.client = boto3.client('cognito-idp')
        if username is not None:
            self.username = username
        else:
            self.username = None
        if password is not None:
            self.password = password
        else:
            self.password = None
like image 41
JazzDeben Avatar answered Sep 20 '22 16:09

JazzDeben
Sign in to Comment

Related questions

Should a class convert types of the parameters at init time? If so, how?
bytes vs bytearray in Python 2.6 and 3
Is it possible to convert a list-type into a generator without iterating through?
how to convert negative integer value to hex in python
DJANGO: ModelChoiceField optgroup tag
Parse a Pandas column to Datetime when importing table from SQL database and filtering rows by date
Add a new row to a Pandas DataFrame with specific index name
How to fix 'ModuleNotFoundError: No module named 'apt_pkg'?
check if a number already exist in a list in python
Django/Python assertRaises with message check
How can I print out just the index of a pandas dataframe?
Python sorting - A list of objects
How to install beautiful soup 4 with python 2.7 on windows
Detect text region in image using Opencv
Can an asyncio event loop run in the background without suspending the Python interpreter?
Python endswith() with multiple string
Can you annotate return type when value is instance of cls?
Getting a list of errors in a Django form
Inserting new attribute to a document using MongoDB ( Python )
Django: display time it took to load a page on every page

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!