AWS-Amplifyã®ä¸èº«ã€ã¨ãã«Auth - ãŸã‚Œã±ã‚“ã®ã³ã¼ãƒ¼ã‚ã

amazon-cognito-identity-jsã«å¼·ãä¾å˜.

signIn()å†…ã§createCognitoUserã—ã¦ã‚‹ã€‚createCognitoUserã¯CognitoUser()ã®ãƒ©ãƒƒãƒ‘ãƒ¼ã€‚

    public signIn(username: string, password: string): Promise<any> {
        ...  
        const user = this.createCognitoUser(username);
        const authDetails = new AuthenticationDetails({
            Username: username,
            Password: password
        });

        const that = this;
        return new Promise((resolve, reject) => {
            user.authenticateUser(authDetails, {

createCognitoUserãƒ¡ã‚½ãƒƒãƒ‰ã®å…ƒã‚¯ãƒ©ã‚¹ (AuthClass) ãŒuserPoolå±žæ€§ã‚’æŒã£ã¦ã„ã¦ã€ã“ã®ä¸ã«clientã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãŒã—ã¾ã£ã¦ã‚ã‚‹ã€‚ Auth.configureã§CognitoUserPool (amazon-cognito-identity-jsç”±æ¥) ã‚’ä½¿ã£ã¦usePoolã‚’è¨å®šã—ã¦ã‚‹ã®ã§ã€ãŠãã‚‰ãã“ã“ã§ä¸€æ„ã«æ±ºã¾ã£ã¦ãã‚‹ã€‚
Auth.configure(config)ã®configã«å…¥ã£ã¦ã„ã‚‹ã‚‚ã®ãŒã¾ã‚“ã¾ä½¿ã‚ã‚Œã¦ãŠã‚Šã€ã“ã®ä¸ã«endpointãŒã‚ã‚‹æ¨¡æ§˜ã€‚Amplifyãƒã‚§ãƒƒã‚¯ï¼

    private createCognitoUser(username: string): Cognito.CognitoUser {
        const userData: ICognitoUserData = {
            Username: username,
            Pool: this.userPool,
        };
        ...
        return new CognitoUser(userData);
    }

CognitoUserã‚³ãƒ³ã‚¹ãƒˆãƒ©ã‚¯ã‚¿ã§dataã‚’å¼•æ•°ã«ã¨ã‚Šã€ãã“ã§this.client (Clientã‚¯ãƒ©ã‚¹) ã«data.Pool.clientã‚’è¨å®šã€‚

export default class CognitoUser {
  constructor(data) {
    ...
    this.username = data.Username || '';
    this.pool = data.Pool;
    this.Session = null;

    this.client = data.Pool.client;

Clientã®ã‚³ãƒ³ã‚¹ãƒˆãƒ©ã‚¯ã‚¿ã§endpointã‚’å—ã‘å–ã£ã¦ã€ä»¥é™ã¯ä¸€åˆ‡ã„ã˜ã‚‰ãªã„ã€‚nullã®å ´åˆã¯cognito-idp...ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã«ãªã‚‹ã€‚
client.requestã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆå…ˆãƒ‰ãƒ¡ã‚¤ãƒ³ã¯ã“ã“ã§æ±ºã¾ã‚‹ã€‚

// Facet.ts
import * as Cognito from 'amazon-cognito-identity-js';

// /src/Common/index.ts
export * from './Facet';

// /src/Auth/Auth.ts
import {
    AWS,
    Cognito,
    ...,
} from '../Common';

ãƒªã‚¯ã‚¨ã‚¹ãƒˆå®Ÿä½“
// @param {CognitoUserPool} data.Pool

this.client = data.Pool.client;

import Client from './Client';
CognitoUserPoolã‚³ãƒ³ã‚¹ãƒˆãƒ©ã‚¯ã‚¿å†…
this.client = new Client(region, endpoint);

client.requestã¯ã‚·ãƒ³ãƒ—ãƒ«ãªfetch()
aws-amplify/Client.js at master · aws/aws-amplify · GitHub

ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã§ã®ãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆèªè¨¼ã¯ãƒ¡ã‚¤ãƒ³ã¨ã‚‚é™ã‚‰ãªã„
authenticateUserDefaultAuthãŒè‰²ã€…ã‚„ã£ã¦ã¦é¢ç™½ã„
InitiateAuthãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ã—ã¦ã€
RespondToAuthChallengeãƒªã‚¯ã‚¨ã‚¹ãƒˆã—ã¦ã€

ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã«ã‚‚ãã†ã‚ã‚‹ã€‚

æœ€æ–°ã®èªè¨¼ãƒ•ãƒãƒ¼ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã‚’æ¤œè¨¼ã™ã‚‹ãŸã‚ã€ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã®ä»–ã«æ–°ã—ã„ãƒãƒ£ãƒ¬ãƒ³ã‚¸ã‚¿ã‚¤ãƒ—ã‚’çµ„ã¿è¾¼ã‚“ã§ã„ã¾ã™ã€‚å½“ç¤¾ã§ã¯ 2 ã¤ã®ä¸€èˆ¬çš„ãªã‚¹ãƒ†ãƒƒãƒ—ã§èªè¨¼ã‚’å®šåž‹åŒ–ã—ã€InitiateAuth ã¨ RespondToAuthChallenge ã¨ã„ã† 2 ã¤ã® API ã‚’ä½¿ç”¨ã—ã¦å®Ÿè£…ã—ã¾ã™ã€‚

Secure Remote Password (SRP) ãƒ—ãƒãƒˆã‚³ãƒ«
ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‹ã‚‰ç”Ÿæˆã—ãŸä½•ã‹ã§èªè¨¼ã™ã‚‹ãƒ—ãƒãƒˆã‚³ãƒ«
ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒé€šä¿¡è·¯ã«æµã‚Œãªã„ã®ã§ã‚»ã‚ãƒ¥ã‚¢

SRP è¨ˆç®—ã‚’å›žé¿ã™ã‚‹å ´åˆã«ã‚»ã‚ãƒ¥ã‚¢ãªãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã‚µãƒ¼ãƒãƒ¼ã§ä½¿ç”¨ã§ãã‚‹ã‚ˆã†ã«è¨è¨ˆã•ã‚ŒãŸç®¡ç† API ã®ä»£æ›¿ã‚»ãƒƒãƒˆã‚‚ã‚ã‚Šã¾ã™ã€‚

SRPã†ã‚“ã¬ã‚“ã¯ã¾ã•ã«èªè¨¼ãªã®ã§ã€OIDCãŒã‚¹ã‚³ãƒ¼ãƒ—å¤–ã«ã—ã¦ã‚‹èªè¨¼éƒ¨åˆ†ãªã‚“ã ã‚ã†
ã¤ã¾ã‚ŠUserPools-IdPã®èªè¨¼éƒ¨åˆ†ã€‚
ã§ã‚‚ã“ã‚Œã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®ä»•äº‹â€¦ï¼Ÿ
ã‚ã€ã‚ã‹ã£ãŸã€‚
çµ„ã¿è¾¼ã¿UIã£ã¦ã“ã®éƒ¨åˆ†ãŒæ‹…å½“ã ã‚
ã¤ã¾ã‚Šãƒ›ãƒ³ãƒˆã®ãƒ›ãƒ³ãƒˆã®èªè¨¼éƒ¨åˆ†ã«ã‚‚å½“ç„¶ã€èªè¨¼ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒå¿…è¦ãªã®ã§ãã“ã®è©±ã
2FAã‚’çµ„ã¿è¾¼ã‚“ã ã‚Šè‰²ã€…æœ‰ã‚Šå¾—ã‚‹ã‹ã‚‰ã€ä¸€èˆ¬åŒ–ã•ã‚ŒãŸå†…å®¹ã«ãªã£ã¦ã‚‹ã¨ã€‚ãŠãƒ¼ã€‚

UserPool-IdPã§UserPoolsèªè¨¼ã™ã‚‹å ´åˆã€OIDC AuthNãƒªã‚¯ã‚¨ã‚¹ãƒˆã¯èµ°ã‚‹ã®ã‹ãªï¼Ÿ
resã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã¶ã¡è¾¼ã‚“ã§ã™ãèªè¨¼çš„ãª

ãƒ™ãƒ¼ã‚¹: https://(mydomain).auth.(region).amazoncognito.com
- èªå¯ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ: /oauth2/authorize
- ãƒˆãƒ¼ã‚¯ãƒ³ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ : /oauth2/token
- ãƒã‚°ã‚¤ãƒ³ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ : /login
- ãƒã‚°ã‚¢ã‚¦ãƒˆã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ : /logout