Cognito .Net C# Forced Password Reset 进入恶性循环

Question

我正在尝试将 AWS Cognito 集成到网站中。我试图强制用户更改自己的密码。我已经有一种自愿密码重置的方法，我试图用它来强制密码重置。方法如下：

internal async Task<bool> ResetPassword(string username, string oldPassword, string newPassword) {
    AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials());
    CognitoUserPool userPool = new CognitoUserPool(CognitoHelper.POOL_ID, CognitoHelper.CLIENTAPP_ID, provider);
    CognitoUser user = new CognitoUser(username, CognitoHelper.CLIENTAPP_ID, userPool, provider);
    InitiateSrpAuthRequest authRequest = new InitiateSrpAuthRequest() {
        Password = oldPassword
    };

    AuthFlowResponse authResponse = await user.StartWithSrpAuthAsync(authRequest).ConfigureAwait(false);
    await user.ChangePasswordAsync(oldPassword, newPassword);

    return true;
} // ResetPassword

当我在自愿密码重置时调用此方法时，它工作正常。在强制密码重置时，“StartWithSrpAuthAsync”会引发异常，抱怨“用户需要密码重置”。不开玩笑 - 这就是我尝试更改密码的原因。

问题是“ChangePasswordAsync”方法要求用户在被调用之前进行身份验证。我无法对用户进行身份验证，因为需要重置密码，但我无法更改密码，因为需要先对用户进行身份验证。

我尝试通过捕获“用户需要重置密码”异常来解决我的问题，希望用户无论如何都已通过身份验证。不幸的是没有运气：

internal async Task<bool> ResetPassword(string username, string oldPassword, string newPassword) {
    AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials());
    CognitoUserPool userPool = new CognitoUserPool(CognitoHelper.POOL_ID, CognitoHelper.CLIENTAPP_ID, provider);
    CognitoUser user = new CognitoUser(username, CognitoHelper.CLIENTAPP_ID, userPool, provider);
    InitiateSrpAuthRequest authRequest = new InitiateSrpAuthRequest() {
        Password = oldPassword
    };

    try {
        AuthFlowResponse authResponse = await user.StartWithSrpAuthAsync(authRequest).ConfigureAwait(false);
        await user.ChangePasswordAsync(oldPassword, newPassword);
    } catch (Exception exp) {
        if (exp.Message == "Password reset required for the user") {
            await user.ChangePasswordAsync(oldPassword, newPassword);
        } else {
            throw exp;
        } // if else
    } // try catch
    return true;
} // ResetPassword

有什么想法吗？

Answer 1

我尝试将强制重置视为忘记密码的情况，它奏效了！专门向用户的邮箱发送新的验证码：

    internal async Task<ForgotPasswordResponse> ForgotPassword(string username) {
        ForgotPasswordRequest forgotPasswordRequest = new ForgotPasswordRequest();
        forgotPasswordRequest.Username = username;
        forgotPasswordRequest.ClientId = CLIENTAPP_ID;

        ForgotPasswordResponse forgotPasswordResponse = await provider.ForgotPasswordAsync(forgotPasswordRequest).ConfigureAwait(false);
        return forgotPasswordResponse;
    } // ForgotPassword

和：

    internal async Task<ConfirmForgotPasswordResponse> ConfirmForgotPassword(string validationCode, string username, string newPassword) {
        ConfirmForgotPasswordRequest confirmForgotPasswordRequest = new ConfirmForgotPasswordRequest();
        confirmForgotPasswordRequest.Username = username;
        confirmForgotPasswordRequest.ClientId = CLIENTAPP_ID;
        confirmForgotPasswordRequest.Password = newPassword;
        confirmForgotPasswordRequest.ConfirmationCode = validationCode;

        ConfirmForgotPasswordResponse confirmForgotPasswordResponse = await provider.ConfirmForgotPasswordAsync(confirmForgotPasswordRequest).ConfigureAwait(false);
        return confirmForgotPasswordResponse;
    } // ConfirmForgotPassword

“重置”新密码。从我在文档中可以看到，这在任何地方都没有说明。

Answer 2

我尝试了您的代码（在第一个问题中）并得到了同样的错误 更改提供者声明如下修复它

static Amazon.RegionEndpoint region = Amazon.RegionEndpoint.APSoutheast2;


AmazonCognitoIdentityProviderClient provider = new AmazonCognitoIdentityProviderClient(new Amazon.Runtime.AnonymousAWSCredentials(), region);

当然该地区应该更改为您所在的任何地区