AWS Cognito USER_PASSWORD_AUTH “不支持启动身份验证方法。”

Question

我正在尝试执行以下操作：

  AWSUtil.generateSecretHash('test@test.com', ClientId).then(SECRET_HASH => {
    return AWSUtil.Cognito.adminInitiateAuth({
      AuthFlow: 'USER_PASSWORD_AUTH',
      ClientId,
      UserPoolId: process.env.COGNITO_USER_POOL_ID,
      AuthParameters: {
        USERNAME: 'test@test.com',
        PASSWORD: 'lamepassword123',
        SECRET_HASH
      }
    }).promise();
  })
  .then(resp => {
    console.log(resp)
  });

除了"Initiate Auth method not supported."，它不会返回任何东西

根据docs，这应该可以工作。什么给了？

Answer 1

我遇到了同样的问题 - 根据 example here 使用 AuthFlow ADMIN_NO_SRP_AUTH 而不是 USER_PASSWORD_AUTH 解决了这个问题。

Answer 2

在 App Clients 部分下，您是否为您的用户池启用了框：

[x] Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)

Answer 3

如果使用 Serverless 框架，ALLOW_USER_PASSWORD_AUTH 需要添加到 ExplicitAuthFlows 节点。

Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      # Generate a name based on the stage
      UserPoolName: ${self:provider.stage}-user-pool
      # Set email as an alias
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email

  CognitoUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      # Generate an app client name based on the stage
      ClientName: ${self:provider.stage}-user-pool-client
      UserPoolId:
        Ref: CognitoUserPool
      ExplicitAuthFlows:
        - ALLOW_ADMIN_USER_PASSWORD_AUTH # See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
        - ALLOW_USER_PASSWORD_AUTH
        - ALLOW_REFRESH_TOKEN_AUTH
        - ALLOW_USER_SRP_AUTH
      GenerateSecret: false

# Print out the Id of the User Pool that is created
Outputs:
  UserPoolId:
    Value:
      Ref: CognitoUserPool

  UserPoolClientId:
    Value:
      Ref: CognitoUserPoolClient