iOS 解决方案
向 aws cognito 身份池提交忘记密码请求时,必须使用客户端密码以及忘记密码请求中提交的用户名对请求进行签名。
我们如何以 aws 所需的格式在 swift 中从客户端密码和用户名创建“secretHash”?
问问题
960 次
1 回答
3
此功能未记录在案,仅在某些 AWS 库的测试中发现。此代码用作提交忘记密码请求的示例,直到该功能在 AWSCongitoIdentityUserPool 库中得到更好的支持。
斯威夫特 3.2
func forgotPassword(username: String) {
let pool = AWSCognitoIdentityUserPool.default()
let request = AWSCognitoIdentityProviderForgotPasswordRequest()
request?.username = username
request?.clientId = pool.userPoolConfiguration.clientId
request?.secretHash = pool.calculateSecretHash(username: username)
AWSCognitoIdentityProvider.default().forgotPassword(request!) { (response, error) in
if let error = error {
print(error)
}
else {
print("success")
}
}
}
使用用户池中的客户端密码对用户名进行签名。
extension AWSCognitoIdentityUserPool {
func calculateSecretHash(username: String) -> String? {
guard let clientSecret = userPoolConfiguration.clientSecret else {
return nil
}
guard let key = clientSecret.data(using: String.Encoding.ascii) else {
return nil
}
guard let data = (username + userPoolConfiguration.clientId).data(using: String.Encoding.utf8) else {
return nil
}
let hmac = sign256(data: data, key: key)
return hmac.base64EncodedString()
}
fileprivate func sign256(data: Data, key: Data) -> Data {
let algorithm: CCHmacAlgorithm = CCHmacAlgorithm(kCCHmacAlgSHA256)
let digestLength = Int(CC_SHA256_DIGEST_LENGTH)
let signature = UnsafeMutablePointer<CUnsignedChar>.allocate(capacity: digestLength)
defer { signature.deallocate(capacity: digestLength) }
data.withUnsafeBytes { dataBytes in
key.withUnsafeBytes { keyBytes in
CCHmac(algorithm, keyBytes, key.count, dataBytes, data.count, signature)
}
}
return Data(bytes: signature, count: digestLength)
}
}
于 2017-11-22T02:49:00.283 回答