使用 AWS Amplify post 注册添加多重身份验证?
Adding multi factor authentication with AWS Amplify post signup?
如果我们已经通过 Google 为用户注册了 AWS Cognito,我们可以稍后通过 AWS Amplify API 激活 MFA。如果是,API 签名是什么?
一般的想法是首先允许用户通过社交提供商登录,如果他们正在访问需要 MFA 安全的平台区域/功能,他们可以通过他们的用户配置文件将其打开来启用它。
这来自 AWS Amplify API documentation
的启用 TOTP 部分
import { Auth } from 'aws-amplify';
// To setup TOTP, first you need to get a `authorization code` from Amazon Cognito
// `user` is the current Authenticated user
Auth.setupTOTP(user).then((code) => {
// You can directly display the `code` to the user or convert it to a QR code to be scanned.
// E.g., use following code sample to render a QR code with `qrcode.react` component:
// import QRCode from 'qrcode.react';
// const str = "otpauth://totp/AWSCognito:"+ username + "?secret=" + code + "&issuer=" + issuer;
// <QRCode value={str}/>
});
// ...
// Then you will have your TOTP account in your TOTP-generating app (like Google Authenticator)
// Use the generated one-time password to verify the setup
Auth.verifyTotpToken(user, challengeAnswer).then(() => {
// don't forget to set TOTP as the preferred MFA method
Auth.setPreferredMFA(user, 'TOTP');
// ...
}).catch( e => {
// Token is not verified
});
如果我们已经通过 Google 为用户注册了 AWS Cognito,我们可以稍后通过 AWS Amplify API 激活 MFA。如果是,API 签名是什么?
一般的想法是首先允许用户通过社交提供商登录,如果他们正在访问需要 MFA 安全的平台区域/功能,他们可以通过他们的用户配置文件将其打开来启用它。
这来自 AWS Amplify API documentation
的启用 TOTP 部分 import { Auth } from 'aws-amplify';
// To setup TOTP, first you need to get a `authorization code` from Amazon Cognito
// `user` is the current Authenticated user
Auth.setupTOTP(user).then((code) => {
// You can directly display the `code` to the user or convert it to a QR code to be scanned.
// E.g., use following code sample to render a QR code with `qrcode.react` component:
// import QRCode from 'qrcode.react';
// const str = "otpauth://totp/AWSCognito:"+ username + "?secret=" + code + "&issuer=" + issuer;
// <QRCode value={str}/>
});
// ...
// Then you will have your TOTP account in your TOTP-generating app (like Google Authenticator)
// Use the generated one-time password to verify the setup
Auth.verifyTotpToken(user, challengeAnswer).then(() => {
// don't forget to set TOTP as the preferred MFA method
Auth.setPreferredMFA(user, 'TOTP');
// ...
}).catch( e => {
// Token is not verified
});