From e6626c7451ab51c4adde105ec41d1caf4791659f Mon Sep 17 00:00:00 2001 From: Simon McAllister Date: Sat, 28 Oct 2023 16:45:43 +0100 Subject: [PATCH] update README to mention compatability with v2 and v3 SDK --- README.md | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cde7e22..a0b24ce 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Or CommonJS require: const CognitoSrpHelper = require("cognito-srp-helper"); ``` -Here is an example of how you would use the helper to implement SRP authentication with Cognito using the AWS JavaScript SDK (v3): +Here is an example of how you would use the helper to implement SRP authentication with Cognito using the AWS JavaScript SDK v3: ```ts import { @@ -78,6 +78,62 @@ const respondToAuthChallengeRes = await cognitoIdentityProviderClient // . . . return login tokens from respondToAuthChallengeResponse ``` +Here is an example of how you would use the helper to implement SRP authentication with Cognito using the AWS JavaScript SDK v2 (deprecated): + +```ts +import { + createSecretHash, + createPasswordHash, + createSrpSession, + signSrpSession, + wrapAuthChallenge, + wrapInitiateAuth, +} from "cognito-srp-helper"; + +// . . . obtain user credentials, IDs, and setup Cognito client + +const secretHash = createSecretHash(username, clientId, secretId); +const passwordHash = createPasswordHash(username, password, poolId); +const srpSession = createSrpSession(username, passwordHash, poolId); + +const initiateAuthRes = await cognitoIdentityServiceProvider + .initiateAuth( + wrapInitiateAuth(srpSession, { + ClientId: CLIENT_ID, + AuthFlow: "USER_SRP_AUTH", + AuthParameters: { + CHALLENGE_NAME: "SRP_A", + SECRET_HASH: secretHash, + USERNAME, + }, + }), + ) + .promise() + .catch((err) => { + throw err; + }); + +const signedSrpSession = signSrpSession(srpSession, initiateAuthRes); + +const respondToAuthChallengeRes = await cognitoIdentityServiceProvider + .respondToAuthChallenge( + wrapAuthChallenge(signedSrpSession, { + ClientId: CLIENT_ID, + ChallengeName: "PASSWORD_VERIFIER", + ChallengeResponses: { + SECRET_HASH: secretHash, + USERNAME, + }, + }), + ) + .promise() + .catch((err) => { + throw err; + }); + +// . . . return login tokens from respondToAuthChallengeResponse +``` + ## Zero values in SRP Should you worry about 0 being used during the SRP calculations?