{"id":15254,"date":"2018-10-09T11:52:50","date_gmt":"2018-10-09T02:52:50","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=15254"},"modified":"2018-10-09T11:52:50","modified_gmt":"2018-10-09T02:52:50","slug":"mfa%e3%82%92%e6%9c%89%e5%8a%b9%e5%8c%96%e3%81%97%e3%81%9fcognito%e3%83%a6%e3%83%bc%e3%82%b6%e3%83%bc%e3%83%97%e3%83%bc%e3%83%ab%e3%82%88%e3%82%8acli%e3%81%a7token%e5%8f%96%e5%be%97","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/mfa%e3%82%92%e6%9c%89%e5%8a%b9%e5%8c%96%e3%81%97%e3%81%9fcognito%e3%83%a6%e3%83%bc%e3%82%b6%e3%83%bc%e3%83%97%e3%83%bc%e3%83%ab%e3%82%88%e3%82%8acli%e3%81%a7token%e5%8f%96%e5%be%97\/","title":{"rendered":"MFA\u3092\u6709\u52b9\u5316\u3057\u305fCognito\u30e6\u30fc\u30b6\u30fc\u30d7\u30fc\u30eb\u3088\u308aCLI\u3067Token\u53d6\u5f97"},"content":{"rendered":"<h2>\u306f\u3058\u3081\u306b<\/h2>\n<p>\u4f55\u304b\u3068\u30b5\u30fc\u30d0\u30ec\u30b9\u69cb\u6210\u306e\u8a8d\u8a3c\u3067\u3088\u304f\u5229\u7528\u3059\u308bCognito\u3067\u3001MFA\u3092\u6709\u52b9\u5316\u3057\u305fCognito\u30e6\u30fc\u30b6\u30fc\u30d7\u30fc\u30eb\u3088\u308aCLI\u3067Token\u53d6\u5f97\u3092\u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n<h2>\u76ee\u6b21<\/h2>\n<ul>\n<li><a href=\"#overview\">\u624b\u9806\u306e\u6982\u8981<\/a><\/li>\n<li><a href=\"#tejun\">\u624b\u9806<\/a><\/li>\n<\/ul>\n<h2 id=\"overview\">\u624b\u9806\u306e\u6982\u8981<\/h2>\n<p>\u57fa\u672c\u7684\u306b\u306f\u4e0b\u8a18\u306e\u8a8d\u8a3c\u30d5\u30ed\u30fc\u901a\u308a\u306b\u5b9f\u65bd\u3059\u308b\u3060\u3051\u3067\u3059\u3002<br \/>\n<a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/cognito\/latest\/developerguide\/amazon-cognito-user-pools-authentication-flow.html\">https:\/\/docs.aws.amazon.com\/ja_jp\/cognito\/latest\/developerguide\/amazon-cognito-user-pools-authentication-flow.html<\/a><br \/>\n\u4e00\u756a\u4e0a\u306e\u56f3\u3092\u53c2\u7167<\/p>\n<ol>\n<li>Client\u304b\u3089Initiate Auth\u306e\u5b9f\u884c  <\/li>\n<\/ol>\n<ul>\n<li>\u8fd4\u5374\u3055\u308c\u305fSession\u60c5\u5831\u3092\u53d7\u4fe1<\/li>\n<li>MFA\u30b3\u30fc\u30c9\u3092\u53d7\u4fe1 (\u4eca\u56de\u306fSMS\u3092\u8a2d\u5b9a)<\/li>\n<\/ul>\n<ol>\n<li>AuthChallenge\u3078\u5fdc\u7b54  <\/li>\n<\/ol>\n<ul>\n<li>MFA\u30b3\u30fc\u30c9\u306e\u9001\u4fe1<\/li>\n<\/ul>\n<ol>\n<li>\u76ee\u7684\u306eToken\u53d7\u4fe1<\/li>\n<\/ol>\n<h2 id=\"tejun\">\u624b\u9806<\/h2>\n<h3>Cognito \u30a2\u30d7\u30ea\u30af\u30e9\u30a4\u30f3\u30c8\u306e\u8a2d\u5b9a<\/h3>\n<p>\u30a2\u30d7\u30ea\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3067\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u306e (SRP \u3092\u4f7f\u7528\u3057\u306a\u3044) \u30d5\u30ed\u30fc\u3092\u6709\u52b9\u306b\u3059\u308b (USER_PASSWORD_AUTH)<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.skyarch.net\/blog\/wp-content\/uploads\/2018\/10\/cognito01-1-1024x467.png\" alt=\"\" width=\"728\" height=\"332\" class=\"aligncenter size-large wp-image-15270\" srcset=\"https:\/\/www.skyarch.net\/blog\/wp-content\/uploads\/2018\/10\/cognito01-1-1024x467.png 1024w, https:\/\/www.skyarch.net\/blog\/wp-content\/uploads\/2018\/10\/cognito01-1-300x137.png 300w, https:\/\/www.skyarch.net\/blog\/wp-content\/uploads\/2018\/10\/cognito01-1-768x350.png 768w, https:\/\/www.skyarch.net\/blog\/wp-content\/uploads\/2018\/10\/cognito01-1-728x332.png 728w, https:\/\/www.skyarch.net\/blog\/wp-content\/uploads\/2018\/10\/cognito01-1.png 1179w\" sizes=\"auto, (max-width: 728px) 100vw, 728px\" \/><\/p>\n<h3>Client\u304b\u3089Initiate Auth\u306e\u5b9f\u884c<\/h3>\n<pre>\n$ aws cognito-idp initiate-auth \\\n> --auth-flow USER_PASSWORD_AUTH \\\n> --client-id ***Cognito\u8a2d\u5b9a\u306b\u3066\u78ba\u8a8d\u3067\u304d\u308b\u30a2\u30d7\u30ea\u30af\u30e9\u30a4\u30f3\u30c8ID \\\n> --auth-parameters \\\n> USERNAME=[Cognito\u4e0a\u306b\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6ID],PASSWORD=[Cognito\u4e0a\u306b\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6PW]\n\n\u4e0b\u8a18\u30ec\u30b9\u30dd\u30f3\u30b9\n{\n    \"ChallengeName\": \"SMS_MFA\",\n    \"Session\": \"[\u6b21\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u5229\u7528\u3059\u308b\u305f\u3081\u306eSession\u60c5\u5831]\",\n    \"ChallengeParameters\": {\n        \"CODE_DELIVERY_DELIVERY_MEDIUM\": \"SMS\",\n        \"CODE_DELIVERY_DESTINATION\": \"+***MFA\u901a\u77e5\u5148\u96fb\u8a71\u756a\u53f7\",\n        \"USER_ID_FOR_SRP\": \"***\u30e6\u30fc\u30b6\u540d\u304c\u8868\u793a\u3055\u308c\u308b\"\n    }\n}\n<\/pre>\n<p>\u203bProfile\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30d1\u30e9\u30e1\u30fc\u30bf\u306b --profile *** \u3068\u3057\u3066\u6307\u5b9a<\/p>\n<h3>AuthChallenge\u3078\u5fdc\u7b54<\/h3>\n<pre>\n$ aws cognito-idp respond-to-auth-challenge \\\n> --client-id ***Cognito\u8a2d\u5b9a\u306b\u3066\u78ba\u8a8d\u3067\u304d\u308b\u30a2\u30d7\u30ea\u30af\u30e9\u30a4\u30f3\u30c8ID \\\n> --challenge-name SMS_MFA \\\n> --challenge-responses \\\n> USERNAME=[Cognito\u4e0a\u306b\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6ID],SMS_MFA_CODE=[SMS\u306b\u901a\u77e5\u3055\u308c\u305fCode]] \\\n> --session \"[\u4e0a\u8a18\u30ec\u30b9\u30dd\u30f3\u30b9\u3067Session\u3068\u3057\u3066\u8fd4\u5374\u3055\u308c\u305f\u5185\u5bb9\u3092\u5165\u308c\u8fbc\u3080]\"\n\n\u4e0b\u8a18\u30ec\u30b9\u30dd\u30f3\u30b9\n{\n    \"ChallengeParameters\": {},\n    \"AuthenticationResult\": {\n        \"AccessToken\": \"***\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3\u304c\u8868\u793a\u3055\u308c\u308b\",\n        \"ExpiresIn\": 3600,\n        \"TokenType\": \"Bearer\",\n        \"RefreshToken\": \"***\u30ea\u30d5\u30ec\u30c3\u30b7\u30e5\u30c8\u30fc\u30af\u30f3\u304c\u8868\u793a\u3055\u308c\u308b\",\n        \"IdToken\": \"***Id\u30c8\u30fc\u30af\u30f3\u304c\u8868\u793a\u3055\u308c\u308b\",\n        \"NewDeviceMetadata\": {\n            \"DeviceKey\": \"ap-northeast-1_***\",\n            \"DeviceGroupKey\": \"***\"\n        }\n    }\n}\n<\/pre>\n<p>\u203bProfile\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30d1\u30e9\u30e1\u30fc\u30bf\u306b --profile *** \u3068\u3057\u3066\u6307\u5b9a<\/p>\n<h3>\u7d50\u679c\u78ba\u8a8d<\/h3>\n<p><a href=\"https:\/\/jwt.io\">https:\/\/jwt.io<\/a> \u7b49\u3067Token\u304cDecode\u51fa\u6765\u308b\u4e8b\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u306f\u3058\u3081\u306b \u4f55\u304b\u3068\u30b5\u30fc\u30d0\u30ec\u30b9\u69cb\u6210\u306e\u8a8d\u8a3c\u3067\u3088\u304f\u5229\u7528\u3059\u308bCognito\u3067\u3001MFA\u3092\u6709\u52b9\u5316\u3057\u305fCognito\u30e6\u30fc\u30b6\u30fc\u30d7\u30fc\u30eb\u3088\u308aCLI\u3067Token\u53d6\u5f97\u3092\u3057\u3066\u307f\u307e\u3057\u305f\u3002 \u76ee\u6b21 \u624b\u9806\u306e\u6982\u8981 \u624b\u9806 \u624b\u9806\u306e\u6982\u8981 \u57fa\u672c\u7684\u306b\u306f\u4e0b\u8a18\u306e\u8a8d\u8a3c\u30d5\u30ed\u30fc&#8230;<\/p>\n","protected":false},"author":2,"featured_media":15255,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"ja","_original_post":"15254","footnotes":""},"categories":[20,276],"tags":[],"class_list":{"0":"post-15254","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-aws","8":"category-serverless","9":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/15254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=15254"}],"version-history":[{"count":12,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/15254\/revisions"}],"predecessor-version":[{"id":15274,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/15254\/revisions\/15274"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/15255"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=15254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=15254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=15254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}