Last active
March 20, 2021 15:35
-
-
Save Bersh/c68d87befa7f249b6dc3dfaea48f984c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def define_auth_challange(event, context): | |
logger.info('define_auth_challange incoming event: ', event) | |
session_len = len(event['request']['session']) | |
last_session_index = session_len - 1 | |
# The first auth request for CUSTOM_CHALLENGE from the AWSMobileClient (in iOS native app) actually comes in as an "SRP_A" challenge (BUG in AWS iOS SDK), so switch to CUSTOM_CHALLENGE and clear session. | |
if event['request']['session'] and session_len > 0 and event['request']['session'][last_session_index]['challengeName'] == "SRP_A": | |
event['request']['session'] = [] | |
event['response']['issueTokens'] = False | |
event['response']['failAuthentication'] = False | |
event['response']['challengeName'] = 'CUSTOM_CHALLENGE' | |
# User successfully answered the challenge, succeed with auth and issue OpenID tokens | |
elif event['request']['session'] and session_len > 0 and event['request']['session'][last_session_index]['challengeName'] == 'CUSTOM_CHALLENGE' and event['request']['session'][last_session_index]['challengeResult'] == True: | |
logger.info( | |
'The user provided the right answer to the challenge; succeed auth', '') | |
event['response']['issueTokens'] = True | |
event['response']['failAuthentication'] = False | |
# After 3 failed challenge responses from user, fail authentication | |
# The first session item might be SRP_A | |
elif (event['request']['session'] and session_len >= 4 and event['request']['session'][last_session_index]['challengeResult'] == False): | |
logger.failed( | |
'FAILED Authentication: The user provided a wrong answer 3 times', '') | |
event['response']['issueTokens'] = False | |
event['response']['failAuthentication'] = True | |
# The user did not provide a correct answer yet; present CUSTOM_CHALLENGE again | |
else: | |
logger.info('User response incorrect: Attempt [' + event.request.session.length + ']'); | |
event['response']['issueTokens'] = False | |
event['response']['failAuthentication'] = False | |
event['response']['challengeName'] = 'CUSTOM_CHALLENGE' | |
logger.info('define_auth_challange outgoing event: ', event) | |
return event |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment