Created
January 10, 2023 11:37
-
-
Save alarv/d84e5c468e0daf9d7cb5d28e7cef9073 to your computer and use it in GitHub Desktop.
Generate a token for cognito using cognito-idp, SMS_MFA method (OTP with an SMS) and secret_hash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| username= | |
| password= | |
| clientid= | |
| client_secret= | |
| region= | |
| user_pool_id= | |
| aws_profile= | |
| secret_hash=$(echo -n "${username}${clientid}" | openssl dgst -sha256 -hmac ${client_secret} -binary | openssl enc -base64) | |
| response_json="" | |
| token_request=`aws cognito-idp admin-initiate-auth --user-pool-id $user_pool_id --auth-flow ADMIN_USER_PASSWORD_AUTH --region $region --output json --client-id $clientid --auth-parameters USERNAME=$username,PASSWORD=$password,SECRET_HASH=$secret_hash --profile $aws_profile` | |
| response_json=$token_request | |
| otp_session=$(echo $response_json | jq -r '.Session') | |
| read -p "OTP received by SMS:" otp | |
| aws cognito-idp respond-to-auth-challenge \ | |
| --client-id $clientid \ | |
| --challenge-name SMS_MFA \ | |
| --session $otp_session \ | |
| --challenge-responses USERNAME=$username,SMS_MFA_CODE=$otp,SECRET_HASH=$secret_hash | jq -r '.AuthenticationResult.IdToken' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment