Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
auth0-mfa-email-associate
var request = require("request");
const AWS = require('aws-sdk');
AWS.config.update({ region: 'ap-northeast-1' });
const client_id = process.env['client_id'];
const encrypted_client_secret = process.env['client_secret'];
let decrypted_client_secret;
const audience = process.env['audience'];
const scope = process.env['scope'];
const api_domain = process.env['api_domain'];
async function signUpMock(email,pass) {
// Auth0にユーザー登録する
// Auth0の認証API /dbconnections/signup を使用
return {username:email, password:pass};
}
function mfaReq(userinfo) {
var options = { method: 'POST',
url: 'https://' + api_domain + '/oauth/token',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
form:
{ grant_type: 'password',
username: userinfo.username,
password: userinfo.password,
audience: audience,
scope: scope,
client_id: client_id,
client_secret: decrypted_client_secret }
};
return new Promise((resolve, reject) => {
request(options, function (error, response, body) {
if (error) throw new Error(error);
body = JSON.parse(body);
if (body.error == 'mfa_required') {
console.log('mfa_required');
resolve( body.mfa_token);
} else {
console.error('Something went wrong');
reject(body)
}
});
});
}
function mfaAssociate(mfa_token, userinfo) {
var options = { method: 'POST',
url: 'https://' + api_domain + '/mfa/associate',
headers: { 'content-type': 'application/json', 'authorization': 'Bearer ' + mfa_token },
body:
{
"authenticator_types": ["oob"],
"oob_channels": ["email"],
"email": userinfo.username
},
json: true };
return new Promise((resolve, reject) => {
request(options, function (error, response, body) {
if (error) throw new Error(error);
if (body.authenticator_type === 'oob') {
if (body.binding_method === 'prompt' && body.oob_channel === 'email') {
resolve(body);
} else {
console.error('Unsupported binding_method');
reject(body);
}
} else {
console.error('Something went wrong');
reject(body);
}
});
});
}
exports.handler = async (event, context, callback) => {
const kms = new AWS.KMS();
let params = {
CiphertextBlob: Buffer.from(encrypted_client_secret, 'base64')
}
try {
const decrypted = await kms.decrypt(params).promise()
decrypted_client_secret = decrypted.Plaintext.toString('utf-8')
}
catch (exception) {
console.error(exception)
}
console.log(decrypted_client_secret)
try {
// ユーザー新規登録する(今回はモック)
var userinfo = await signUpMock(event.email, event.password);
// MFAトークンを取得する
var mfa_token = await mfaReq(userinfo);
// 認証システムの関連付けを要求する
var res = await mfaAssociate(mfa_token, userinfo);
return res;
} catch(e) {
console.error(e)
return e
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment