Created
January 10, 2020 11:11
-
-
Save y-o-u/3d61a9a5dd5730ea618efbcb746b88e6 to your computer and use it in GitHub Desktop.
auth0-mfa-email-associate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var request = require("request"); | |
const AWS = require('aws-sdk'); | |
AWS.config.update({ region: 'ap-northeast-1' }); | |
const client_id = process.env['client_id']; | |
const encrypted_client_secret = process.env['client_secret']; | |
let decrypted_client_secret; | |
const audience = process.env['audience']; | |
const scope = process.env['scope']; | |
const api_domain = process.env['api_domain']; | |
async function signUpMock(email,pass) { | |
// Auth0にユーザー登録する | |
// Auth0の認証API /dbconnections/signup を使用 | |
return {username:email, password:pass}; | |
} | |
function mfaReq(userinfo) { | |
var options = { method: 'POST', | |
url: 'https://' + api_domain + '/oauth/token', | |
headers: { 'content-type': 'application/x-www-form-urlencoded' }, | |
form: | |
{ grant_type: 'password', | |
username: userinfo.username, | |
password: userinfo.password, | |
audience: audience, | |
scope: scope, | |
client_id: client_id, | |
client_secret: decrypted_client_secret } | |
}; | |
return new Promise((resolve, reject) => { | |
request(options, function (error, response, body) { | |
if (error) throw new Error(error); | |
body = JSON.parse(body); | |
if (body.error == 'mfa_required') { | |
console.log('mfa_required'); | |
resolve( body.mfa_token); | |
} else { | |
console.error('Something went wrong'); | |
reject(body) | |
} | |
}); | |
}); | |
} | |
function mfaAssociate(mfa_token, userinfo) { | |
var options = { method: 'POST', | |
url: 'https://' + api_domain + '/mfa/associate', | |
headers: { 'content-type': 'application/json', 'authorization': 'Bearer ' + mfa_token }, | |
body: | |
{ | |
"authenticator_types": ["oob"], | |
"oob_channels": ["email"], | |
"email": userinfo.username | |
}, | |
json: true }; | |
return new Promise((resolve, reject) => { | |
request(options, function (error, response, body) { | |
if (error) throw new Error(error); | |
if (body.authenticator_type === 'oob') { | |
if (body.binding_method === 'prompt' && body.oob_channel === 'email') { | |
resolve(body); | |
} else { | |
console.error('Unsupported binding_method'); | |
reject(body); | |
} | |
} else { | |
console.error('Something went wrong'); | |
reject(body); | |
} | |
}); | |
}); | |
} | |
exports.handler = async (event, context, callback) => { | |
const kms = new AWS.KMS(); | |
let params = { | |
CiphertextBlob: Buffer.from(encrypted_client_secret, 'base64') | |
} | |
try { | |
const decrypted = await kms.decrypt(params).promise() | |
decrypted_client_secret = decrypted.Plaintext.toString('utf-8') | |
} | |
catch (exception) { | |
console.error(exception) | |
} | |
console.log(decrypted_client_secret) | |
try { | |
// ユーザー新規登録する(今回はモック) | |
var userinfo = await signUpMock(event.email, event.password); | |
// MFAトークンを取得する | |
var mfa_token = await mfaReq(userinfo); | |
// 認証システムの関連付けを要求する | |
var res = await mfaAssociate(mfa_token, userinfo); | |
return res; | |
} catch(e) { | |
console.error(e) | |
return e | |
} | |
}; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment