class AwsSRP::Flow

AWS Cognito flow

Attributes

password[R]
pool_id[R]
srp[R]
username[R]

Public Class Methods

new(pool_id, username, password) click to toggle source
# File lib/aws_srp/flow.rb, line 8
def initialize(pool_id, username, password)
  @pool_id = pool_id
  @username = username
  @password = password

  @srp = SRP.new
end

Public Instance Methods

init_auth() click to toggle source
# File lib/aws_srp/flow.rb, line 20
def init_auth
  {
    AuthParameters: {
      USERNAME: username,
      SRP_A: srp.aa.str
    }
  }
end
now() click to toggle source
# File lib/aws_srp/flow.rb, line 16
def now
  @now ||= Time.now.utc.strftime('%a %b %-e %H:%M:%S UTC %Y')
end
verify_password(response) click to toggle source
# File lib/aws_srp/flow.rb, line 29
def verify_password(response)
  response = PasswordVerifierResponse.new(response)

  srp.username = [pool_id, response.user_id].join
  srp.password = password
  srp.salt = response.salt
  srp.bb = response.bb

  hmac = Hasher.new(srp.hkdf)
    .update(pool_id)
    .update(response.user_id)
    .update(response.secret_block, base64: true)
    .update(now)

  {
    ChallengeName: response.challenge_name,
    ChallengeResponses: {
      USERNAME: response.user_id,
      PASSWORD_CLAIM_SECRET_BLOCK: response.secret_block,
      TIMESTAMP: now,
      PASSWORD_CLAIM_SIGNATURE: hmac.digest64
    }
  }
end