How do I calculate the value of PASSWORD_CLAIM_SIGNATURE in the DEVICE_PASSWORD_VERIFIER challenge response?
I'm trying to figure out how to generate the value for the response to the Amazon Cognito challenge: DEVICE_PASSWORD_VERIFIER. I've spent several days on this problem now, perused many of Amazon's documentation as well as references the other SO post on this topic, which also did not get it to work. I've made a temporary repository with my code as it currently stands (with everything redacted, but you should be able to run it if you fill in the environment variables).
I'm using the AWS Java SDK. I manage to pass the first challenge DEVICE_SRP_AUTH, whereupon I always get NotAuthorizedException: Invalid username or password on the second challenge DEVICE_PASSWORD_VERIFIER. I'm assuming that the code I've written to generate either the SRP_A value or the PASSWORD_CLAIM_SIGNATURE is wrong, though I cannot figure out what or where. All the relevant functions to generating these values can be found in the DeviceHelper class. Furthermore, I am using the ADMIN_USER_PASSWORD_AUTH auth flow as well as the adminRespondToAuthChallenge functions.
Edit: If anyone knows of any good libraries that support generating these values for AWS Cognito, that'd be a good solution too. However, I did not manage to find any on my own.
Here's the settings of the user pool:
Any help would be greatly appreciated as I am now at a complete loss. Cheers.
For anyone that runs into the same issue, I've updated my code in the repository linked in the question. It works now, feel free to copy said code for your own use, just don't waste literal days of your time trying to figure out a solution on your own like I did. Realistically Amazon should provide the functions to generate these values within their SDK, but they don't. So, feel free to use mine.
You may also want to reference the SRPHelper class in the Amplify Android library. This also implements this flow, but you must not do M1 = MAC(poolId | userId | secret | timestamp, key) for this authentication flow. Instead use, M1 = MAC(deviceGroupKey | deviceKey | base64_decode(secretBlock) | timestamp). Though you get a USER_ID_FOR_SRP value from the first challenge, you must not use this either. Ignore it. Furthermore, the calculation is FullPassword = SHA256(deviceGroupKey | deviceKey | ":" | devicePassword), not anything else.
- Replacement for the deprecated URL(URL context, String spec) constructor that also works with older Java versions
- How to use WebClient to execute synchronous request?
- SpringBoot 2 the elements were left unbound
- Manually converting a string to an integer in Java
- Java is asking to return a value even when the value is returned in the if-else ladder
- Bounded PriorityBlockingQueue
- HSEARCH000151: Unable to get input stream from object of type byte
- How to get a resources path after jlink-ing?
- Error - trustAnchors parameter must be non-empty
- Build WHERE clause dynamically based on filter in queryDSL
- Best practice to select data using Spring JdbcTemplate
- Doubling each letter in a String
- To find the next work day
- Create advanced search in JPA through user defined dynamic where clause conditions
- Flink task manager does not unload classes
- Implicit casts in Java (passing value type wrappers to methods expecting a regular Integer or Long)
- How do I send an e-mail in Java?
- In Java Failing to invoke method with parameters even though seems to match the getMethod() call
- SQL server hanged suddenly - all DB connections are active but no response - SQL server 2016
- In Java how to synchronize cache read and write operations
- Unable to connect to the remote Cassandra datacenter with the options provided in error
- Creating a hierarchy of Java subclasses
- how to return a list of employee's names with the highest pay rate in java
- "Unsupported class file error" on a Vaadin 14 project
- Does Spring @Transactional attribute work on a private method?
- How to create a BKS (BouncyCastle) format Java Keystore that contains a client certificate chain
- Prevent Kafka Streams Consumer from writing offsets / wait for one stream to consume all records before starting the second stream
- Why does my SQL while(set.next()) skips the first element?
- Combine multiple lists in Java
- How to map from Page<ObjectOne> to Page<ObjectTwo> in Spring Data 2?