CDKで、単純なユーザ認証(cognite)を作って、コマンドラインでユーザ作成・ログインを試してみた。

// cogniteの概念
User Pool = Usersテーブル(メアド、パスワード、ユーザ名)のようにユーザ情報を保持する
User Pool Client = 認証の設定(メアドorユーザ名、パスワードorSNS認証、多要素認証、トークンの有効期限)

ユーザ認証(cognite)

import * as cdk from 'aws-cdk-lib';
import * as cognito from 'aws-cdk-lib/aws-cognito';
import { Construct } from 'constructs';

export class CdkAuthDemoStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    // ユーザープールの作成
    const userPool = new cognito.UserPool(this, 'UserPool', {
      userPoolName: 'SimpleUserPool',
      selfSignUpEnabled: true,  // ユーザーが自分でサインアップできる
      signInAliases: { email: true }, // Eメールでのサインインを有効化
      autoVerify: { email: true }, // メールの自動検証
      standardAttributes: {
        email: { required: true, mutable: false },
      },
    });

    // ユーザープールのクライアント (アプリケーション) を作成
    const userPoolClient = new cognito.UserPoolClient(this, 'UserPoolClient', {
      userPool,
      authFlows: {
        userPassword: true, // パスワード認証を有効化
      },
    });

    // ユーザープールのIDを出力
    new cdk.CfnOutput(this, 'UserPoolId', {
      value: userPool.userPoolId,
    });

    // クライアントIDを出力
    new cdk.CfnOutput(this, 'UserPoolClientId', {
      value: userPoolClient.userPoolClientId,
    });
  }
}

import * as cdk from 'aws-cdk-lib';

import * as cognito from 'aws-cdk-lib/aws-cognito';

import { Construct } from 'constructs';

export class CdkAuthDemoStack extends cdk.Stack {

constructor(scope: Construct, id: string, props?: cdk.StackProps) {

super(scope, id, props);

// ユーザープールの作成

const userPool = new cognito.UserPool(this, 'UserPool', {

userPoolName: 'SimpleUserPool',

selfSignUpEnabled: true, // ユーザーが自分でサインアップできる

signInAliases: { email: true }, // Eメールでのサインインを有効化

autoVerify: { email: true }, // メールの自動検証

standardAttributes: {

email: { required: true, mutable: false },

});

// ユーザープールのクライアント (アプリケーション) を作成

const userPoolClient = new cognito.UserPoolClient(this, 'UserPoolClient', {

userPool,

authFlows: {

userPassword: true, // パスワード認証を有効化

});

// ユーザープールのIDを出力

new cdk.CfnOutput(this, 'UserPoolId', {

value: userPool.userPoolId,

});

// クライアントIDを出力

new cdk.CfnOutput(this, 'UserPoolClientId', {

value: userPoolClient.userPoolClientId,

});

}

cdk deployすると、それぞれのIDが出力される。

CdkAuthDemoStack.UserPoolClientId = 13vbhcpgeank47jqn6f2r3djet
CdkAuthDemoStack.UserPoolId = ap-northeast-1_BhKkHBMNp

ログインするためのユーザーを作成する

$ aws cognito-idp sign-up \
>   --region ap-northeast-1 \
>   --client-id 13vbhcpgeank47jqn6f2r3djet \
>   --username user@example.com \
>   --password "P@ssw0rd!" \
>   --user-attributes Name=email,Value=user@example.com
{
    "UserConfirmed": false,
    "CodeDeliveryDetails": {
        "Destination": "u***@e***",
        "DeliveryMedium": "EMAIL",
        "AttributeName": "email"
    },
    "UserSub": "7764eaa8-b001-70a2-45be-23cc2f5a2fdc"
}
[shell]


デフォルトでは、Cognito では 管理者がユーザーを手動で有効化 (admin-confirm-sign-up) する 必要があります。
[shell]
aws cognito-idp admin-confirm-sign-up \
  --region ap-northeast-1 \
  --user-pool-id ap-northeast-1_BhKkHBMNp \
  --username user@example.com

$ aws cognito-idp sign-up \

> --region ap-northeast-1 \

> --client-id 13vbhcpgeank47jqn6f2r3djet \

> --username user@example.com \

> --password "P@ssw0rd!" \

> --user-attributes Name=email,Value=user@example.com

{

"UserConfirmed": false,

"CodeDeliveryDetails": {

"Destination": "u***@e***",

"DeliveryMedium": "EMAIL",

"AttributeName": "email"

"UserSub": "7764eaa8-b001-70a2-45be-23cc2f5a2fdc"

}

[shell]

デフォルトでは、Cognito では管理者がユーザーを手動で有効化 (admin-confirm-sign-up) する必要があります。

[shell]

aws cognito-idp admin-confirm-sign-up \

--region ap-northeast-1 \

--user-pool-id ap-northeast-1_BhKkHBMNp \

--username user@example.com

ログインすると、AccessTokenが取得できる。

$ aws cognito-idp initiate-auth \
>   --region ap-northeast-1 \
>   --auth-flow USER_PASSWORD_AUTH \
>   --client-id 13vbhcpgeank47jqn6f2r3djet \
>   --auth-parameters USERNAME=user@example.com,PASSWORD="P@ssw0rd!"
{
    "ChallengeParameters": {},
    "AuthenticationResult": {
        "AccessToken": "eyJraWQiOiJ5TXR3dmZrVGlkR3lCVktHWkg1TlBObVVEb3dcLyszdWc3bktMN1Jkd0drST0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3NzY0ZWFhOC1iMDAxLTcwYTItNDViZS0yM2NjMmY1YTJmZGMiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuYXAtbm9ydGhlYXN0LTEuYW1hem9uYXdzLmNvbVwvYXAtbm9ydGhlYXN0LTFfQmhLa0hCTU5wIiwiY2xpZW50X2lkIjoiMTN2YmhjcGdlYW5rNDdqcW42ZjJyM2RqZXQiLCJvcmlnaW5fanRpIjoiZWUxZGM2OGItNmUxZi00NGZkLWI5ZTQtM2U2MmVkYTI0MGE0IiwiZXZlbnRfaWQiOiJlMjA0OTA3NS03NmI0LTRkNDYtOWYxYS0zMWQ1YjlmMzUwYTEiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIiwiYXV0aF90aW1lIjoxNzQxMjIxNDc0LCJleHAiOjE3NDEyMjUwNzMsImlhdCI6MTc0MTIyMTQ3NCwianRpIjoiZmNiYWRlM2EtOWI1My00OTIzLTg4MGQtNTAzN2ZhNDQzODIyIiwidXNlcm5hbWUiOiI3NzY0ZWFhOC1iMDAxLTcwYTItNDViZS0yM2NjMmY1YTJmZGMifQ.jB2vi2GyTXKL7qEE-VIKDx6jqCGBNYLCrbvyHdTVJdph14DD8g6WGXNTY6pGEA1mC3KC47Ea5GMa0pX2spLlf9_PZh43jJhdund8hImKRXjuoIxiSwrE0mw-TNHv78SFqYnVcd15Rtp8Q5u3bjSAclKmM2DsK9gVdlLlDr4mGR348e87YMIfLMHJBeJGtkPAY3GBH0Zs-vOnQSbhXvQXlX6Rh9CyCkOGm6cWPnYIzYYk23vSvuHSqucMiphZ_zAE1r_kXPP4vAUPL54Zof0m1a2Lq236qN7pMf1DOQWkXHFEZtdcbKiRr1r6dOB4zlPKuieHDT27v-ebXaJbHE0IXA",
        "ExpiresIn": 3600,
        "TokenType": "Bearer",
        "RefreshToken": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.g6HmwuM_KfyHPSecx_G6u4rfwJAjJ2V75gi1FfJG-qG0-mOCVgUNUcsal8NEd9MDARaWdzatMOni2-HaBGVjS5A9s_PQWOmoKwaGfdL2gaJSwNJFUWYLoMZzENT4IfkYq6ZoE1huDJPqSFvbioHyxdKC2EgwCtwzzv-kSeIm4xNRXJJ2A-gRG9i7X2ivPo-Szi9yxnYqPJu9hTU8DBQYwqO8zGdB7rVc99mXy7qP-NEwKbrbs2IPTz_RbdqgElOAEq09pY8SyM406ZS4VxKDtJYPhPAQiGrY6HP8-x1gYG2ab5eTVQXtSYbH8Vtfm5RWHcT6CwJFGJVk7UdZDgsllw.a5IrJrj9lAq7exAO.sntxyiub4lPwhWBPx6LPazuZ2N_ewMZlbQhpy_QPdralX4LQjRdgK6theC-5Q_I8nADUoNC8_ONoruElBjxWF6ohAEieR-fylpzVCffujHPHTKZ_iU83IFU2ygFxjKL3iXI74NzKk3oYkUMOs0y5luoWXtE9iKNrW-l0tnoj_z1CFpfENtU_B_dMRXFdbACQNrnTe5M-RGLBsqdoTNdEKSgsEOl_igoT-pf0nTrPWYFZrt4WqPNIYdyBR2yfCGnBf9Tul7ET44Q7YXY2V8E-7FMaRrdm3Yd5vZUxG4xqFCLNCyDnb-qSjtionZU2iwBkXTwlpTdXSWTWBIIiCYHfY_kl76VEP4AubACWZkRNc3LoL_PkjD6DSzZ0cZzY8Us2RHlxHgLXaqEmtQ62AD6mAkSn52VrRAcU5VVXJ-aD3dgPz9ZIUBu_Ikr2tqNMLpvXz5COrqpKhRfK33vYRzGUpdOcxIRTdWs58HOFFqkDmZr4zP2j5KV9EdpBPTE2M5UuPmpgpmC_WOtxD2Z5_E_vG47xqvtOk37bJQRmOPbECvDHz9U1SQGpw7tcPUmXNNGX2jFs-M3_f-moOk1CZ9Uc-28tmJw5b_TuD5uJEZm_ocvD1rwpASkgrHxlmbw4f5xyyfS1jInvbaiKhYVaRCnKiZNFsSjsJ9itc_EG_lnDq1YargUf-mwpTQty3esb1U6pqjyC-EEtL9A3-vF_0JaXcY6BPx3PfXLnOM2XLUyAhx3cbMtgXYI1XrzduSZHKyLHciLZZ_MSBHODLLwuFBrHXZA-V-wJIKPjlonxIql_IRft0GV3VfXeF5VenPPPQYfmFoczs_Lcd4M7Ob52N9NLVRrtOrviBuEaPf4hc899oBd-hyhEcMHZUeaYq2zeJ55ZcbsraqbJvDepMCQNZflBVEUUSJdTPWw-azAnm8BjBwuWXCVxz-tOt0wCab6E7qDSYPi9DogDyKCCGb0RV1dX4NUmcnfhiz3bFobgUqqW6nQHl-GLiULt4Gvt_cyMRv0NgAV4PTdYrdwXI84BdAUW0PO6qaahJpnAVF-0PuBUMXCBYVIsgD-MP4FWFSz0IFzO2mZfefF-E-I_AdAd9A3km2iSVA4X6cSzzrtOcp3qNwrYy5JL4SWdfFXc9GrGgmhvItMUUxVAiwKD9Xjyd0H07UR8PiBFZUKe0wKbBs0_mCYk3DbBwKptYCCA4_MvywKWbSsawZU6znHoc04Hxgl8rNzXY1EUTG1kQvprfFpqYTUH4WusmQhcWvKmV8GeQazMCip7BXly_UaKhMIABQ4wPRa0sBjTZ10nT1uYKqBi5iBgWJwZHl06D916vQcDpPG6LHt3FfRu4vfu.B3Oe18eZk8LrBuURUE8Leg",
        "IdToken": "eyJraWQiOiJiK1wvbHdkMU1xdk13RWh1MlwvSGlVVG5UQzNnclk2MmpUV2hiTjhvM1l4UFE9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI3NzY0ZWFhOC1iMDAxLTcwYTItNDViZS0yM2NjMmY1YTJmZGMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1ub3J0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1ub3J0aGVhc3QtMV9CaEtrSEJNTnAiLCJjb2duaXRvOnVzZXJuYW1lIjoiNzc2NGVhYTgtYjAwMS03MGEyLTQ1YmUtMjNjYzJmNWEyZmRjIiwib3JpZ2luX2p0aSI6ImVlMWRjNjhiLTZlMWYtNDRmZC1iOWU0LTNlNjJlZGEyNDBhNCIsImF1ZCI6IjEzdmJoY3BnZWFuazQ3anFuNmYycjNkamV0IiwiZXZlbnRfaWQiOiJlMjA0OTA3NS03NmI0LTRkNDYtOWYxYS0zMWQ1YjlmMzUwYTEiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTc0MTIyMTQ3NCwiZXhwIjoxNzQxMjI1MDczLCJpYXQiOjE3NDEyMjE0NzQsImp0aSI6ImE4ZDVjMzcyLTM5NTEtNGRhMS04NTZhLTRhZmZhM2MwMjFiMSIsImVtYWlsIjoidXNlckBleGFtcGxlLmNvbSJ9.SU5a60HFdd-_FM_0lUGhUudyDqkqJWKFW_jGWl3Pqyw1VInnoD_sxC0zk6NqpdDa7PIgiEH6aSR4mxMyWseqEVXnQ6PdV2Ckzi1ZP_P-Bu-yGRrvdE2VW3W3ZBV9nx2AoJJ2qkE82fNQfMPNe5116zpW4DPHMwzjye0UgJJoGnu4DKpk-b4rDA4ogUlc42nos9OCm0HOyac7TFOvdyGHgIb2Xy32olPcTQOHDB0kdzdcLXdKvJKEPNsw7LrWuTF55vS9hLabwwT5Q7L-nCmmzAUEk30rUXWYJH_z3Mm4Uc0lpx8gztJ5P-23YXn40yDF18RCN3L40O5WG-FtnkSMjg"

$ aws cognito-idp initiate-auth \

> --region ap-northeast-1 \

> --auth-flow USER_PASSWORD_AUTH \

> --client-id 13vbhcpgeank47jqn6f2r3djet \

> --auth-parameters USERNAME=user@example.com,PASSWORD="P@ssw0rd!"

{

"ChallengeParameters": {},

"AuthenticationResult": {

"AccessToken": "eyJraWQiOiJ5TXR3dmZrVGlkR3lCVktHWkg1TlBObVVEb3dcLyszdWc3bktMN1Jkd0drST0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3NzY0ZWFhOC1iMDAxLTcwYTItNDViZS0yM2NjMmY1YTJmZGMiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuYXAtbm9ydGhlYXN0LTEuYW1hem9uYXdzLmNvbVwvYXAtbm9ydGhlYXN0LTFfQmhLa0hCTU5wIiwiY2xpZW50X2lkIjoiMTN2YmhjcGdlYW5rNDdqcW42ZjJyM2RqZXQiLCJvcmlnaW5fanRpIjoiZWUxZGM2OGItNmUxZi00NGZkLWI5ZTQtM2U2MmVkYTI0MGE0IiwiZXZlbnRfaWQiOiJlMjA0OTA3NS03NmI0LTRkNDYtOWYxYS0zMWQ1YjlmMzUwYTEiLCJ0b2tlbl91c2UiOiJhY2Nlc3MiLCJzY29wZSI6ImF3cy5jb2duaXRvLnNpZ25pbi51c2VyLmFkbWluIiwiYXV0aF90aW1lIjoxNzQxMjIxNDc0LCJleHAiOjE3NDEyMjUwNzMsImlhdCI6MTc0MTIyMTQ3NCwianRpIjoiZmNiYWRlM2EtOWI1My00OTIzLTg4MGQtNTAzN2ZhNDQzODIyIiwidXNlcm5hbWUiOiI3NzY0ZWFhOC1iMDAxLTcwYTItNDViZS0yM2NjMmY1YTJmZGMifQ.jB2vi2GyTXKL7qEE-VIKDx6jqCGBNYLCrbvyHdTVJdph14DD8g6WGXNTY6pGEA1mC3KC47Ea5GMa0pX2spLlf9_PZh43jJhdund8hImKRXjuoIxiSwrE0mw-TNHv78SFqYnVcd15Rtp8Q5u3bjSAclKmM2DsK9gVdlLlDr4mGR348e87YMIfLMHJBeJGtkPAY3GBH0Zs-vOnQSbhXvQXlX6Rh9CyCkOGm6cWPnYIzYYk23vSvuHSqucMiphZ_zAE1r_kXPP4vAUPL54Zof0m1a2Lq236qN7pMf1DOQWkXHFEZtdcbKiRr1r6dOB4zlPKuieHDT27v-ebXaJbHE0IXA",

"ExpiresIn": 3600,

"TokenType": "Bearer",

"RefreshToken": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.g6HmwuM_KfyHPSecx_G6u4rfwJAjJ2V75gi1FfJG-qG0-mOCVgUNUcsal8NEd9MDARaWdzatMOni2-HaBGVjS5A9s_PQWOmoKwaGfdL2gaJSwNJFUWYLoMZzENT4IfkYq6ZoE1huDJPqSFvbioHyxdKC2EgwCtwzzv-kSeIm4xNRXJJ2A-gRG9i7X2ivPo-Szi9yxnYqPJu9hTU8DBQYwqO8zGdB7rVc99mXy7qP-NEwKbrbs2IPTz_RbdqgElOAEq09pY8SyM406ZS4VxKDtJYPhPAQiGrY6HP8-x1gYG2ab5eTVQXtSYbH8Vtfm5RWHcT6CwJFGJVk7UdZDgsllw.a5IrJrj9lAq7exAO.sntxyiub4lPwhWBPx6LPazuZ2N_ewMZlbQhpy_QPdralX4LQjRdgK6theC-5Q_I8nADUoNC8_ONoruElBjxWF6ohAEieR-fylpzVCffujHPHTKZ_iU83IFU2ygFxjKL3iXI74NzKk3oYkUMOs0y5luoWXtE9iKNrW-l0tnoj_z1CFpfENtU_B_dMRXFdbACQNrnTe5M-RGLBsqdoTNdEKSgsEOl_igoT-pf0nTrPWYFZrt4WqPNIYdyBR2yfCGnBf9Tul7ET44Q7YXY2V8E-7FMaRrdm3Yd5vZUxG4xqFCLNCyDnb-qSjtionZU2iwBkXTwlpTdXSWTWBIIiCYHfY_kl76VEP4AubACWZkRNc3LoL_PkjD6DSzZ0cZzY8Us2RHlxHgLXaqEmtQ62AD6mAkSn52VrRAcU5VVXJ-aD3dgPz9ZIUBu_Ikr2tqNMLpvXz5COrqpKhRfK33vYRzGUpdOcxIRTdWs58HOFFqkDmZr4zP2j5KV9EdpBPTE2M5UuPmpgpmC_WOtxD2Z5_E_vG47xqvtOk37bJQRmOPbECvDHz9U1SQGpw7tcPUmXNNGX2jFs-M3_f-moOk1CZ9Uc-28tmJw5b_TuD5uJEZm_ocvD1rwpASkgrHxlmbw4f5xyyfS1jInvbaiKhYVaRCnKiZNFsSjsJ9itc_EG_lnDq1YargUf-mwpTQty3esb1U6pqjyC-EEtL9A3-vF_0JaXcY6BPx3PfXLnOM2XLUyAhx3cbMtgXYI1XrzduSZHKyLHciLZZ_MSBHODLLwuFBrHXZA-V-wJIKPjlonxIql_IRft0GV3VfXeF5VenPPPQYfmFoczs_Lcd4M7Ob52N9NLVRrtOrviBuEaPf4hc899oBd-hyhEcMHZUeaYq2zeJ55ZcbsraqbJvDepMCQNZflBVEUUSJdTPWw-azAnm8BjBwuWXCVxz-tOt0wCab6E7qDSYPi9DogDyKCCGb0RV1dX4NUmcnfhiz3bFobgUqqW6nQHl-GLiULt4Gvt_cyMRv0NgAV4PTdYrdwXI84BdAUW0PO6qaahJpnAVF-0PuBUMXCBYVIsgD-MP4FWFSz0IFzO2mZfefF-E-I_AdAd9A3km2iSVA4X6cSzzrtOcp3qNwrYy5JL4SWdfFXc9GrGgmhvItMUUxVAiwKD9Xjyd0H07UR8PiBFZUKe0wKbBs0_mCYk3DbBwKptYCCA4_MvywKWbSsawZU6znHoc04Hxgl8rNzXY1EUTG1kQvprfFpqYTUH4WusmQhcWvKmV8GeQazMCip7BXly_UaKhMIABQ4wPRa0sBjTZ10nT1uYKqBi5iBgWJwZHl06D916vQcDpPG6LHt3FfRu4vfu.B3Oe18eZk8LrBuURUE8Leg",

"IdToken": "eyJraWQiOiJiK1wvbHdkMU1xdk13RWh1MlwvSGlVVG5UQzNnclk2MmpUV2hiTjhvM1l4UFE9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI3NzY0ZWFhOC1iMDAxLTcwYTItNDViZS0yM2NjMmY1YTJmZGMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1ub3J0aGVhc3QtMS5hbWF6b25hd3MuY29tXC9hcC1ub3J0aGVhc3QtMV9CaEtrSEJNTnAiLCJjb2duaXRvOnVzZXJuYW1lIjoiNzc2NGVhYTgtYjAwMS03MGEyLTQ1YmUtMjNjYzJmNWEyZmRjIiwib3JpZ2luX2p0aSI6ImVlMWRjNjhiLTZlMWYtNDRmZC1iOWU0LTNlNjJlZGEyNDBhNCIsImF1ZCI6IjEzdmJoY3BnZWFuazQ3anFuNmYycjNkamV0IiwiZXZlbnRfaWQiOiJlMjA0OTA3NS03NmI0LTRkNDYtOWYxYS0zMWQ1YjlmMzUwYTEiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTc0MTIyMTQ3NCwiZXhwIjoxNzQxMjI1MDczLCJpYXQiOjE3NDEyMjE0NzQsImp0aSI6ImE4ZDVjMzcyLTM5NTEtNGRhMS04NTZhLTRhZmZhM2MwMjFiMSIsImVtYWlsIjoidXNlckBleGFtcGxlLmNvbSJ9.SU5a60HFdd-_FM_0lUGhUudyDqkqJWKFW_jGWl3Pqyw1VInnoD_sxC0zk6NqpdDa7PIgiEH6aSR4mxMyWseqEVXnQ6PdV2Ckzi1ZP_P-Bu-yGRrvdE2VW3W3ZBV9nx2AoJJ2qkE82fNQfMPNe5116zpW4DPHMwzjye0UgJJoGnu4DKpk-b4rDA4ogUlc42nos9OCm0HOyac7TFOvdyGHgIb2Xy32olPcTQOHDB0kdzdcLXdKvJKEPNsw7LrWuTF55vS9hLabwwT5Q7L-nCmmzAUEk30rUXWYJH_z3Mm4Uc0lpx8gztJ5P-23YXn40yDF18RCN3L40O5WG-FtnkSMjg"

関連記事