@@ -21,6 +21,7 @@ import aws.sdk.kotlin.services.cognitoidentityprovider.model.RespondToAuthChalle
2121import com.amplifyframework.AmplifyException
2222import com.amplifyframework.auth.cognito.AuthEnvironment
2323import com.amplifyframework.auth.cognito.exceptions.configuration.InvalidUserPoolConfigurationException
24+ import com.amplifyframework.auth.cognito.helpers.AuthHelper
2425import com.amplifyframework.auth.cognito.helpers.SRPHelper
2526import com.amplifyframework.auth.cognito.helpers.SignInChallengeHelper
2627import com.amplifyframework.auth.exceptions.ServiceException
@@ -40,6 +41,7 @@ internal object DeviceSRPCognitoSignInActions : DeviceSRPSignInActions {
4041 private const val KEY_SALT = " SALT"
4142 private const val KEY_SECRET_BLOCK = " SECRET_BLOCK"
4243 private const val KEY_SRP_A = " SRP_A"
44+ private const val KEY_SECRET_HASH = " SECRET_HASH"
4345 private const val KEY_SRP_B = " SRP_B"
4446 private const val KEY_USERNAME = " USERNAME"
4547 private const val KEY_DEVICE_KEY = " DEVICE_KEY"
@@ -56,16 +58,25 @@ internal object DeviceSRPCognitoSignInActions : DeviceSRPSignInActions {
5658
5759 srpHelper = SRPHelper (deviceMetadata?.deviceSecret ? : " "
5860
61+ val challengeResponse = mutableMapOf (
62+ KEY_USERNAME to username,
63+ KEY_DEVICE_KEY to (deviceMetadata?.deviceKey ? : " "
64+ KEY_SRP_A to srpHelper.getPublicA()
65+ )
66+
67+ val secretHash = AuthHelper .getSecretHash(
68+ username,
69+ configuration.userPool?.appClient,
70+ configuration.userPool?.appClientSecret
71+ )
72+ secretHash?.let { challengeResponse[KEY_SECRET_HASH ] = it }
73+
5974 cognitoAuthService.cognitoIdentityProviderClient?.let { client ->
6075 val respondToAuthChallenge = client.respondToAuthChallenge(
6176 RespondToAuthChallengeRequest .invoke {
6277 challengeName = ChallengeNameType .DeviceSrpAuth
6378 clientId = configuration.userPool?.appClient
64- challengeResponses = mapOf (
65- KEY_USERNAME to username,
66- KEY_DEVICE_KEY to (deviceMetadata?.deviceKey ? : " "
67- KEY_SRP_A to srpHelper.getPublicA()
68- )
79+ challengeResponses = challengeResponse
6980 clientMetadata = event.metadata
7081 pinpointEndpointId?.let { analyticsMetadata { analyticsEndpointId = it } }
7182 encodedContextData?.let { userContextData { encodedData = it } }
@@ -125,19 +136,27 @@ internal object DeviceSRPCognitoSignInActions : DeviceSRPSignInActions {
125136
126137 srpHelper.setUserPoolParams(deviceKey, deviceGroupKey)
127138
139+ val challengeResponse = mutableMapOf (
140+ KEY_USERNAME to username,
141+ KEY_PASSWORD_CLAIM_SECRET_BLOCK to secretBlock,
142+ KEY_TIMESTAMP to srpHelper.dateString,
143+ KEY_PASSWORD_CLAIM_SIGNATURE to srpHelper.getSignature(salt, srpB, secretBlock),
144+ KEY_DEVICE_KEY to deviceKey
145+ )
146+
147+ val secretHash = AuthHelper .getSecretHash(
148+ username,
149+ configuration.userPool?.appClient,
150+ configuration.userPool?.appClientSecret
151+ )
152+ secretHash?.let { challengeResponse[KEY_SECRET_HASH ] = it }
153+
128154 cognitoAuthService.cognitoIdentityProviderClient?.let {
129155 val respondToAuthChallenge = it.respondToAuthChallenge(
130156 RespondToAuthChallengeRequest .invoke {
131157 challengeName = ChallengeNameType .DevicePasswordVerifier
132158 clientId = configuration.userPool?.appClient
133-
134- challengeResponses = mapOf (
135- KEY_USERNAME to username,
136- KEY_PASSWORD_CLAIM_SECRET_BLOCK to secretBlock,
137- KEY_TIMESTAMP to srpHelper.dateString,
138- KEY_PASSWORD_CLAIM_SIGNATURE to srpHelper.getSignature(salt, srpB, secretBlock),
139- KEY_DEVICE_KEY to deviceKey
140- )
159+ challengeResponses = challengeResponse
141160 clientMetadata = event.metadata
142161 pinpointEndpointId?.let { analyticsMetadata { analyticsEndpointId = it } }
143162 encodedContextData?.let { userContextData { encodedData = it } }
0 commit comments