Created
December 19, 2020 11:42
-
-
Save harishletsgo/f441efc350610e0c09d67ee66cf8e950 to your computer and use it in GitHub Desktop.
Rust based AWS Cognito secret_hash function for rusoto_cogntio_idp to enable AdminInitiateAuthRequest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
use sha2::Sha256; | |
use hmac::{Hmac, Mac, NewMac}; | |
use openssl::base64; | |
let user = "username_here" | |
// Given that your .env is configured and you have initialized CognitoIdentityProviderClient | |
// and defined your "Auth Flow" to "ADMIN_NO_SRP_AUTH" which is currently not supported in rusoto_cognito_rdp | |
type HmacSha256 = Hmac<Sha256>; | |
fn secret_hash(user: &str) -> String { | |
let mut mac = | |
HmacSha256::new_varkey(String::from(&env::var("COGNITO_CLIENTSECRET").unwrap()).as_bytes()) | |
.expect("HMAC can take key of any size"); | |
let mut message_string = user.to_owned(); | |
message_string.push_str(&env::var("COGNITO_CLIENTID").unwrap()); | |
mac.update(&message_string.as_bytes()); | |
let res = mac.finalize(); | |
let code_bytes = res.into_bytes(); | |
base64::encode_block(&code_bytes) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment