LazyStack

AuthProvider Classes

One or more IAuthProvider implementations implementing calls to the Cognito and/or other auth providers. The AuthProviderCognito class implements comprehensive sign-up, sign-in and user management features against the AWS Cognito UserPool authentication provider.

AuthProvider classes implement the IAuthProvider interface below:

using System.Collections.Generic;
using System.Threading.Tasks;

namespace LazyStackAuth
{
    /// 
    /// General authentication flow Interface
    /// 
    public interface IAuthProvider
    {
        // Properties
        public List AuthChallengeList { get; }

        public AuthChallengeEnum CurrentChallenge { get; }

        public AuthProcessEnum CurrentAuthProcess { get; }

        public bool IsLoginFormatOk { get; }
        public bool IsLoginVerified { get; }

        public bool IsNewLoginFormatOk { get; }
        public bool IsNewLoginVerified { get; }

        public bool IsEmailFormatOk { get; }
        public bool IsEmailVerified { get; }

        public bool IsNewEmailFormatOk { get; }
        public bool IsNewEmailVerified { get; }

        public bool IsPasswordFormatOk { get; }
        public bool IsPasswordVerified { get; }

        public bool IsNewPasswordFormatOk { get; }
        public bool IsNewPasswordVerified { get; }

        public bool IsPhoneFormatOk { get; }
        public bool IsPhoneVerified { get; }

        public bool IsNewPhoneFormatOk { get; }
        public bool IsNewPhoneVerified { get; }

        public bool IsCodeFormatOk { get; }
        public bool IsCodeVerified { get; }

        public bool IsCleared { get; } // Check if sensitive fields are cleared: password, newPassword, code

        public bool IsSignedIn { get; }

        public bool HasChallenge { get; }

        public bool CanSignOut { get; }
        public bool CanSignUp { get; }
        public bool CanSignIn { get; }
        public bool CanResetPassword { get; }
        public bool CanUpdateLogin { get; }
        public bool CanUpdateEmail { get; }
        public bool CanUpdatePassword { get; }
        public bool CanUpdatePhone { get; }
        public bool CanCancel { get; }
        public bool CanResendCode { get; }

        public bool IsChallengeLongWait { get; }

        // Methods
        public Task ClearAsync();

        public Task CancelAsync();

        public Task SignOutAsync();

        public Task StartSignInAsync();

        public Task StartSignUpAsync();

        public Task StartResetPasswordAsync();

        public Task StartUpdateLoginAsync();

        public Task StartUpdateEmailAsync();

        public Task StartUpdatePhoneAsync();

        public Task StartUpdatePasswordAsync();

        public Task VerifyLoginAsync(string login);
        public Task VerifyNewLoginAsync(string newLogin);

        public Task VerifyPasswordAsync(string password);
        public Task VerifyNewPasswordAsync(string newPassword);

        public Task VerifyEmailAsync(string email);
        public Task VerifyNewEmailAsync(string newEmail);

        public Task VerifyPhoneAsync(string phone);
        public Task VerifyNewPhoneAsync(string newPhone);

        public Task VerifyCodeAsync(string code);

        public Task ResendCodeAsync();
        public Task RefreshUserDetailsAsync();

        public bool CheckLoginFormat(string userLogin);
        public bool CheckEmailFormat(string userEmail);
        public bool CheckPasswordFormat(string password);
        public bool CheckNewPasswordFormat(string password);
        public bool CheckPhoneFormat(string phone);
        public bool CheckCodeFormat(string code);

    }
}
IAuthProvider Class Challenge/Response Process

The IAuthProvider interface provides a generic iterative challenge/response authentication process model. The AuthProviderCognito class implements this authentication process model using classes available in the Amazon.Extension.CognitoAuthentication library.

There are seven authentication processes provided in the IAuthProvider interface with six of them supported in the AuthProviderCognito implementation. You start a authentication process using one of these methods:

  • StartSignInAsync()
  • StartSignUpAsync()
  • StartResetPasswordAsync()
  • StartUpdateLoginAsync() -- not supported in AuthProviderCognito
  • StartUpdateEmailAsync()
  • StartUpdatePhoneAsync() -- not supported in AuthProviderCognito (coming)
  • StartUpdatePasswordAsync()
  • SignOutAsync()

All but the SignOutAsync() call starts a challenge/response process. Some AuthProvider properties providing the current state of the process include:

  • AuthProcessEnum CurrentAuthProcess
    • SigningIn
    • SigningUp
    • ResettingPassword
    • UpdatingLogin
    • UpdatingEmail
    • UpdatingPhone
    • UpdatingPassword

    AuthProcessEnum values are associated with messages in the AuthMessages.json file.

  • AuthChallengeEnum CurrentChallenge
    • None // No challenge
    • Login
    • NewLogin
    • Password
    • NewPassword
    • Email
    • NewEmail
    • Phone
    • NewPhone
    • Code

    AuthChallengeEnum values are associated with messages in the AuthMessages.json file.

  • bool HasChallenge
  • bool IsSignedIn

For the current challenge, you call a verify method providing the required information necessary to satisfy the challenge. Verify methods include:

  • VerifyLoginAsync(string login)
  • VerifyNewLoginAsync(string newLogin)
  • VerifyPasswordAsync(string password)
  • VerifyNewPasswordAsync(string newPassword)
  • VerifyEmailAsync(string email)
  • VerifyNewEmailAsync(string newEmail)
  • VerifyPhoneAsync(string phone)
  • VerifyNewPhoneAsync(string newPhone)
  • VerifyCodeAsync(string code)

You respond to all challenges until no more challenges exist. To cancel an authentication process you call CancelAsync().

Start*Async() and Verify*Async() methods return Task<AuthEventEnum> that reports success or alert. To see all of the possible AuthEventEnum values, see the AuthModuleEventArgs.cs file in the LazyStackAuth project. Some AuthEventEnum values are associated with Alert messages defined in the AuthMessages.json file.

You may use the AuthProvider class directly but it is usually more convenient to use the AuthProcess class which wraps the AuthProvider class and implements the INotifyPropertyChanged interface to provide bindable properties and handy events.

AuthProviderCognito class

The AuthProviderCognito class publishes four AWS specific properties that are not part of the IAuthProvider interface. These include:

  • string IpIdentity; // Identity Pool Identity of signed in user
  • string UpIdentity; // User Pool Identity of signed in user
  • CognitoAWSCredentials Credentials; // Currently active user credentials
  • CognitoUser CognitoUser; // Currently active AWS CognitoUser class instance

The Credentials and CognitoUser references are used ny the LzHttpClient to effect calls against an AWS ApiGateway.