leotohill
commented
5 years ago I figured out an easy solution. The problem is that the boto3 libraries are trying to sign the request to aws, but this request is not supposed to be signed. To prevent that, create the identity pool client with a config that specifies no signing. Use the form of AWSSRP that accepts a pre-created client, rather than letting it create its own.
client = boto3.client('cognito-idp', region_name='us-east-1', config=Config(signature_version=UNSIGNED))
aws = aws_srp.AWSSRP(username=args.user_id, password=args.password, pool_id=args.user_pool_id,
client_id=args.client_id, client=client)
srp_result = aws.authenticate_user()in the warrant code, AWSSRP class, when the initializer creates a client instance (in the case where the caller did not provide one), it should specify this same config option.
Zuiluj
sodre
cjkoral
Though this project appears to be dead, I'll post the issue for others who may run into it.
While SRP does not use AWS IAM credentials, if you don't have any in your credential store, the SRP call will fail with a NoCredentialsError exception.
You can create dummy/false credentials, and the call will succeed. Clearly a defect.
For more details (from somebody else, not me) see
https://stackoverflow.com/questions/47849702/aws-boto-warrant-library-srp-authentication-and-credentials-error