pycognito

Warnings

• breaking The internal JWT validation library switched from `python-jose` to `PyJWT`. While the public API for token handling is largely stable, users who relied on specific internals or configurations of `python-jose` might encounter issues.
  Fix: Ensure `PyJWT` is installed (it's a dependency) and review any custom JWT processing code. Most direct usage of `pycognito` should remain unaffected.
• breaking The minimum required Python version has been raised to 3.8. Users on older Python versions will experience installation or runtime failures.
  Fix: Upgrade your Python environment to version 3.8 or newer before installing or running `pycognito`.
• gotcha Parameter changes and fixes for `admin_create_user` and `admin_reset_user_password` methods, particularly regarding `client_metadata` and temporary password generation, were introduced. Older implementations might not align with the current expected parameters or behavior.
  Fix: Review calls to `admin_create_user` and `admin_reset_user_password` in your application. Consult the latest documentation or GitHub examples for required parameters, especially `client_metadata` and handling of temporary passwords.
• gotcha While pycognito handles SRP, Multi-Factor Authentication (MFA) setup and interaction (e.g., `associate_srp_mfa`, `verify_mfa`) can be complex and is a common source of implementation errors if not handled precisely according to the Cognito flow. Though fixes were made, careful implementation is still required.
  Fix: Thoroughly test your MFA implementation. Follow the Cognito documentation and `pycognito` examples carefully for `associate_srp_mfa`, `verify_mfa`, and other MFA-related methods to ensure correct sequence and parameter handling.

Install

• pip install pycognito Install pycognito

Imports

• Cognito

  from pycognito import Cognito

Quickstart

This quickstart demonstrates how to initialize the `Cognito` client and authenticate a user using their username and password. It automatically handles the SRP (Secure Remote Password) protocol. Ensure you replace the placeholder values for `USER_POOL_ID`, `CLIENT_ID`, `USERNAME`, and `PASSWORD` with your actual Cognito credentials, ideally loaded from environment variables.

import os
from pycognito import Cognito

# It's highly recommended to load these from environment variables or a secure configuration system.
# Replace 'your_pool_id', 'your_client_id', 'your_username', 'YourStrongPassword123!'
USER_POOL_ID = os.environ.get('COGNITO_USER_POOL_ID', 'us-east-1_your_pool_id')
CLIENT_ID = os.environ.get('COGNITO_CLIENT_ID', 'your_client_id')
USERNAME = os.environ.get('COGNITO_USERNAME', 'your_username')
PASSWORD = os.environ.get('COGNITO_PASSWORD', 'YourStrongPassword123!')

# Check if placeholder values are still present
if 'your_pool_id' in USER_POOL_ID or 'your_client_id' in CLIENT_ID or\
   USERNAME == 'your_username' or PASSWORD == 'YourStrongPassword123!':
    print("Please set COGNITO_USER_POOL_ID, COGNITO_CLIENT_ID, COGNITO_USERNAME, and COGNITO_PASSWORD environment variables or replace placeholders in the code.")
else:
    try:
        # Initialize Cognito with User Pool ID, Client ID, and username
        c = Cognito(USER_POOL_ID, CLIENT_ID, username=USERNAME)

        # Authenticate the user. SRP (Secure Remote Password) protocol is handled automatically.
        c.authenticate(password=PASSWORD)

        print(f"Successfully authenticated user: {USERNAME}")
        print(f"Access Token (first 30 chars): {c.access_token[:30]}...")
        print(f"ID Token (first 30 chars): {c.id_token[:30]}...")
        # Refresh token is also available as c.refresh_token
        
        # Example: Get user attributes
        user_attributes = c.get_user_attributes()
        print(f"User attributes: {user_attributes}")

    except Exception as e:
        print(f"Authentication failed: {e}")