Merge branch 'master'

soto-project · Jul 27, 2020 · ecc4149 · ecc4149
2 parents 00e5eec + 4fe154e
commit ecc4149
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -40,13 +40,14 @@ let response = authenticatable.authenticate(
     context: request,
     on: request.eventLoop)
     .flatMap { response in
-        let accessToken = response.authenticated?.accessToken
-        let idToken = response.authenticated?.idToken
-        let refreshToken = response.authenticated?.refreshToken
+        if case .authenticated(let authenticated) = response {
+            let accessToken = authenticated.accessToken
+            let idToken = authenticated.idToken
+            let refreshToken = authenticated.refreshToken
         ...
 }
 ```
-The access token is used just to indicate a user has been granted access. It contains verification information, the username and a subject uuid which can be used to identify the user if you don't want to use the username. The token is valid for 60 minutes. The idToken contains claims about the identity of the user. It should contain all the attributes attached to the user. Again this token is only valid for 60 minutes. If you don't receive any authentication tokens then you need to check the `challenged` variable to see if you have a login challenge and respond to it before receiving authentication tokens. See [below](#responding-to-authentication-challenges). 
+The access token is used just to indicate a user has been granted access. It contains verification information, the username and a subject uuid which can be used to identify the user if you don't want to use the username. The token is valid for 60 minutes. The idToken contains claims about the identity of the user. It should contain all the attributes attached to the user. Again this token is only valid for 60 minutes. If you receive a `challenged` case then you have a login challenge and must respond to it before receiving authentication tokens. See [below](#responding-to-authentication-challenges). 
 
 ## Verifying an access token is valid
 The following will verify whether a token gives access.
@@ -122,12 +123,12 @@ let response = authenticatable.respondToChallenge(
         ...
 }
 ```
-The `name` parameter is an enum containing all challenges. The `responses` parameter is a dictionary of inputs to the challenge. The `session` parameter was included in the challenge returned to you by the authentication request. If the challenge is successful `response.authenticated` will not be `nil`. If another challenge is required then you will get details of that in `response.challenged`. There are custom versions of the `respondToChallenge` function for new password: `respondToNewPasswordChallenge` and for Multi Factor Authentication: `respondToMFAChallenge`.
+The `name` parameter is an enum containing all challenges. The `responses` parameter is a dictionary of inputs to the challenge. The `session` parameter was included in the challenge returned to you by the authentication request. If the challenge is successful you will get `response.authenticated` as a response. If another challenge is required then you will get details of that in `response.challenged`. There are custom versions of the `respondToChallenge` function for new password: `respondToNewPasswordChallenge` and for Multi Factor Authentication: `respondToMFAChallenge`.
 
 ## Creating user pools
 There are a few settings that are required when creating your Cognito user pool, if you want to use it with the AWS Cognito Authentication library. Because the library uses the Admin level service calls device tracking is unavailable so ensure you set device remembering to off. Otherwise your refresh tokens will not work. 
 
-When creating the app client for your user pool ensure you have 'Generate client secret' enabled. The AWS Cognito Authentication library automatically creates the secret hash required for user pools that have a client secret. It would be sensible to take advantage of this. As the library is designed to work on secured backend servers it uses the Admin no SRP authorization flow to authenticate users. You will also need to tick 'Enable sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH)' to ensure authentiation works. 
+When creating the app client for your user pool ensure you have 'Generate client secret' enabled. The AWS Cognito Authentication library automatically creates the secret hash required for user pools that have a client secret. It would be sensible to take advantage of this. As the library is designed to work on secured backend servers it uses the Admin no SRP authorization flow to authenticate users. You will also need to tick 'Enable username password auth for admin APIs for authentication (ALLOW_ADMIN_USER_PASSWORD_AUTH)' to ensure authentiation works. 
 
 For more details on AWS Cognito User Pools you can find Amazon's documentation [here](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html)