diff --git a/warrant/aws_srp.py b/warrant/aws_srp.py index 3b53f34e..123c354a 100644 --- a/warrant/aws_srp.py +++ b/warrant/aws_srp.py @@ -173,6 +173,7 @@ def get_secret_hash(username, client_id, client_secret): return base64.standard_b64encode(hmac_obj.digest()).decode('utf-8') def process_challenge(self, challenge_parameters): + internal_username = challenge_parameters['USERNAME'] user_id_for_srp = challenge_parameters['USER_ID_FOR_SRP'] salt_hex = challenge_parameters['SALT'] srp_b_hex = challenge_parameters['SRP_B'] @@ -188,13 +189,13 @@ def process_challenge(self, challenge_parameters): hmac_obj = hmac.new(hkdf, msg, digestmod=hashlib.sha256) signature_string = base64.standard_b64encode(hmac_obj.digest()) response = {'TIMESTAMP': timestamp, - 'USERNAME': user_id_for_srp, + 'USERNAME': internal_username, 'PASSWORD_CLAIM_SECRET_BLOCK': secret_block_b64, 'PASSWORD_CLAIM_SIGNATURE': signature_string.decode('utf-8')} if self.client_secret is not None: response.update({ "SECRET_HASH": - self.get_secret_hash(self.username, self.client_id, self.client_secret)}) + self.get_secret_hash(internal_username, self.client_id, self.client_secret)}) return response def authenticate_user(self, client=None):