search

amazon-archives / amazon-cognito-auth-js

The Amazon Cognito Auth SDK for JavaScript simplifies adding sign-up, sign-in with user profile functionality to web apps.
Apache License 2.0
423 stars 232 forks source link

Value null at 'sub' failed to satisfy constraint: Member must not be null #65

Open lucasmike opened 6 years ago

lucasmike commented 6 years ago

I am using the app to authenticate admin created user with required SMS based MFA.

On the first login the app accepts a temporary password and redirects to input a new password. After the new password is submitted, the following error pops up in the app:

1 validation error detected: Value null at 'sub' failed to satisfy constraint: Member must not be null

The app stops working, however the password gets updated. So the user can login again with a new password but they need to start a fresh login workflows (i.e. 'login as new user')

This issue only exists when SMS based MFA is required. If no MFA is required, all works fine.

Any idea what went wrong?

Update - potential workaround: If there is indeed a bug in the above workflow, I figured out that an alternative work-around is to enable optional MFA + SMS policy and when signing users up by admin, not require MFA. Only after the user goes through the forced change password workflow, the admin can switch on MFA for that user, which works fine....

yuntuowang commented 6 years ago

Hi @lucasmike, thanks for bringing up this issue. We have noticed this issue, this is not expected and we are working on the fix. Will post on this issue once we pushed the fix!

yuntuowang commented 6 years ago

Hi @lucasmike, our bug fix has been pushed! Please use version v1.1.1, you can download directly from github or use npm to install the latest version. Thanks!!

yvele commented 6 years ago

Same error with same scenario on Cognito UI

yuntuowang commented 6 years ago

Hi @yvele, are you using the v1.1.1 or above? We pushed fix for this issue in v1.1.1. Thanks.

sowston commented 6 years ago

I am getting this issue. Enabled MFA at User Pool Creation time. When the user first logs in, they are redirected to change their password, then when they do so, get the following error:

1 validation error detected: Value null at 'sub' failed to satisfy constraint: Member must not be null

For clarification, I am using OAUTH2 and I'm getting this error after the users changes his password with the Congnito UI.

yuntuowang commented 6 years ago

Hi @sowston, did you call adminCreateUser() and then when the user sign in, it must change password?

Do you mean you were using hosted UI page to change password? When do you see this validation error exactly? When change password?

sowston commented 6 years ago

Hi @yuntuowang . Thank you for the reply.
I am using an oauth2 workflow, not the API directly. If I create a pool with MFA required, I create a user with the conginto web console. When the user hits a secured page on my site, they are redirected to the cognito login page. The login and are prompted to change their password. Then I get this error.

mamdouhweb commented 6 years ago

using cognito with es service for kibana. Got this error! validation error detected: Value null at 'sub' failed to satisfy constraint: Member must not be null

WoozyG commented 6 years ago

Cognito "Hosted UI" (the OAUTH2 HTTPS end point documented here) appears to be using the AWS SDK for JavaScript, but not at the latest version, and still exhibits this bug. Is there an ETA for updating those services (implemented in CloudFront behind the scenes, but not visible to AWS users in the CF console)?