search

aws-amplify / amplify-android

The fastest and easiest way to use AWS from your Android app.
https://docs.amplify.aws/lib/q/platform/android/
Apache License 2.0
240 stars 112 forks source link

Passwordless Auth #2683

Closed Mohammad-amleh closed 5 months ago

Mohammad-amleh commented 5 months ago

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

    implementation "com.amplifyframework:core:2.14.6"
    implementation "com.amplifyframework:aws-auth-cognito:2.14.6"
    implementation 'com.amazonaws:aws-android-sdk-mobile-client:2.65.0'
    implementation 'com.amazonaws:aws-android-sdk-cognitoauth:2.65.0'

Gradle 8.0

Build time: 2023-02-13 13:15:21 UTC Revision: 62ab9b7c7f884426cf79fbedcf07658b2dbe9e97

Kotlin: 1.8.10 Groovy: 3.0.13 Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021 JVM: 20.0.2 (Oracle Corporation 20.0.2+9-78) OS: Mac OS X 14.2.1 aarch64


[Company] is currently experiencing an issue with password-less logging in our application. Our current authentication methods include:

1-Password-Username logging.
2-Social provider logging.
plus Multi-Factor Authentication (MFA).

To enhance our authentication options, we aim to introduce a new Password-less feature utilizing passkey authentication. We have already configured the login with Cognito ID to facilitate this new feature.

### Code Snippet

```kotlin

      val options: AWSCognitoAuthSignInOptions = AWSCognitoAuthSignInOptions.builder().apply {
                    metadata(metadata)
                    authFlowType(AuthFlowType.CUSTOM_AUTH_WITHOUT_SRP)
                }.build()

     Amplify.Auth.signIn(cognitoId, null, options, {
                    //handle success 
                }, { exception ->
                    //handle error
                })

Log output

``` NotAuthorizedException{message=Failed since user is not authorized., cause=NotAuthorizedException(message=Incorrect username or password.), recoverySuggestion=Check whether the given values are correct and the user is authorized to perform the operation.} at com.amplifyframework.auth.cognito.CognitoAuthExceptionConverter$Companion.lookup(CognitoAuthExceptionConverter.kt:82) at com.amplifyframework.auth.cognito.RealAWSCognitoAuthPlugin$_signIn$1.invoke(RealAWSCognitoAuthPlugin.kt:574) at com.amplifyframework.auth.cognito.RealAWSCognitoAuthPlugin$_signIn$1.invoke(RealAWSCognitoAuthPlugin.kt:553) at com.amplifyframework.statemachine.StateMachine.notifySubscribers(StateMachine.kt:176) at com.amplifyframework.statemachine.StateMachine.process(StateMachine.kt:191) at com.amplifyframework.statemachine.StateMachine.access$process(StateMachine.kt:49) at com.amplifyframework.statemachine.StateMachine$send$1.invokeSuspend(StateMachine.kt:160) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:487) at java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:307) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644) at java.lang.Thread.run(Thread.java:1012) Caused by: NotAuthorizedException(message=Incorrect username or password.) at aws.sdk.kotlin.services.cognitoidentityprovider.model.NotAuthorizedException$Builder.build(NotAuthorizedException.kt:63) at aws.sdk.kotlin.services.cognitoidentityprovider.serde.NotAuthorizedExceptionDeserializer.deserialize(NotAuthorizedExceptionDeserializer.kt:37) at aws.sdk.kotlin.services.cognitoidentityprovider.serde.InitiateAuthOperationDeserializerKt.throwInitiateAuthError(InitiateAuthOperationDeserializer.kt:72) at aws.sdk.kotlin.services.cognitoidentityprovider.serde.InitiateAuthOperationDeserializerKt.access$throwInitiateAuthError(InitiateAuthOperationDeserializer.kt:1) at aws.sdk.kotlin.services.cognitoidentityprovider.serde.InitiateAuthOperationDeserializerKt$throwInitiateAuthError$1.invokeSuspend(Unknown Source:13) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684) ```

amplifyconfiguration.json

{
  "UserAgent": "aws-amplify-cli/2.0",
  "Version": "1.0",
  "auth": {
    "plugins": {
      "awsCognitoAuthPlugin": {
        "UserAgent": "aws-amplify-cli/0.1.0",
        "Version": "0.1.0",
        "CognitoUserPool": {
          "Default": {
            "PoolId": "us-east-1_xxxxxxx",
            "AppClientId": "xxxxxxxxxxxxxxxx",
            "Region": "us-east-1"
          }
        },
        "Auth": {
          "Default": {
            "OAuth": {
              "WebDomain": "oauth.xxxxxx.com",
              "AppClientId": "xxxxxxxxxxxxxxxxxx",
              "SignInRedirectURI": "xxxx://cognito-sign-in",
              "SignOutRedirectURI": "xxxx://cognito-sign-out",
              "Scopes": [
                "phone",
                "email",
                "openid",
                "profile",
                "aws.cognito.signin.user.admin"
              ]
            }
          }
        }
      }
    }
  }
}

GraphQL Schema

```graphql // Put your schema below this line ```

Additional information and screenshots

No response

tylerjroach commented 5 months ago

@Mohammad-amleh Amplify v2 and the AWS Android SDK (aws-android-sdk-mobile-client and aws-android-sdk-cognitoauth) are not compatible with each other. Please remove those dependencies and follow up with any continued issues. Thank you!

Mohammad-amleh commented 5 months ago

@tylerjroach unfortunately the same error

Mohammad-amleh commented 5 months ago

"The error originated from the back-end (BE) side. This occurred because our system relies on metadata to determine the sign-in method, and this metadata is only received by Cognito after the PASSWORED_VERIFIER stage (lambda/challenge). As a result, the necessary metadata was not available prior to this stage, leading to the issue."

github-actions[bot] commented 5 months ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.