Closed githubgogogo closed 1 year ago
I was also experiencing this issue on version 5.0.19
.
To fix it, I am explicitly passing in the mfaType
to Auth.confirmSignIn
:
const data = await Auth.confirmSignIn(cognitoUser, code, cognitoUser.challengeName);
@githubgogogo, I've been able to reproduce the code mismatch exception consistently when using the SMS_MFA
challenge type. I'll mark this as a bug for the time being while I review it with the team internally.
@githubgogogo, I think we might be able to resolve this with some refactoring of the code actually. It seems this might be more related to how the methods are being called rather than a bug.
In both my reproduction app and your example above, Auth.confirmSignIn()
is being called at the same time as the Auth.signIn()
method. This makes the MFA code that's sent each time be 1 code "behind" what the Cognito session is expecting, hence the mismatch. You should be able to see this if you console.log(mfaCode)
just before your Auth.confirmSignIn
.
Can you try separating the two methods by either putting them in different components, pages, or buttons (not sure if you have them tied to the same "sign in button" for example) so that they are called at different times?
Closing this issue as we have not heard back from you. If you are still experiencing this, please review the comment above to see if it resolves the code mismatch exception. If it doesn't, we can reopen the issue or dig deeper to see what else might be causing the exception.
Thank you!
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
Authentication
Amplify Categories
auth
Environment information
Describe the bug
I am implimenting the MFA in our application, I am currently trying the SMS_MFA with below code. It successfully passed the signIn with credentials, but in Auth.confirmSignIn step, it got 400 error.
The error response is
{"__type":"CodeMismatchException","message":"Invalid code or auth state for the user."}
Expected behavior
Sign in with the mfaCode.
Reproduction steps
const user = await Auth.signIn(userName, password);
and returnreturn { status: 'mfa', user };
, then redirect to the MFA code input pageconst user = await Auth.signIn(userName, password);
and triggerconst loggedUser = await Auth.confirmSignIn(user, mfaCode, user?.challengeName);
Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response