InvalidParameterException: Missing required parameter Session - verifyCurrentUserAttribute

[kirgy]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

REST API

Amplify Categories

api

Environment information

``` System: OS: macOS 13.0.1 CPU: (10) arm64 Apple M1 Max Memory: 442.27 MB / 64.00 GB Shell: 5.8.1 - /bin/zsh Binaries: Node: 16.20.1 - ~/.nvm/versions/node/v16.20.1/bin/node Yarn: 1.22.17 - /usr/local/bin/yarn npm: 8.19.4 - ~/.nvm/versions/node/v16.20.1/bin/npm Browsers: Brave Browser: 111.1.49.132 Chrome: 115.0.5790.170 Firefox: 113.0.2 Safari: 16.1 npmPackages: @apollo/client: 3.7.2 => 3.7.2 (3.3.15) @apollo/client/cache: undefined () @apollo/client/core: undefined () @apollo/client/errors: undefined () @apollo/client/link/batch: undefined () @apollo/client/link/batch-http: undefined () @apollo/client/link/context: undefined () @apollo/client/link/core: undefined () @apollo/client/link/error: undefined () @apollo/client/link/http: undefined () @apollo/client/link/persisted-queries: undefined () @apollo/client/link/retry: undefined () @apollo/client/link/schema: undefined () @apollo/client/link/subscriptions: undefined () @apollo/client/link/utils: undefined () @apollo/client/link/ws: undefined () @apollo/client/react: undefined () @apollo/client/react/components: undefined () @apollo/client/react/context: undefined () @apollo/client/react/data: undefined () @apollo/client/react/hoc: undefined () @apollo/client/react/hooks: undefined () @apollo/client/react/parser: undefined () @apollo/client/react/ssr: undefined () @apollo/client/testing: undefined () @apollo/client/testing/core: undefined () @apollo/client/utilities: undefined () @apollo/client/utilities/globals: undefined () @apollo/react-testing: ^4.0.0 => 4.0.0 @babel/core: ^7.12.9 => 7.21.4 @babel/runtime: ^7.12.5 => 7.20.6 @commitlint/cli: ^17.6.6 => 17.6.6 @commitlint/config-conventional: ^17.6.6 => 17.6.6 @digitalroute/cz-conventional-changelog-for-jira: ^8.0.1 => 8.0.1 @expo/react-native-action-sheet: ^3.13.0 => 3.14.0 @graphql-codegen/cli: ^2.16.1 => 2.16.1 @graphql-codegen/client-preset: ^1.2.3 => 1.2.3 @graphql-typed-document-node/core: ^3.1.1 => 3.1.1 @hookform/resolvers: ^2.4.0 => 2.4.0 @native-html/iframe-plugin: ^2.6.0 => 2.6.0 @react-native-async-storage/async-storage: ^1.17.10 => 1.17.11 @react-native-community/blur: 4.3.0 => 4.3.0 @react-native-community/checkbox: ^0.5.8 => 0.5.14 @react-native-community/eslint-config: ^2.0.0 => 2.0.0 @react-native-community/netinfo: ^9.0.0 => 9.3.7 @react-native-firebase/analytics: 14.9.1 => 14.9.1 @react-native-firebase/app: 14.9.1 => 14.9.1 @react-native-firebase/messaging: 14.9.1 => 14.9.1 @react-native-firebase/remote-config: ^14.9.1 => 14.9.1 @react-native-picker/picker: ^2.4.8 => 2.4.8 @rnx-kit/align-deps: ^2.0.1 => 2.0.1 @salvehealth/schema-generator: ^2.12.1 => 2.12.1 @sentry/react-native: 4.11.0 => 4.11.0 @sinonjs/fake-timers: ^9.1.0 => 9.1.0 (10.0.2, 6.0.1) @stripe/stripe-react-native: ^0.29.0 => 0.29.0 @svanboxel/visibility-sensor-react-native: ^1.0.2 => 1.0.2 @testing-library/jest-native: ^5.3.2 => 5.3.2 @testing-library/react-hooks: ^8.0.1 => 8.0.1 @testing-library/react-native: ^11.5.0 => 11.5.0 @types/graphql: ^14.5.0 => 14.5.0 @types/humanize-duration: ^3.27.1 => 3.27.1 @types/i18n-js: ^3.8.0 => 3.8.0 @types/jasmine: ^3.5.14 => 3.5.14 @types/jest: ^26.0.20 => 26.0.22 (25.2.3) @types/lodash: ^4.14.168 => 4.14.186 @types/lodash.debounce: ^4.0.6 => 4.0.6 @types/react-native: ^0.65.8 => 0.65.22 @types/react-native-actionsheet: ^2.4.2 => 2.4.2 @types/react-native-keep-awake: ^2.0.2 => 2.0.2 @types/react-native-share: ^3.3.1 => 3.3.1 @types/react-native-vector-icons: ^6.4.6 => 6.4.6 @types/react-redux: ^7.1.16 => 7.1.16 @types/react-test-renderer: 17.0.1 => 17.0.1 @types/redux-mock-store: ^1.0.3 => 1.0.3 @types/sinonjs__fake-timers: ^8.1.1 => 8.1.1 @types/styled-components: ^5.1.25 => 5.1.25 @types/styled-components-react-native: ^5.1.3 => 5.1.3 @typescript-eslint/eslint-plugin: ^6.2.1 => 6.2.1 (3.10.1) @typescript-eslint/parser: ^6.2.1 => 6.2.1 (3.10.1) HelloWorld: 0.0.1 amazon-cognito-identity-js: 5.2.8 => 5.2.8 (6.3.1) amazon-cognito-identity-js/internals: undefined () apollo-link-logger: ^2.0.0 => 2.0.0 apollo-link-sentry: ^3.2.1 => 3.2.1 apollo-link-timeout: ^4.0.0 => 4.0.0 aws-amplify: ^5.3.6 => 5.3.6 babel-jest: ^26.6.3 => 26.6.3 (29.5.0) babel-plugin-module-resolver: ^4.1.0 => 4.1.0 babel-plugin-styled-components: ^1.10.7 => 1.12.0 class-validator: 1.0.0 commitizen: ^4.3.0 => 4.3.0 core-js: ^3.26.1 => 3.26.1 detox: ^20.7.0 => 20.7.0 dotenv: ^16.0.3 => 16.0.3 eslint: ^7.32.0 => 7.32.0 eslint-config-prettier: ^8.2.0 => 8.2.0 (6.11.0) eslint-plugin-import: ^2.23.4 => 2.23.4 eslint-plugin-prettier: ^3.4.0 => 3.4.0 (3.1.2) expo: ^47.0.0 => 47.0.14 expo-av: ~13.2.1 => 13.2.1 expo-haptics: ~12.1.0 => 12.1.0 expo-linear-gradient: ~12.0.1 => 12.0.1 expo-local-authentication: ~13.1.0 => 13.1.0 expo-navigation-bar: 2.0.1 => 2.0.1 expo-secure-store: ~12.0.0 => 12.0.0 graphql: 15.8.0 => 15.8.0 graphql-tag: ^2.11.0 => 2.12.6 hermes-inspector-msggen: 1.0.0 humanize-duration: ^3.27.1 => 3.27.1 husky: ^6.0.0 => 6.0.0 i18n-iso-countries: ^6.5.0 => 6.5.0 i18n-js: ^3.8.0 => 3.8.0 io-ts: 1.0.0 jest: ^29.0.0 => 29.5.0 jest-fetch-mock: ^3.0.3 => 3.0.3 jest-html-reporter: ^3.2.0 => 3.2.0 jetifier: ^2.0.0 => 2.0.0 joi: 1.0.0 libphonenumber-js: ^1.10.19 => 1.10.19 libphonenumber-js/build: undefined () libphonenumber-js/core: undefined () libphonenumber-js/max: undefined () libphonenumber-js/max/metadata: undefined () libphonenumber-js/min: undefined () libphonenumber-js/min/metadata: undefined () libphonenumber-js/mobile: undefined () libphonenumber-js/mobile/examples: undefined () libphonenumber-js/mobile/metadata: undefined () lint-staged: ^10.5.3 => 10.5.3 lodash: ^4.17.20 => 4.17.21 metro-react-native-babel-preset: 0.72.4 => 0.72.4 (0.72.3) mockdate: ^3.0.2 => 3.0.2 moment-timezone: ^0.5.35 => 0.5.35 node-fetch: ^2.6.1 => 2.6.7 nope: 1.0.0 patch-package: ^6.5.0 => 6.5.0 path-to-regexp: ^6.2.1 => 6.2.1 (1.8.0) polished: ^4.1.0 => 4.1.0 postinstall-postinstall: ^2.1.0 => 2.1.0 prettier: ^2.3.2 => 2.3.2 react: 18.1.0 => 18.1.0 react-hook-form: ^7.2.3 => 7.2.3 react-native: ^0.70.12 => 0.70.12 react-native-actionsheet: ^2.4.2 => 2.4.2 react-native-clean-project: ^4.0.1 => 4.0.1 react-native-config: ^1.4.2 => 1.4.2 react-native-date-picker: ^4.2.9 => 4.2.9 react-native-device-info: ^10.3.0 => 10.3.0 react-native-document-picker: ^8.0.0 => 8.0.0 react-native-file-viewer: ^2.1.5 => 2.1.5 react-native-flipper-performance-plugin: ^0.4.0 => 0.4.0 react-native-gesture-handler: ^2.11.0 => 2.11.0 react-native-gifted-chat: ^0.16.3 => 0.16.3 react-native-hyperlink: ^0.0.19 => 0.0.19 react-native-image-picker: ^5.3.1 => 5.3.1 react-native-inappbrowser-reborn: ^3.5.1 => 3.5.1 react-native-indicators: ^0.17.0 => 0.17.0 react-native-iphone-x-helper: ^1.3.1 => 1.3.1 react-native-keep-awake: ^4.0.0 => 4.0.0 react-native-keyboard-manager: ^6.5.4-4 => 6.5.4-4 react-native-localize: ^3.0.0 => 3.0.0 react-native-mmkv: ^2.5.1 => 2.5.1 react-native-navigation: ^7.32.1 => 7.32.1 react-native-navigation-drawer-extension: ^4.3.1 => 4.3.1 react-native-notifications: ^4.3.3 => 4.3.3 react-native-pager-view: ^6.1.2 => 6.1.2 react-native-paper: ^4.12.5 => 4.12.5 react-native-permissions: ^3.0.5 => 3.0.5 react-native-reanimated: ^2.14.4 => 2.17.0 react-native-render-html: ^6.1.0 => 6.3.4 react-native-safe-area-context: ^4.6.2 => 4.6.2 react-native-section-list-get-item-layout: ^2.2.3 => 2.2.3 react-native-sha256: ^1.4.7 => 1.4.7 react-native-svg: ^12.3.0 => 12.4.4 react-native-svg-transformer: ^0.14.3 => 0.14.3 react-native-tab-view: ^3.3.0 => 3.3.0 react-native-twilio-video-webrtc: ~3.2.0 => 3.2.0 react-native-uuid: ^2.0.1 => 2.0.1 react-native-vector-icons: ^9.2.0 => 9.2.0 react-native-webview: ^11.23.0 => 11.26.0 react-redux: ^7.2.2 => 7.2.2 react-string-replace: ^1.1.0 => 1.1.0 react-test-renderer: 18.1.0 => 18.1.0 redux: ^4.0.5 => 4.0.5 redux-devtools-extension: ^2.13.8 => 2.13.8 redux-mock-store: ^1.5.4 => 1.5.4 redux-persist: ^6.0.0 => 6.0.0 redux-persist/integration/react: undefined () redux-thunk: ^2.4.1 => 2.4.1 reselect: ^4.0.0 => 4.0.0 slugify: ^1.4.6 => 1.4.6 styled-components: ^5.3.5 => 5.3.5 styled-components/macro: undefined () styled-components/native: undefined () styled-components/primitives: undefined () superstruct: 1.0.0 ts-jest: ^26.5.5 => 26.5.5 typescript: ^4.5.0 => 4.9.5 (5.1.6) vest: 1.0.0 yarn-deduplicate: ^5.0.0 => 5.0.0 yup: ^0.32.11 => 0.32.11 (1.0.0) zod: 1.0.0 npmGlobalPackages: corepack: 0.17.0 npm: 8.19.4 ```

Describe the bug

A call to Auth.confirmSignIn(signedInUser, code, "SMS_MFA") with a valid signedinUser, containing a valid Session produces an unexpected error response from Cognito:

InvalidParameterException: Missing required parameter Session

Expected behavior

I'd expect to see the Session object to be attached to the user, and this session sent with the request, and the API ( Auth.confirmSignIn(signedInUser, code, "SMS_MFA")) to respond accordingly.

Reproduction steps

1. Have a React Native project with an authenticated user set within Cognito
   • the user's MFA should be set to SMS (we're calling this programatically before the verifyCurrentUserAttribute and confirmSignIn
   • the user's phone_number should be set as not verified in Cognito
2. authenticate the user or get a valid authenticated user object
3. call await Auth.verifyCurrentUserAttribute("phone_attribute");
4. call Auth.confirmSignIn(signedInUser, code, "SMS_MFA");
5. observe the error returned

Code Snippet

I'm trying to verify an existing authenticated Cognito user's phone_number under their user attributes.

In our case, some users don't require MFA, and later business rules mean they now need to require it. When calling the verifyCurrentUserAttribute function on Auth, I'm being returned an error:

InvalidParameterException: Missing required parameter Session

For example, calling the following:

export async function enableMfa(): Promise<void> {
  const user = await Auth.currentAuthenticatedUser();
  await Auth.setPreferredMFA(user, "SMS");
}

 // this `user` object has a populated `Session` property
  const user = await Auth.currentAuthenticatedUser();
  await Auth.setPreferredMFA(user, "SMS");

  await Auth.verifyCurrentUserAttribute("phone_attribute");

I get an SMS MFA message, but a subsequent follow up request of:

    // this `signedInUser` object has a populated `Session` property
    const signedInUser: CognitoUser = await Auth.signIn(
      email,
      password,
      {
        appLanguage,
      }
    );

    Auth.confirmSignIn(signedInUser, code, "SMS_MFA")

Results in an error of:

InvalidParameterException: Missing required parameter Session

I can observe in network traffic that the user object sent to Cognito indeed has Session: null attached to it. Observing the user and signedInUser objects above do show a populated Session object.

Any advise here will be appreciated. This issue was also raised under the Discord, but unfortunately I had no response.

Log output

``` // Put your logs below this line n/a ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

iOS Sim - iPhone 14

Mobile Operating System

iOS16.4

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[cwomack]

@kirgy, apologies for the delayed response on this. Were you still experiencing the issue? And was the phone_number initially set up as a required attribute for the Cognito User Pool?

[kirgy]

@cwomack thanks for following up, apologies for my own lack of follow-up.

During more invesigation I discovered a simularly named method in the docs: verifyCurrentUserAttributeSubmit found here.

It seems the user flow should be:

1. call verifycurrentuserattribute
2. send the 2FA code to verifycurrentuserattributesubmit

It was my presumption all 2FA code to be submitted consumed a common endpoint to submit them, but that's not the case. It may be useful if the docs spelt that out so simpletons like me can find a route forward 😅

I think this is a non-issue and can be closed. Potential room for documentation improvements. Thank you for your time 🙏

[cwomack]

@kirgy, appreciate the follow up and clarity! I'll close out this issue then, but feel free to comment back or open a new one if there's further blockers.