Closed sriranjanivenkatesan closed 4 months ago
HI @sriranjanivenkatesan thank you for opening this issue. I've attempted to reproduce it unsuccessfully so far, but wanted to suggest on small but potentially helpful action - since you were upgrading between two major versions, could you try deleting your node_modules as well as package-lock.json file and reinstalling your dependencies if you haven't done so yet?
Additionally if you check local storage, can you share what values you see in there that are specific to Amplify Auth?
hello @nadetastic , thanks for the suggestion. We tried deleting the node_modules,package-lock and reinstalling. But still getting the same issue. As you can see below, this is our local storage, currently with null values.
cc: @wjcunningham7
I am facing the same issue in the same situation.
{
"event": "signInWithRedirect_failure",
"data": {
"error": {
"name": "OAuthSignInException",
"recoverySuggestion": "Make sure Cognito Hosted UI has been configured correctly"
}
}
}
This is the returned URL params after login with Google
http://localhost:3000/clients/login?code=f8467056-8f9e-420c-b577-0198657a3e9f&state=94fhRV9INPzYguOZAENR4qpTp9RZmDbn
I got a 400 Bad Request
at this request https://hairqueue-web.auth.us-east-1.amazoncognito.com/oauth2/token
Response:
{
"error": "invalid_client"
}
Payload:
grant_type: authorization_code
code: f8467056-8f9e-420c-b577-0198657a3e9f
client_id: 6on8j0kq741oqmv5qaok9a3h09
redirect_uri: http://localhost:3000/clients/login
code_verifier: gerq4mrMS0buUHEdEDIKPPd8Te0569XzMCtCFyxNIPfNWubjm8Gx3CM6QfsGcl8V9sYHgiUDijz2pHRgB9OihoLPrP5gwyFjS7RnnIwQtytRE42wy6bqRrLOaHH7Apxl
I keep trying to solve this problem, if I have news I share it here.
Looking at this documentation, AWS said that provably the client_id|client_secret
is nonexistent at authorization header. But looking at request headers, I could not see any authorization presented there.
:authority:
hairqueue-web.auth.us-east-1.amazoncognito.com
:method:
POST
:path:
/oauth2/token
:scheme:
https
Accept:
*/*
Accept-Encoding:
gzip, deflate, br, zstd
Accept-Language:
en-US,en;q=0.9,pt-BR;q=0.8,pt;q=0.7
Content-Length:
312
Content-Type:
application/x-www-form-urlencoded
Origin:
http://localhost:3000
Referer:
http://localhost:3000/
Sec-Ch-Ua:
"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"
Sec-Ch-Ua-Mobile:
?1
Sec-Ch-Ua-Platform:
"Android"
Sec-Fetch-Dest:
empty
Sec-Fetch-Mode:
cors
Sec-Fetch-Site:
cross-site
User-Agent:
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36
X-Amz-User-Agent:
aws-amplify/6.0.18 auth/36 framework/2
invalid_client Client authentication failed. For example, when the client includes client_id and client_secret in the authorization header, but there's no such client with that client_id and client_secret.
should it be a problem?
I am facing the same issue in the same situation.
{ "event": "signInWithRedirect_failure", "data": { "error": { "name": "OAuthSignInException", "recoverySuggestion": "Make sure Cognito Hosted UI has been configured correctly" } } }
This is the returned URL params after login with Google
http://localhost:3000/clients/login?code=f8467056-8f9e-420c-b577-0198657a3e9f&state=94fhRV9INPzYguOZAENR4qpTp9RZmDbn
I got a
400 Bad Request
at this requesthttps://hairqueue-web.auth.us-east-1.amazoncognito.com/oauth2/token
Response:
{ "error": "invalid_client" }
Payload:
grant_type: authorization_code code: f8467056-8f9e-420c-b577-0198657a3e9f client_id: 6on8j0kq741oqmv5qaok9a3h09 redirect_uri: http://localhost:3000/clients/login code_verifier: gerq4mrMS0buUHEdEDIKPPd8Te0569XzMCtCFyxNIPfNWubjm8Gx3CM6QfsGcl8V9sYHgiUDijz2pHRgB9OihoLPrP5gwyFjS7RnnIwQtytRE42wy6bqRrLOaHH7Apxl
I keep trying to solve this problem, if I have news I share it here.
Looking at this documentation, AWS said that provably the
client_id|client_secret
is nonexistent at authorization header. But looking at request headers, I could not see any authorization presented there.Request header detailed
:authority: hairqueue-web.auth.us-east-1.amazoncognito.com :method: POST :path: /oauth2/token :scheme: https Accept: */* Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9,pt-BR;q=0.8,pt;q=0.7 Content-Length: 312 Content-Type: application/x-www-form-URL-encoded Origin: http://localhost:3000 Referer: http://localhost:3000/ Sec-Ch-Ua: "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122" Sec-Ch-Ua-Mobile: ?1 Sec-Ch-Ua-Platform: "Android" Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36 X-Amz-User-Agent: aws-amplify/6.0.18 auth/36 framework/2
invalid_client Client authentication failed. For example, when the client includes client_id and client_secret in the authorization header, but there's no such client with that client_id and client_secret.
Should it be a problem?
I am not having this error anymore. In my case, it was happening because I was using OAuth Google credentials that were automatically created by Firebase authentication. (I don't know exactly the reason for not working with AWS Cognito.
The solution for me: I created another credential from scratch (very simple) on the Google Cloud Platform and configured that in AWS Cognito.
Result: Now I can sign in using Google Provider and it is correctly generating tokens for the user authenticated.
hello @sriranjanivenkatesan . Can you confirm if the following flow is valid ?
call signInWithRedirect
-> redirect to social provider UI -> authenticate with social provider -> redirect back to the app -> url contains code
and state
query params -> authentication fails.
Also can you confirm if the error you are experiencing is coming from the customState_failure
hub event ?
hello @israx , yeah the flow is right. But the event is signInWithRedirect_failure
cc: @Prasy12
The User cancelled OAuth flow.
error message is usually thrown when the library is not able to find either the code
or state
query parameters. However your redirectURI does contain code
and state
. Is it possible for you to setup a breakpoint right before getting this error and console log this window.location.href
?
Also can you test this flow in different browsers, chrome, firefox and safari ?
Hi @sriranjanivenkatesan wanted to follow up here. Have you had a chance to review the comment from @israx above?
hello @nadetastic @israx Thanks for your patience:) Yeah I tried setting up the breakpoint in both the Hub function and the preceding Amplify.mjs file and I am getting ''http://localhost:8080/login' though I can see the code and state in the top as shown in below image
Tried with chrome and firefox, the issue seems to persist in both.
hello @nadetastic @israx Thanks for your patience:) Yeah I tried setting up the breakpoint in both the Hub function and the preceding Amplify.mjs file and I am getting ''http://localhost:8080/login' though I can see the code and state in the top as shown in below image
Tried with chrome and firefox, the issue seems to persist in both.
It looks that after the login flow, it is not redirecting to the /login
page but to the /
page. Does it correct? I am supposing it because of the URL that the devtools window is showing at the top window bar.
if the Hub.listener logic is on the /login
page but the redirect is moving the client to the /
page, it probably is a problem to correctly complete the sign in flow.
hello @nadetastic @israx Thanks for your patience:) Yeah I tried setting up the breakpoint in both the Hub function and the preceding Amplify.mjs file and I am getting ''http://localhost:8080/login' though I can see the code and state in the top as shown in below image Tried with chrome and firefox, the issue seems to persist in both.
It looks that after the login flow, it is not redirecting to the
/login
page but to the/
page. Does it correct? I am supposing it because of the URL that the devtools window is showing at the top window bar.if the Hub.listener logic is on the
/login
page but the redirect is moving the client to the/
page, it probably is a problem to correctly complete the sign in flow.
This was the issue I ran into as well. Make sure you have your routes properly defined as a broken route will also throw this same error. Thank you Pedro!
@sriranjanivenkatesan, can you confirm if your redirect URL's in the Cognito console for the Hosted UI align with the redirect sign in/out in your config? I'm wondering if there's a mismatch between these. And are there any changes (beyond the imports and API names being called) when migrating from v5 to v6?
@speedhawk21 and @speedhawk21, thank you for the additional comments and glad to hear you're both unblocked.
@sriranjanivenkatesan, can you see if upgrading to the latest version of Amplify (or anything after v6.0.23) gives you any different behavior? There were changes to the OAuth flow in that version that could help with the issue here.
@sriranjanivenkatesan, I came across same issue yesterday, signInwithRedirect
was working fine on local but was giving same error as you mentioned above on prod,
my flow was like:
On my redirect page, I was trying to fetch Session and after success, i was routing myself to main/home page. something like this, NOT EXACT CODE
fetchAuthSession().then((session) => {
//store cookie here
}).finally(()=>{
router.push("/")
});
but i was getting the same error.
I changed my redirect signIn url
from: mydomain.com/api/redirect to: mydomain.com/auth/login
from where i was initiating my signIn request and fetchSession there. It worked for me
Possible Issues:
Code Received -> you change your route/perform action -> Oauth Flow completes
Thank you for the additional context/comment above, @Ikraam-Rasheed!
@sriranjanivenkatesan, I'll close out this issue since we haven't heard back from you (but others have commented as resolved). If you are still experiencing this, please feel free to reply back and provide any information previously requested and we'd be happy to re-open the issue.
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
Authentication
Amplify Version
v6
Amplify Categories
auth
Backend
None
Environment information
Describe the bug
We migrated our react application from amplify v5.3.4 to v6.0.15
Federated Sign In with google returns the required code and state values post sign in as seen in the below image
But the Hub event returns a
signInWithRedirect_failure
We also added a debugger to capture the error in console which returns the following exception
Note : The federated login for the user works fine using v5.3.4
Expected behavior
Reproduction steps
npm install aws-amplify@6.0.15
amplifyconfiguration.json
fileyarn start
and clicked on theSign in with Google
button to trigger the sign in.Code Snippet
Log output
aws-exports.js
Manual configuration
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response