InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when user not found in pool

[saharJ95]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

``` # Put output below this line Production ```

Describe the bug

Using Cognito User Pool

Getting InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when the user doesnot exisit in pool or deleted

Expected behavior

Response should be User not Found with defined code

Reproduction steps

login with non exsisting users

Code Snippet

Log output

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[cwomack]

Hello, @saharJ95 👋 and sorry to hear you're running into this. We may need a little more information on the steps you took to set up Auth to determine why this error is happening. Are you trying to use a custom lambda to send back a message when a user is not in the user pool? Can you share the lambda code, which of the Auth lambdas are causing this, and a little more context there? Also, if you log in with an existing user is everything working just fine?

[saharJ95]

Hi @cwomack , I am not using any custom code/lambda What I am doing is..

1. Configure aws
2. Import signIn from aws-amplify/auth
3. Calling with required Attributes

Existing users work fine, I am trying to catch the exceptions although if the useremail or password is incorrect I am getting the correct response from Cognito APIs But in the UserNotFound exception, it returns InvalidLambdaResponseException

[israx]

hello @saharJ95 . Could you please provide the following information:

1. Steps you took to configure amplify, did you use the CLI, gen2 or manually created resources ?
2. your amplify configuration refraining from adding any sensitive values.
3. Are you getting any errors when calling the signIn API with an existing user ?
4. What do you see when you go to Cognito Console -> User pools -> -> User pool properties -> Lambda triggers
5. network call request when getting this specific error.

This will help us to determine the root cause of the issue. Usually the InvalidResponseLambdaException is thrown when the userpool has a lambda trigger that is missconfigured.

[saharJ95]

Hi @israx ,

1. Created an identity pool and imported amplify config to my existing project.

2. 

3. As I mentioned, the Existing user sign works fine, wrong password exception works fine. Issue is when the email is incorrect or the user doesn't exist

4. 

5. 

Furthermore, I am getting this exception after migrating to amplify v6

[israx]

Hello @saharJ95 . Thank you for providing all the feedback. I see you have set a pre authentication lambda trigger which can be used to perform extra validation before authenticating a user. So based on the lambda docs we have that

Note This Lambda trigger doesn't activate when a user doesn't exist, or already has an existing session in your user pool. If the PreventUserExistenceErrors setting of a user pool app client is set to ENABLED, then the Lambda trigger will activate.

So the reason you are getting the InvalidLambdaResponseException error is because your user pool has activated the PreventUserExistenceErrors setting. This setting can be located at Cognito console -> user pools -> -> App integration -> App client list -> -> App client information -> edit -> Prevent user existence errors.

In order to solve your issue you could do the following:

1. Disable the Prevent user existence errors setting - NOT RECOMMENDED
2. Edit your Pre authentication lambda and throw an specific error - RECOMMENDED

I highly recommend not disabling the Prevent user existence errors setting. This will help you to prevent user enumeration errors.

[saharJ95]

Hi @israx , Thank you for your quick response. I fixed the pre auth lambda with the proper exception and it works fine .

Thanks :)