aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.43k stars 2.12k forks source link

Can create account but cannot sign in. #4882

Closed michaelcuneo closed 4 years ago

michaelcuneo commented 4 years ago

I have just recently updated to the latest amplify client and amplify js... My auth has now broken, I can sign up, but not sign in.

I get a challenge name, challenge parameters, looks all normal.

But then it returns

{__type: "NotAuthorizedException", message: "Incorrect username or password."}
__type: "NotAuthorizedException"
message: "Incorrect username or password."

But the username and password are correct.

I didn't change any settings at all, but after updating to the new Amplify, it did do an update to 'Auth' in my next amplify serve. No idea why...

michaelcuneo commented 4 years ago

It appears as though, I can successfully login locally, if I run amplify serve and use my local environment with master settings. But if I login online using the published build which is identical in every way to the local environment... it fails. I'm not sure what to do, because it's an important live production project.

michaelcuneo commented 4 years ago

It appears as though my update has enabled SRP Auth Flow and I cannot find how to get it back to Username_Password?

michaelcuneo commented 4 years ago

I've tried manually adding "authenticationFlowType": "USER_PASSWORD_AUTH", to the aws-exports.js but this doesn't solve the issue.

michaelcuneo commented 4 years ago

I removed USER_SRP_AUTH, and now I get USER_SRP_AUTH is not enabled for the client.

michaelcuneo commented 4 years ago

Just tested forgot password, and it works fine. I can sign up, I can go through the forgot password system, and create a new password, but I cannot sign in.

Tried running through amplify auth update, to see if any settings in there broke SRP/USERNAME_PASSWORD Auth, but it all looks fine to me.

michaelcuneo commented 4 years ago

I literally just deleted my entire master cloud formation, recreated it from scratch, added a brand new auth, restore every other area from backups to storage, and api, pushed the hosting back up with a brand new build...

I can still only login locally. As soon as I push it up online, I cannot login.

sammartinez commented 4 years ago

@michaelcuneo Can you provide the aws-amplify versions you are using?

Please run this command: npx envinfo --system --binaries --browsers --npmPackages --npmGlobalPackages

This will help us understand what has changed and where the disconnect is and causing where sign in is only working locally

michaelcuneo commented 4 years ago

I managed to get everything back up but now I've lost access to graphql api.

Yesterday USER_SRP_AUTH wouldn't work... today USER_PASSWORD_AUTH doesn't work, it's starting to become comedy. Are things changing in the back end while I write all of this? Because I literally had a working fully stable app about 6 hours ago... I just opened it to show my boss, and USER_PASSWORD_AUTH was broken, and graphql api was broken. I literally didn't change a thing.

I cannot login anymore, and I cannot look at my data anymore.

The response from the command is ...

System: OS: macOS 10.15.3 CPU: (12) x64 Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz Memory: 588.11 MB / 16.00 GB Shell: 5.7.1 - /bin/zsh Binaries: Node: 10.14.1 - ~/.nvm/versions/node/v10.14.1/bin/node Yarn: 1.19.1 - /usr/local/bin/yarn npm: 6.13.1 - ~/.nvm/versions/node/v10.14.1/bin/npm Watchman: 4.9.0 - /usr/local/bin/watchman Browsers: Chrome: 80.0.3987.100 Firefox: 73.0 Safari: 13.0.5 npmGlobalPackages: @aws-amplify/cli: 4.13.2 cognito-backup-restore: 1.2.0 create-react-native-app: 2.0.2 eslint: 6.7.1 expo-cli: 2.18.4 n: 4.1.0 npm: 6.13.1 react-devtools: 3.6.1 react-native-cli: 2.0.1 react-native-vector-icons: 6.6.0 System: OS: macOS 10.15.3 CPU: (12) x64 Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz Memory: 588.11 MB / 16.00 GB Shell: 5.7.1 - /bin/zsh Binaries: Node: 10.14.1 - ~/.nvm/versions/node/v10.14.1/bin/node Yarn: 1.19.1 - /usr/local/bin/yarn npm: 6.13.1 - ~/.nvm/versions/node/v10.14.1/bin/npm Watchman: 4.9.0 - /usr/local/bin/watchman Browsers: Chrome: 80.0.3987.100 Firefox: 73.0 Safari: 13.0.5 npmGlobalPackages: @aws-amplify/cli: 4.13.2 cognito-backup-restore: 1.2.0 create-react-native-app: 2.0.2 eslint: 6.7.1 expo-cli: 2.18.4 n: 4.1.0 npm: 6.13.1 react-devtools: 3.6.1 react-native-cli: 2.0.1 react-native-vector-icons: 6.6.0

michaelcuneo commented 4 years ago

This is the response I get now from trying to log in...

npm.aws-amplify.7cfb25a46443e4d7f051.chunk.js:1 Uncaught (in promise) Error: User is not authenticated
    at e.getUserAttributes (npm.aws-amplify.7cfb25a46443e4d7f051.chunk.js:1)
    at npm.aws-amplify.7cfb25a46443e4d7f051.chunk.js:1

POST https://auoto3ziwvhb3p4zintlrncac4.appsync-api.ap-southeast-2.amazonaws.com/graphql 401

The above error occurred in task br
    created by takeLatest(boilerplate/AuthManager/AUTH_LOGIN, br)
    created by Mr
Tasks cancelled due to error:
takeLatest(boilerplate/AuthManager/AUTH_LOGIN, br)
takeLatest(boilerplate/AuthManager/AUTH_LOGOUT, wr)
michaelcuneo commented 4 years ago

First error being the User Auth issues, second error is just the other end of my saga, running a graphql command that is broken. Then saga dumps the error.

bodokaiser commented 4 years ago

I created a related issue. It appears to me that currently only USER_PASSWORD_AUTH is supported for sign-in in amplify.

michaelcuneo commented 4 years ago

@bodokaiser ... I ended up resolving the issue by using Auth.configure({ authenticationFlowType: 'USER_PASSWORD_AUTH', });

But this was not a solution that worked alone. I also had to go into Cognito and tick Enable username password based authentication (ALLOW_USER_PASSWORD_AUTH)

I have always added groups to my Cognito users, then programmatically assigned them to these after account creation, only just recently with the latest amplify-cli have I decided to create the functions post user creation, which was great... but killed my project again, leaving every user half authenticated, with no solution.

Turns out the amplify-cli adds two auth/unauth roles for each group that is independent of the IAM roles that I have already set up for my AppSync API. There doesn't appear to be any documentation anywhere telling me that if I enable functions for adding users to a group, it will require a whole new set of roles. I mean, it's a great idea, if I chose to use roles to separate people by roles... but I don't. I use it to direct people programmatically through the app where I need. I dunno... maybe I'm using groups wrong.

github-actions[bot] commented 3 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.