search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.12k forks source link

Phone Number Verification Not Sent #7810

Closed ghost closed 3 years ago

ghost commented 3 years ago

Describe the bug

Phone verification is not sent after the user signs up.

Detailed Description and Steps to Reproduce

I'm using aws-amplify for my React Native project. I want to sign users with phone number and send SMS immediately after they sign up. I tried to do that using eu-central-1 (Frankfurt), us-east-1 (N. Virginia), and eu-west-2 (London). Although I see that the user is created successfully, I was not able to send even one SMS at all. After searching for similar questions, though I have never sent SMS, I did request for SMS quota increase. I was not able to find the problem, and hence I'm literally describing all the steps:

amplify add auth

Here's are the answers to the questions asked after issuing amplify add auth:

Do you want to use the default authentication and security configuration? (Use arrow keys) ❯ Default configuration

How do you want users to be able to sign in? (Use arrow keys) ❯ Phone Number

Do you want to configure advanced settings? (Use arrow keys) ❯ Yes, I want to make some additional changes.

What attributes are required for signing up? ❯ Family Name, Given Name, Phone Number

Do you want to enable any of the following capabilities? ❯ I choose none

AWS Cognito Console

And the process completes after that last question. Then I push the local resources and provision it in the cloud by running amplify push. Afterwards, I get on Cognito console, and choose the User Pool that I just created. From General SettingMFA and verifications, I make the following changes:

Do you want to enable Multi-Factor Authentication (MFA)? Optional

Which attributes do you want to verify? Phone Number

and save the changes.

Here is the code for signing up:

async function signUp(phoneNumber: string, password: string, firstName: string, lastName: string) {
        try {
                const response = await Auth.signUp({
                        username: phoneNumber,
                        password,
                        attributes: {
                                family_name: lastName,
                                given_name: firstName,
                                phone_number: phoneNumber
                        }
                })
        } catch (error) { }
}

Here is the log statement for response.codeDeliveryDetails:

{"AttributeName": "phone_number", "DeliveryMedium": "SMS", "Destination": "+********1003"}

aws-exports.js

Here is the whole content for aws-exports.js file:

/* eslint-disable */
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.

const awsmobile = {
    "aws_project_region": "eu-central-1",
    "aws_cognito_identity_pool_id": "eu-central-1:d26267cc-913a-4972-87d0-0ac03a8ae9eb",
    "aws_cognito_region": "eu-central-1",
    "aws_user_pools_id": "eu-central-1_NEQHgVZpn",
    "aws_user_pools_web_client_id": "6njt1h1390da4ol2lkud38fatu",
    "oauth": {}
};

export default awsmobile;

What I expect is that after the user is created, the phone number receives the code for phone number verification. I also tried to resend it by executing Auth.resendSignUp, but I have never received the code.

I do not have any issue with signal strength, and tried it with other phones and AWS regions as well.

Environment ``` Binaries: Node: 12.16.3 - ~/.nvm/versions/node/v12.16.3/bin/node Watchman: 4.9.0 - /usr/local/bin/watchman Browsers: Chrome: 88.0.4324.192 Safari: 14.0.3 npmGlobalPackages: @aws-amplify/cli: 4.44.0 ```
dabit3 commented 3 years ago

If you are wanting to enable sign up MFA to be phone number, you should not choose the Default configuration and should instead choose the Manual configuration when creating the authentication service.

In the configuration process, be sure to choose: Email based user registration/forgot password: Disabled (Uses SMS/TOTP as an alternative)

Here are all of the steps I'd recommend using to set this up:

amplify add auth

Do you want to use the default authentication and security configuration? Manual configuration
Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics, and more)
Please provide a friendly name for your resource that will be used to label this category in the project: testapp25f80ba925f80ba9
Please enter a name for your identity pool. testapp25f80ba9_identitypool_25f80ba9
Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) No
Do you want to enable 3rd party authentication providers in your identity pool? No
Please provide a name for your user pool: testapp25f80ba9_userpool_25f80ba9
Warning: you will not be able to edit these selections.
How do you want users to be able to sign in? Phone Number
Do you want to add User Pool Groups? No
Do you want to add an admin queries API? No
Multifactor authentication (MFA) user login options: OFF
Email based user registration/forgot password: Disabled (Uses SMS/TOTP as an alternative)
Please specify an SMS verification message: Your verification code is {####}
Do you want to override the default password policy for this User Pool? No
Warning: you will not be able to edit these selections.
What attributes are required for signing up? Email
Specify the app's refresh token expiration period (in days): 30
Do you want to specify the user attributes this app can read and write? No
Do you want to enable any of the following capabilities?
Do you want to use an OAuth flow? No
? Do you want to configure Lambda Triggers for Cognito? No

From there, you should be good to go.

If you are still running into issues, check out this troubleshooting guide: https://aws.amazon.com/premiumsupport/knowledge-center/cognito-troubleshoot-mfa-sms-delivery/

Please let us know if this does not resolve your issue.

ghost commented 3 years ago

Hello @dabit3

I don't want to use MFA for future sign in attempt. I select it as optional just because selecting Phone Number for Which attributes do you want to verify? gives an error when I try to save the changes. I only want to verify the phone number.

I see that you selected Email as an answer to What attributes are required for signing up?. However, we do not require email, but instead we need first name (i.e., given_name) , last name (i.e., family_name), and phone number (i.e., phone_number). Do I need to choose Email as well?

amplify add auth
Using service: Cognito, provided by: awscloudformation

The current configured provider is Amazon Cognito.

Do you want to use the default authentication and security configuration? Manual configuration

Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics, and more)

Please provide a friendly name for your resource that will be used to label this category in the project: myapp

Please enter a name for your identity pool. myappidpool

Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) No

Do you want to enable 3rd party authentication providers in your identity pool? No

Please provide a name for your user pool: myappuserpool

Warning: you will not be able to edit these selections.

How do you want users to be able to sign in? Phone Number

Do you want to add User Pool Groups? No

Do you want to add an admin queries API? No

Multifactor authentication (MFA) user login options: OFF

Email based user registration/forgot password: Disabled (Uses SMS/TOTP as an alternative)

Please specify an SMS verification message: Your verification code is {####}

Do you want to override the default password policy for this User Pool? No

Warning: you will not be able to edit these selections.

What attributes are required for signing up? Family Name (This attribute is not supported by Login With Amazon.), Given Name (This attribute is no
t supported by Login With Amazon.), Phone Number (This attribute is not supported by Facebook, Login With Amazon.)

Specify the app's refresh token expiration period (in days): 30

Do you want to specify the user attributes this app can read and write? No

Do you want to enable any of the following capabilities?

Do you want to use an OAuth flow? No

? Do you want to configure Lambda Triggers for Cognito? No

Then:

amplify push

Here'r are the logs after I signed up using the signUp function in the first comment:

user confirmed: false

code delivery details: {"AttributeName": "phone_number", "DeliveryMedium": "SMS", "Destination": "+********1003"}

I unfortunately did not receive the SMS text.

ghost commented 3 years ago

I followed exactly the same steps I described in my issue with my friend's AWS account, and it worked. The SMS has been sent successfully. Therefore, I thought that there was something wrong with my AWS account. I created a new AWS account, and without making any addition, I created an amplify project with my new AWS account using eu-central-1 (Frankfurt). To my best surprise, it failed again.

The user has been created successfully, showing that the Code Delivery Options is SMS, and yet nothing has been sent.

I have no clue how I can diagnose it.

yonatanganot commented 3 years ago

Try to increase the SNS limit in the eu-west-1 region. Cognito is sending SMS messages from the eu-west-1 region for resources located at eu-central-1.

This applies to other few regions as well: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html

@dabit3 I suggest putting this information in the documentation to avoid misunderstanding.

Good luck!

ghost commented 3 years ago

@yonatanganot I will try it out, however, I do not understand why I need to increate the SNS limit when I have not sent even a single SMS. Additionally, sending SMS works well with my friends' AWS Account for the same project and same amplify setup.

As I mentioned above, I created a brand-new AWS Account for myself, and it did not work there too. How would I have hit the limit without sending a single SMS?

ghost commented 3 years ago

Hello,

I would like to inform that I have sent the SMS verification successfully using the same region and AWS account with Serverless Framework

yonatanganot commented 3 years ago

Did you check the CloudWatch logs of the Lambda functions?(CreateAuthChallenge and DefineAuthChallenge). They might have an error during the invocation.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 3 years ago

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.