epratik
commented
3 years ago I found the issue. My create auth lambda was wrong. The if statement in my lambda was if (!event.request.session || event.request.session.length === 0) { but should be if (event.request.session.length === 2 && event.request.challengeName === 'CUSTOM_CHALLENGE') {
I had a console.log(event) inside the create auth lambda before the if statement but that was not writing log to cloud watch which led me to believe that the lambda was not getting fired. I created a new lambda function which fixed the logging issue.
github-actions[bot]
Before opening, please confirm:
JavaScript Framework
Vue
Amplify APIs
Authentication
Amplify Categories
auth
Environment information
System: OS: Windows 10 10.0.18363 CPU: (8) x64 Intel(R) Core(TM) i7-8665U CPU @ 1.90GHz Memory: 4.71 GB / 15.81 GB Binaries: Node: 14.16.0 - C:\Program Files\nodejs\node.EXE
npm: 6.14.11 - C:\Program Files\nodejs\npm.CMD
Browsers: Chrome: 89.0.4389.128 Edge: Spartan (44.18362.1474.0) Internet Explorer: 11.0.18362.1 npmPackages: @bootstrap-vue/alert: 1.0.0 @bootstrap-vue/aspect: 1.0.0 @bootstrap-vue/avatar: 1.0.0 @bootstrap-vue/badge: 1.0.0 @bootstrap-vue/breadcrumb: 1.0.0 @bootstrap-vue/button: 1.0.0 @bootstrap-vue/button-group: 1.0.0 @bootstrap-vue/button-toolbar: 1.0.0 @bootstrap-vue/calendar: 1.0.0 @bootstrap-vue/card: 1.0.0 @bootstrap-vue/carousel: 1.0.0 @bootstrap-vue/collapse: 1.0.0 @bootstrap-vue/dropdown: 1.0.0 @bootstrap-vue/embed: 1.0.0 @bootstrap-vue/form: 1.0.0 @bootstrap-vue/form-btn-label-control: 1.0.0 @bootstrap-vue/form-checkbox: 1.0.0 @bootstrap-vue/form-datepicker: 1.0.0 @bootstrap-vue/form-file: 1.0.0 @bootstrap-vue/form-group: 1.0.0 @bootstrap-vue/form-input: 1.1.0 @bootstrap-vue/form-radio: 1.0.0 @bootstrap-vue/form-rating: 1.0.0 @bootstrap-vue/form-select: 1.0.0 @bootstrap-vue/form-spinbutton: 1.0.0 @bootstrap-vue/form-tags: 1.0.0 @bootstrap-vue/form-textarea: 1.0.0 @bootstrap-vue/form-timepicker: 1.0.0 @bootstrap-vue/icons: 1.0.0 @bootstrap-vue/image: 1.0.0 @bootstrap-vue/input-group: 1.0.0 @bootstrap-vue/jumbotron: 1.0.0 @bootstrap-vue/layout: 1.0.0 @bootstrap-vue/link: 1.0.0 @bootstrap-vue/list-group: 1.0.0 @bootstrap-vue/media: 1.0.0 @bootstrap-vue/modal: 1.0.0 @bootstrap-vue/nav: 1.0.0 @bootstrap-vue/navbar: 1.0.0 @bootstrap-vue/overlay: 1.0.0 @bootstrap-vue/pagination: 1.0.0 @bootstrap-vue/pagination-nav: 1.0.0 @bootstrap-vue/popover: 0.0.0 (1.0.0) @bootstrap-vue/progress: 1.0.0 @bootstrap-vue/scrollspy: 0.0.0 @bootstrap-vue/sidebar: 1.0.0 @bootstrap-vue/skeleton: 1.0.0 @bootstrap-vue/spinner: 1.0.0 @bootstrap-vue/table: 1.0.0 @bootstrap-vue/tabs: 1.0.0 @bootstrap-vue/time: 1.0.0 @bootstrap-vue/toast: 1.0.0 @bootstrap-vue/tooltip: 0.0.0 (1.0.0) @bootstrap-vue/transition: 1.0.0 @bootstrap-vue/transporter: 1.0.0 @bootstrap-vue/v-b-hover: 1.0.0 @bootstrap-vue/v-b-toggle: 1.0.0 @bootstrap-vue/v-b-visible: 0.0.0 @casl/ability: ^5.2.2 => 5.2.2 @casl/ability/extra: undefined () @casl/vue: ^1.2.2 => 1.2.2 @vue/cli-plugin-babel: ^4.5.12 => 4.5.12 @vue/cli-plugin-eslint: ^4.5.12 => 4.5.12 @vue/cli-plugin-router: ^4.5.12 => 4.5.12 @vue/cli-plugin-vuex: ^4.5.12 => 4.5.12 @vue/cli-service: ^4.5.12 => 4.5.12 @vue/eslint-config-prettier: ^6.0.0 => 6.0.0 amazon-cognito-identity-js: ^4.6.0 => 4.6.0 aws-amplify: ^3.3.27 => 3.3.27 aws-amplify-vue: ^2.1.5 => 2.1.5 aws-sdk: ^2.888.0 => 2.888.0 axios: ^0.21.1 => 0.21.1 babel-eslint: ^10.1.0 => 10.1.0 bootstrap-vue: ^2.21.2 => 2.21.2 core-js: ^3.10.1 => 3.10.1 eslint: ^6.7.2 => 6.8.0 eslint-plugin-prettier: ^3.4.0 => 3.4.0 eslint-plugin-vue: ^6.2.2 => 6.2.2 node-sass: ^4.12.0 => 4.14.1 prettier: ^1.19.1 => 1.19.1 sass-loader: ^8.0.2 => 8.0.2 vue: ^2.6.11 => 2.6.12 vue-router: ^3.2.0 => 3.5.1 vue-template-compiler: ^2.6.11 => 2.6.12 vuex: ^3.4.0 => 3.6.2 npmGlobalPackages: @aws-amplify/cli: 4.44.2 @vue/cli: 4.5.11
Describe the bug
I am trying to implement CUSTOM_AUTH flow with SRP and Email based OTP using Cognito. I understand I can combine SRP with a custom flow and SRP details will be taken care by amplify. Documentation - https://docs.amplify.aws/lib/auth/switch-auth/q/platform/js#custom_auth-flow
But this does not happen and the flow breaks post SRP verification. I am doing a simple Auth.signIn(username,password). In the lambda trigger, I can see that the PASSWORD_VERIFIER challenge is set to true and next challenge us set to CUSTOM_CHALLENGE. But at this point server returns - Incorrect username or password.
Expected behavior
Cognito should reply asking for CUSTOM_CHALLENGE answer and not give an error.
Reproduction steps
1.Setup custom flow by defining create , define and verify challenge triggers on cognito. 2.Set authentication flow type to CUSTOM_AUTH on client 3.Call Auth.signIn(username, password) 4.This executes the first 2 cases of define auth challange lambda trigger 5..The input json to define auth challange lambda looks like this - { challengeName: 'SRP_A', challengeResult: true, challengeMetadata: null }, { challengeName: 'PASSWORD_VERIFIER', challengeResult: true, challengeMetadata: null } 6.Its clear that password is validated. 7.It now sets the challange to CUSTOM_CHALLANGE. 8.At this point the client fails with NotAuthorizedException instead of asking for the challange answer.
Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response