Wrong error message when user provides correct credentials after too many incorrect attempts

aws-amplify / amplify-ui-swift-authenticator

The Amplify UI Authenticator is a component that supports several authentiation flows using Amplify Authentication.

https://ui.docs.amplify.aws/swift/connected-components/authenticator

Apache License 2.0

15 stars 9 forks source link

Wrong error message when user provides correct credentials after too many incorrect attempts #92

Closed sasaar closed 1 month ago

sasaar commented 2 months ago

Description: This is more feature request than bug, but after user has entered wrong credentials on login several times and then provides correct credentials, localised message for .notAuthorized is returned:

if case .notAuthorized(_, _, _) = error {
    return "authenticator.authError.incorrectCredentials".localized()
}

AuthenticatorBaseState still seems to know the exact reason:

Would it be possible to get own localized message for login error when password attempts are exceeded?

ruisebas commented 2 months ago

Hi @sasaar , thanks for opening this issue.

Unfortunately Cognito returns a NotAuthorizedException error both when the credentials are incorrect and when the attempts have been exceeded. Because of that, we don't have a reliable way of differentiating them either, since the "Password attempts exceeded" string you see is also directly coming from the service and might change without notice.

I'll tag this as a feature request and we'll discuss if there's any alternative we can offer. Thanks!

sasaar commented 1 month ago

Thanks for the prompt reply.

ruisebas commented 1 month ago

We've released version 1.1.7 that now lets you use the errorMap(_:) view modifier to provide a new message only for the error you wish to overwrite; if you return nil then the Authenticator will handle it as usual.

For example, this would achieve what you wish:

Authenticator { _ in 
    // ....
}
.errorMap { error in
    // Return custom message when password attempts are exceeded
    if case .notAuthorized(let description, _, _) = error, description == "Password attempts exceeded" {
        return .error(message: "[Your custom message]")
    }

    // Let the Authenticator handle all remaining errors
    return nil
}

However, as I said earlier, keep in mind that the description string is coming directly from the Cognito service and that it might change.

sasaar commented 1 month ago

Many thanks. We will try this (version 1.1.7) asap.

ruisebas commented 1 month ago

Hi @sasaar, we've decided to handle this particular scenario within the Authenticator. It's been released in version 1.1.8.

You can still use the errorMap(_:) function to provide custom error messages, but now the Authenticator should already show a different error message when the passwords attempts are exceeded.

I'm closing this feature request as completed. Feel free to reopen it or create another issue if something's not working as expected. Thanks!

github-actions[bot] commented 1 month ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.