search

aws-amplify / aws-sdk-android

AWS SDK for Android. For more information, see our web site:
https://docs.amplify.aws
Other
1.03k stars 549 forks source link

Implement Auth.sendCustomChallengeAnswer() allowing multiple custom challegnes for the CUSTOM_AUTH flow #2653

Open ansonallard opened 2 years ago

ansonallard commented 2 years ago

Which AWS Services is the feature request for? Authentication

Is your feature request related to a problem? Please describe.

I am attempting to implement password-less (one-time password) authentication for my Android application using Cognito and Amplify. I have my authentication setup properly on the client side. I followed this blog post when setting up my cloud-side implementation: https://aws.amazon.com/blogs/mobile/implementing-passwordless-email-authentication-with-amazon-cognito/

The above blog post introduces a check that allows a user 3 attempts to input the correct password.

For my client, I make use of the sample code defined in the Android documentation found here: https://docs.amplify.aws/lib/auth/signin/q/platform/android/#sign-in-a-user

Client:

Sign In:

RxAmplify.Auth.signIn("username", "password")
    .subscribe(
        result -> Log.i("AuthQuickstart", result.isSignInComplete() ? "Sign in succeeded" : "Sign in not complete"),
        error -> Log.e("AuthQuickstart", error.toString())
    );

After the signIn call and they receive their one-time password, I make the confirmSignIn call:

RxAmplify.Auth.confirmSignIn("confirmation code received via SMS")
    .subscribe(
        result -> Log.i("AuthQuickstart", result.toString()),
        error -> Log.e("AuthQuickstart", error.toString())
    );

If I get the code correct, I am logged in as expected. However, if I enter the code incorrectly, the callback from Amplify.Auth.confirmSignIn is never hit, and my app sits waiting.

If I change my cloud-side code to support one log-in attempt (code found here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html#aws-lambda-triggers-define-auth-challenge-example), which is not a desirable behavior for the user, the confirmSignIn method returns as expected, either letting the user in if the code was correct, or denying entry and ending the authentication flow if the code was incorrect.

In the Javascript implementation of authentication they have two methods for "confirming a sign in request" (documentation here: https://docs.amplify.aws/lib/auth/advanced/q/platform/js/#lambda-triggers):

Since my cloud resources support multiple challenges, so the user has multiple attempts to enter the code, I would like to see the Android SDK add the Auth.sendCustomChallengeAnswer function, thereby supporting more than one custom challenge.

Describe the solution you'd like

I'd like to see the Auth.sendCustomChallengeAnswer method implemented with an object that has a nextStep field, like the Auth.signIn method:

if (it.data.nextStep.signInStep == AuthSignInStep.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE) {

This would allow for more than one challenge.

Describe alternatives you've considered

None at this time.

Additional context

The Javascript SDK has this method already implemented, but they had some issues with it that users discovered in 2019. I'm linking the issue for reference if it is helpful: https://github.com/aws-amplify/amplify-js/issues/3373

This function is not availabe in iOS either: https://github.com/aws-amplify/amplify-ios/issues/1444

LeJ84 commented 1 year ago

This feature has been forsaken in android ? it works well in iOS but in Android... Seems related to some issues about confirmSignIn