The example don't work corrrectly with Windows Hello through PIN authentication

[cordev-developer]

Ey guys, I've been working with this example since many days ago. I've checked it with my MacBook Pro M2 and the Passkeys works correctly, but when I check it in my windows desktop, when I'm logued through magic link and I can access to the user created in my User Pool (with the email address verified), then I add the windows hello Passkey and it seems it's all ok, but when I have done the logout and I want to loguin through this Passkey, then always the application says that the user is invalid. Maybe this example is not adapted to windows hello yet ?, thanks in advance .

[ottokruse]

Hi mate. You need to be at least on v0.12.2 for windows to work. What version are you on?

[cordev-developer]

Hi ottokruse,

Thanks for the reply, I forget to mention my Windows system, I'm curretly using Windows 10. What you mean about "v0.12.2", is it a Windows version, I have checked my Windows version but it's totally different from "v0.12.2", what do you think about ?

EDITED: I believe you mean the version of: "amazon-cognito-passwordless-auth": "^0.13.2", I've the version above in my package.json in the end-to-end-example > client folder, is this what you mean ?

[ottokruse]

Yes that's what I meant. That version should be good.

Please paste the full error message here, and any steps to reproduce.

[cordev-developer]

Ok, today I will give more information about how to reply the behaviour, I would include some screenshot also to give you more details. See you later.

[cordev-developer]

Hi ottokruse,

Sorry for the delay in answering, I have good news. It turns out that reviewing the code again, I had downloaded an old version from more than two months ago, and the real version I had was before 0.12, I thought I had the same version as the one in the repository so I looked at the repository version when you asked me, but reviewing the code again I saw that it had an older version, so I deleted the repository and downloaded the current version (0.13), and trying again on Windows, great! works fine with Windows Hello PIN, so fantastic!. I have also followed the AWS Workshop and I have seen that there are cases of possible attacks at the end of the workshop, I have yet to review them but I will see them. I have also seen in the repository readme that it can be used with AWS Amplify and React, so I am eager to see the examples. Everything is great! Good job guys, I'm sure that more than one user will like this application, I want to publish it on a friend's YouTube channel, it's very good, thank you, greetings!

EDITED: I forget to comment about the installed dependencies when I execute the "npm install" command the cdk and client folders, and on both situations, there were some deprecation dependencies, can you tell me more information about these. I suppose there were not any deprecation warning dependencies more serious, because in that case the applciation does not works fine. I wait your comments related with, thanks again and also, good job !!

[ottokruse]

You can ignore those deprecated dependencies. It's because the sample apps contain some dependencies beyond the Passwordless lib. The Passwordless lib itself should not have deprecated dependencies (it has few deps anyway)

[ottokruse]

And great that it's working out for you! Thanks for mentioning you like it 👍🏻👍🏻

[cordev-developer]

Ok ottokruse,

And ok for your comment aobut the deprecated deps, I will follow your recomendation about ignore it.

Have an awesome day ahead.

[ottokruse]

Cheers mate. Let me know how it goes

[cordev-developer]

Hi ottokruse,

Hope you are doing well. I've got a question about how is generated de "credentilId" stored in the DynamoDB table, maybe could be the challenge response from authenticator ?. As I see also is transformed in the sort key in the DynamoDB register. I hope this is correct, to find out I have followed the lambda function code of the VerifyAuth lambda. I'm not sure this is correct, can you help me ? Thanks in advance.

[ottokruse]

Hi mate. The user's authenticator generates credentialId

[cordev-developer]

Hi ottokruse, thanks for the reply. Ok, as I see in the diagram for registering new FIDO2 Authenticator (https://github.com/aws-samples/amazon-cognito-passwordless-auth/blob/main/FIDO2.md), in what step is it created ? Also, maybe in the step 21 is it in which the credentialID is stored ? Thanks again !

[ottokruse]

Here mate:

[cordev-developer]

Umm ok, that's interesting, also I suppose after this, finally it's stored in DynamoDB., etc., and asociated with the public key. On the other hand, I've been working in a Cognito course in Spanish, I will show the FIDO2 example and I though to explain also the Amplify example, etc., Do you know more resources related with FIDO2 and Cognito ?, Thanks in advance.

[ottokruse]

Storing in DynamoDB is a little later, when we also have collected the Friendly name. In the current diagram it is step 21.

Seen the YouTube video and workshop yet? There is also this blog: https://aws.amazon.com/blogs/security/how-to-implement-password-less-authentication-with-amazon-cognito-and-webauthn/

[cordev-developer]

Hi again, yes I saw the video and visited the workshop and I followed the instructions, only I need to test the possible attack scenarios (I though it was very interesting part). Related to the Github repository your comment I also saw the last week, but I had problemes to execute since it's different from this repositoy, I remember I had problemes related to Node dependencies as it uses Node version 12, what do you think about ?. On the other hand, I've been preparing some classes to my course, and hopefully when I have finished I'm preparing another course of Cognito but in English language. thanks again !!

[ottokruse]

Closing this issue, let me know if there's still anything