Closed yenhanshih closed 2 years ago
Hi @yenhanshih,
Good afternoon.
Thanks for posting guidance question. Although I'm not sure, this might be related to https://github.com/aws/aws-sdk-net-extensions-cognito/issues/10.
Thanks, Ashish
@ashishdhingra it does look relevant, however according to the use case you provided a link to, it is for StartWithSrpAuthAsync()
then calling ConfirmDeviceAsync()
, which as mentioned, seems to work for me. However, the issue occurs for me when we are calling RespondToAuthChallengeAsync()
then calling ConfirmDeviceAsync()
.
Thanks
@ashishdhingra it does look relevant, however according to the use case you provided a link to, it is for
StartWithSrpAuthAsync()
then callingConfirmDeviceAsync()
, which as mentioned, seems to work for me. However, the issue occurs for me when we are callingRespondToAuthChallengeAsync()
then callingConfirmDeviceAsync()
.Thanks
@yenhanshih Not sure if this would help, there is a similar question posted on StackOverflow for Boto3 https://stackoverflow.com/questions/59062064/aws-cognito-boto3-error-on-confirm-device-invalid-device-key-given. Please give it a try. We can change this issue to bug for investigation, if required.
@ashishdhingra looks like that was it. Instead of passing in the email address, it actually needed the Cognito Id, which was a GUID associated to the User. I am able to call ConfirmDeviceAsync() from the SMS_MFA challange now.
@ashishdhingra looks like that was it. Instead of passing in the email address, it actually needed the Cognito Id, which was a GUID associated to the User. I am able to call ConfirmDeviceAsync() from the SMS_MFA challange now.
@yenhanshih Glad that it worked out for you. Closing this issue for now.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
The Question
I am currently trying to implement MFA suppression via remembered devices in Cognito. I am trying to implement this workflow as documented here (https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pool-remembered-devices/) but seem to have ran into an exception when calling ConfirmDeviceAsync().
Amazon.CognitoIdentityProvider.Model.InvalidParameterException: 'Invalid device key given.'
It is also important to mention that ConfirmDeviceAsync() seems to work if we are doing SRP Auth WITHOUT SMS_MFA challenge. It doesn't seem like I am missing anything, any help is appreciated.
Environment
We also use
aws-sdk-net-extensions-cognito 2.2.2
to callGenerateDeviceVerifier
to create the PasswordVerifier and Salt.This is a :question: general question