AWS Rekognition Node.js createFaceLivenessSession returns invalid/corrupt session ID

[haarj]

Checkboxes for prior research

• [X] I've gone through Developer Guide and API reference
• [X] I've checked AWS Forums and StackOverflow.
• [X] I've searched for previous similar issues and didn't find any solution.

Describe the bug

Most of the time createFaceLivenessSession returns valid session IDs, which I then pass to the app to start the FaceLivenessDetectorView, however sometimes when I pass the sessionID to the Faceliveness experience in my iOS/Android apps, the rekognition iOS/Android SDK's return an "invalid session ID" error.

Is it possible that the region I am using for some of these users are incorrect? By default I am using the "us-east-1" region for all createFaceLivenessSession requests.

SDK version number

@aws-sdk/client-s3@3.616.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v20.11.1

Reproduction Steps

Node.js:

const Rekognition = require("aws-sdk/clients/rekognition");
const rekClient = new Rekognition({
      region: "us-east-1",
      credentials: {
            accessKeyId: rekAccessKeyID,    
            secretAccessKey: process.env.AMAZON_REKOGNITION_SECRET_KEY
        }
    });

    const response = await rekClient.createFaceLivenessSession().promise();

    const sessionId = response.SessionId;

Observed Behavior

iOS Error: public static let sessionNotFound = FaceLivenessDetectionError( code: 1, message: "Session not found.", recoverySuggestion: "Enter a valid session ID." )

Expected Behavior

iOS SDK accepts session ID and presents FaceLivenessDetectorView

Possible Solution

Maybe this is a race condition, maybe the region needs to change. I am passing us-east-1 in all places where it is required in Node.js, iOS, and Android...

Additional Information/Context

Again, most of the time this is working without issue, but sometimes "invalid/corrupt" or race conditioned session Ids are being returned from Node.js.

[aBurmeseDev]

Hi @haarj - thanks for reaching out.

The issue you're facing seems to be related to the region you're using for some users when creating the Face Liveness session. The AWS Rekognition service is regional, and the region you specify when creating the client determines where the service requests are sent and processed.

By default, you're using the us-east-1 region for all createFaceLivenessSession requests. However, it's possible that some of your users are located in different regions, and if you pass a session ID created in one region to SDK in another region, it will result in an "invalid session ID" error.

To resolve this issue, you should determine the appropriate region for each user based on their location or proximity to the AWS regions. Then, create the Rekognition client instance with the correct region for each user before calling createFaceLivenessSession.

Hope it helps, John

[haarj]

Hey John,Thanks for clarifying. It’s good to know this is a region issue. What’s the best way to implement your suggestion, “ To resolve this issue, you should determine the appropriate region for each user based on their location or proximity to the AWS regions. Then, create the Rekognition client instance with the correct region for each user before calling createFaceLivenessSession.”,On iOS and Android?

Thanks! Justin Sent from my iPhone

On Aug 1, 2024, at 10:13 PM

[haarj]

Hey @aBurmeseDev any suggestion on how to figure out which region to choose for iOS and Android clients?

Thanks!

[aBurmeseDev]

One possible solution is to determine the user's region based on their location or other factors, and then create the face liveness session in that specific region. You can do this by setting the region parameter when creating the Rekognition client instance.

const userRegion = "us-west-2"; // Determine the user's region based on their location or other factors

const rekClient = new Rekognition({
  region: userRegion,
  credentials: {
    accessKeyId: rekAccessKeyID,
    secretAccessKey: process.env.AMAZON_REKOGNITION_SECRET_KEY
  }
});

const response = await rekClient.createFaceLivenessSession().promise();
const sessionId = response.SessionId;

Now, when you pass the sessionId to the iOS/Android apps, the Rekognition SDK client on the device should be able to recognize the session ID, as it was created in the same region as the client is configured to operate.

[haarj]

Thanks, @aBurmeseDev but how do I "determine the user's region based on their location or other factors"? Does the AWS SDK provide a function to do that or is there some 3rd party tool I can use? How would I account for people located near country borders but should be using a region that is technically farther away and part of that user's country?

[aBurmeseDev]

Hey! sorry for the delay. The best way to determine the user's region really depends on how you've set up your React app and what you're trying to achieve. Without knowing more about your specific project and goals, it's a bit tricky for me to give you a solid recommendation. But I'd be happy to help if you'd like to share more details about your app and what you're aiming for!

[haarj]

Hey @aBurmeseDev so we have native iOS and Android apps. We have users all over the world and one of the features we enable users is to verify their profile by using the Faceliveness detection feature from AWS Rekognition. We need to be able to allow users to create sessionIds anywhere in the world in order to pass those session IDs to the Faceliveness view inside the apps. We create sessionIDs server-side, however, we need to know what region a user is in so that we create and pass a valid session ID. Does that answer your question?

Thanks!

[haarj]

Hey @aBurmeseDev just checking in. Thanks!

[haarj]

Hey @aBurmeseDev just following up again. Thanks!

[aBurmeseDev]

Hi @haarj - sorry for the delay.

Based on your explanation, it seems you need to determine the appropriate AWS Region for creating Rekognition session IDs based on the user's location. This is likely because AWS services like Rekognition have regional endpoints and the session ID needs to be created in the same region where the subsequent face analysis operations will be performed.

You can consider the following approaches:

• IP-based Geolocation: You can use IP geolocation services or databases to determine the approximate location (country or region) of the user based on their IP address. This information can then be mapped to the appropriate AWS Region for creating the Rekognition session ID. However, keep in mind that IP geolocation is not 100% accurate and may have limitations especially for mobile devices behind NAT or using VPNs.
• Client-side Geolocation: If your mobile apps have permission to access the user's device location (e.g: GPS or network-based location), you can use the device's geolocation data to determine the approximate region or country. This information can then be passed to your server-side logic which can map the location to the appropriate AWS Region for creating the Rekognition session ID.
• User Selection: As a fallback or alternative approach, you could allow users to manually select their region or country from a list within your app. This selection can then be passed to your server-side logic for creating the Rekognition session ID in the corresponding AWS Region.
• Region Mapping: Maintain a mapping or lookup table on your server that associates countries, regions or IP address ranges with the appropriate AWS Regions for Rekognition. This mapping can be used to determine the correct AWS Region based on the user's location information (obtained through IP geolocation, client-side geolocation or user selection).

It's worth noting that AWS Rekognition is currently available in a limited number of regions, so you'll need to ensure that your mapping aligns with the regions where Rekognition is supported.

Additionally, you may want to implement caching mechanisms or other performance optimizations to minimize the overhead of determining the user's location and the corresponding AWS Region for each request.

Again these are recommendations based on my knowledge of AWS Rekognition, it's not my primary area of expertise as my main focus lies in supporting the AWS SDK and its related services.

Hope it's helpful in a way to get you to the right path! Best, John