search

aws / aws-sdk-js-v3

Modularized AWS SDK for JavaScript.
Apache License 2.0
3.12k stars 578 forks source link

AWS Rekognition Node.js createFaceLivenessSession returns invalid/corrupt session ID #6325

Closed haarj closed 4 weeks ago

haarj commented 3 months ago

Checkboxes for prior research

Describe the bug

Most of the time createFaceLivenessSession returns valid session IDs, which I then pass to the app to start the FaceLivenessDetectorView, however sometimes when I pass the sessionID to the Faceliveness experience in my iOS/Android apps, the rekognition iOS/Android SDK's return an "invalid session ID" error.

Is it possible that the region I am using for some of these users are incorrect? By default I am using the "us-east-1" region for all createFaceLivenessSession requests.

SDK version number

@aws-sdk/client-s3@3.616.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v20.11.1

Reproduction Steps

Node.js:

const Rekognition = require("aws-sdk/clients/rekognition");
const rekClient = new Rekognition({
      region: "us-east-1",
      credentials: {
            accessKeyId: rekAccessKeyID,    
            secretAccessKey: process.env.AMAZON_REKOGNITION_SECRET_KEY
        }
    });

    const response = await rekClient.createFaceLivenessSession().promise();

    const sessionId = response.SessionId;

Observed Behavior

iOS Error: public static let sessionNotFound = FaceLivenessDetectionError( code: 1, message: "Session not found.", recoverySuggestion: "Enter a valid session ID." )

Expected Behavior

iOS SDK accepts session ID and presents FaceLivenessDetectorView

Possible Solution

Maybe this is a race condition, maybe the region needs to change. I am passing us-east-1 in all places where it is required in Node.js, iOS, and Android...

Additional Information/Context

Again, most of the time this is working without issue, but sometimes "invalid/corrupt" or race conditioned session Ids are being returned from Node.js.

aBurmeseDev commented 3 months ago

Hi @haarj - thanks for reaching out.

The issue you're facing seems to be related to the region you're using for some users when creating the Face Liveness session. The AWS Rekognition service is regional, and the region you specify when creating the client determines where the service requests are sent and processed.

By default, you're using the us-east-1 region for all createFaceLivenessSession requests. However, it's possible that some of your users are located in different regions, and if you pass a session ID created in one region to SDK in another region, it will result in an "invalid session ID" error.

To resolve this issue, you should determine the appropriate region for each user based on their location or proximity to the AWS regions. Then, create the Rekognition client instance with the correct region for each user before calling createFaceLivenessSession.

Hope it helps, John

haarj commented 3 months ago

Hey John,Thanks for clarifying. It’s good to know this is a region issue. What’s the best way to implement your suggestion, “ To resolve this issue, you should determine the appropriate region for each user based on their location or proximity to the AWS regions. Then, create the Rekognition client instance with the correct region for each user before calling createFaceLivenessSession.”,On iOS and Android?

Thanks! Justin Sent from my iPhone

On Aug 1, 2024, at 10:13 PM

haarj commented 3 months ago

Hey @aBurmeseDev any suggestion on how to figure out which region to choose for iOS and Android clients?

Thanks!

aBurmeseDev commented 3 months ago

One possible solution is to determine the user's region based on their location or other factors, and then create the face liveness session in that specific region. You can do this by setting the region parameter when creating the Rekognition client instance.

const userRegion = "us-west-2"; // Determine the user's region based on their location or other factors

const rekClient = new Rekognition({
  region: userRegion,
  credentials: {
    accessKeyId: rekAccessKeyID,
    secretAccessKey: process.env.AMAZON_REKOGNITION_SECRET_KEY
  }
});

const response = await rekClient.createFaceLivenessSession().promise();
const sessionId = response.SessionId;

Now, when you pass the sessionId to the iOS/Android apps, the Rekognition SDK client on the device should be able to recognize the session ID, as it was created in the same region as the client is configured to operate.

haarj commented 3 months ago

Thanks, @aBurmeseDev but how do I "determine the user's region based on their location or other factors"? Does the AWS SDK provide a function to do that or is there some 3rd party tool I can use? How would I account for people located near country borders but should be using a region that is technically farther away and part of that user's country?

aBurmeseDev commented 3 months ago

Hey! sorry for the delay. The best way to determine the user's region really depends on how you've set up your React app and what you're trying to achieve. Without knowing more about your specific project and goals, it's a bit tricky for me to give you a solid recommendation. But I'd be happy to help if you'd like to share more details about your app and what you're aiming for!

haarj commented 3 months ago

Hey @aBurmeseDev so we have native iOS and Android apps. We have users all over the world and one of the features we enable users is to verify their profile by using the Faceliveness detection feature from AWS Rekognition. We need to be able to allow users to create sessionIds anywhere in the world in order to pass those session IDs to the Faceliveness view inside the apps. We create sessionIDs server-side, however, we need to know what region a user is in so that we create and pass a valid session ID. Does that answer your question?

Thanks!

haarj commented 2 months ago

Hey @aBurmeseDev just checking in. Thanks!

haarj commented 2 months ago

Hey @aBurmeseDev just following up again. Thanks!

aBurmeseDev commented 2 months ago

Hi @haarj - sorry for the delay.

Based on your explanation, it seems you need to determine the appropriate AWS Region for creating Rekognition session IDs based on the user's location. This is likely because AWS services like Rekognition have regional endpoints and the session ID needs to be created in the same region where the subsequent face analysis operations will be performed.

You can consider the following approaches:

It's worth noting that AWS Rekognition is currently available in a limited number of regions, so you'll need to ensure that your mapping aligns with the regions where Rekognition is supported.

Additionally, you may want to implement caching mechanisms or other performance optimizations to minimize the overhead of determining the user's location and the corresponding AWS Region for each request.

Again these are recommendations based on my knowledge of AWS Rekognition, it's not my primary area of expertise as my main focus lies in supporting the AWS SDK and its related services.

Hope it's helpful in a way to get you to the right path! Best, John

github-actions[bot] commented 4 weeks ago

This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing.

haarj commented 4 weeks ago

Hey @aBurmeseDev sorry for the later reply. I decided to create a table on my server of the available regions for AWS Faceliveness and their approximate locations and then using the clients geolocation to map which region is closest to the client. Let's see how that performs for now and I'll reach back out if I see that isn't working. Thanks for your help!

github-actions[bot] commented 2 weeks ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.