process_challenge() raises NotAuthorizedException when signing in with alias from clients with secret

[dmder]

https://github.com/capless/warrant/blob/60b9cc0f7ccd4a9a37dc93b1bf6bdc3705981149/warrant/aws_srp.py#L199 This results in an error botocore.errorfactory.NotAuthorizedException: ... Unable to verify secret hash for client <client_id> if a user is trying to authenticate using not the ultimate username, but an alias (such as email, phone_number or preferred_username). Is seems that AWS Cognito always compares SECRET_HASH against the one calculated based on ultimate username, regardless of whether an alias was used to initiate the login or not. Modifying it to self.get_secret_hash(user_id_for_srp, self.client_id, self.client_secret) seems to resolve the issue.

[bjinwright]

@armicron is this what was fixed in #75 ?

[armicron]

@bjinwright no