search

ellaisys / aws-cognito

AWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
https://ellaisys.github.io/aws-cognito/
MIT License
110 stars 41 forks source link

InvalidSignatureException during registration #24

Closed ionut-tanasa closed 2 years ago

ionut-tanasa commented 2 years ago

i have done the most basic setup of the package and cognito and tried to register an user. out of the box i am getting the following error: 


"message": "Error executing \"AdminCreateUser\" on \"https://cognito-idp.eu-central-1.amazonaws.com\"; AWS HTTP error: Client error: `POST https://cognito-idp.eu-central-1.amazonaws.com` resulted in a `400 Bad Request` response:\n{\"__type\":\"InvalidSignatureException\",\"message\":\"The request signature we calculated does not match the signature you pr (truncated...)\n InvalidSignatureException (client): The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. - {\"__type\":\"InvalidSignatureException\",\"message\":\"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\"}",
    "exception": "Aws\\CognitoIdentityProvider\\Exception\\CognitoIdentityProviderException",

AWS_ACCESS_KEY ID and SECRET have Administrator access just to rule out the permission issue.

do you have any suggestions? what am i doing wrong?

i think the issue is on cognito side since the sdk is throwing the error and not your package

Screenshot 2022-01-04 at 22 36 34 Screenshot 2022-01-04 at 22 37 05 Screenshot 2022-01-04 at 22 39 22 
class RegisterController extends ApiBaseController
{
    use RegistersUsers;

    public function __invoke(Request $request)
    {
        $validator = $request->validate([
            'email' => 'required|email|max:64|unique:users',
            'password' => 'required|confirmed|min:8|max:64'
        ]);

        $collection = collect($request->all());

        $data = $collection->only('name', 'email', 'password'); //passing 'password' is optional.

        try {
            if ($cognitoRegistered = $this->createCognitoUser($data)) {
                User::create($collection->only('email'));
                return response()->json($cognitoRegistered);
            }
        } catch (InvalidUserFieldException $e) {
            dd($e);
        }

        return response()->json($cognitoRegistered);
    }
}
amitdhongde commented 2 years ago

Hi Ionut,

Just to ensure that we are on the same page, can you confirm that you have also configured the below attributes in the ENV file?

# AWS Cognito configurations
AWS_COGNITO_CLIENT_ID="6xxxxxxxxxxxxxxxxxxxxxxxxr"
AWS_COGNITO_CLIENT_SECRET="1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1"
AWS_COGNITO_USER_POOL_ID="xxxxxxxxxxxxxxxxx"
AWS_COGNITO_REGION="xxxxxxxxxxx" //optional - default value is 'us-east-1'
AWS_COGNITO_VERSION="latest" //optional - default value is 'latest'
ionut-tanasa commented 2 years ago

Hi Ionut,

Just to ensure that we are on the same page, can you confirm that you have also configured the below attributes in the ENV file?

# AWS Cognito configurations
AWS_COGNITO_CLIENT_ID="6xxxxxxxxxxxxxxxxxxxxxxxxr"
AWS_COGNITO_CLIENT_SECRET="1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1"
AWS_COGNITO_USER_POOL_ID="xxxxxxxxxxxxxxxxx"
AWS_COGNITO_REGION="xxxxxxxxxxx" //optional - default value is 'us-east-1'
AWS_COGNITO_VERSION="latest" //optional - default value is 'latest'

hey thanks for getting back to me so quickly.

yes, i did setup the keys, that's why i got so confused.

lemme know how can i help debugging this, i just followed your readme and create a cognito pool with all the defaults, nothing crazy

amitdhongde commented 2 years ago

Thanks, Let me revert by the weekend. I presume the Cognito configuration is an issue but let me revert with more specifics.

amitdhongde commented 2 years ago

I just tried the library on a vanilla Laravel application and it just worked. I have deployed it on https://demo.ellaisys.com/cognito/

I have not yet polished it with the right msgs, but the library works!! I would publish the Cognito configuration docs in a day or two so that it helps more.

ionut-tanasa commented 2 years ago

I just tried the library on a vanilla Laravel application and it just worked. I have deployed it on https://demo.ellaisys.com/cognito/

I have not yet polished it with the right msgs, but the library works!! I would publish the Cognito configuration docs in a day or two so that it helps more.

that's awesome. i'll wait for the docs then. we can close this one.

thank you kindly.

amitdhongde commented 2 years ago

Can you confirm that you have included these AWS IAM policies in the account that has the AWS key/secret

AmazonCognitoDeveloperAuthenticatedIdentities AmazonCognitoPowerUser AmazonESCognitoAccess