Temp password only succeeds once

[israx]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

``` # Put output below this line System: OS: macOS 14.6.1 CPU: (10) arm64 Apple M1 Pro Memory: 1.58 GB / 16.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 20.16.0 - ~/.nvm/versions/node/v20.16.0/bin/node npm: 10.8.1 - ~/.nvm/versions/node/v20.16.0/bin/npm Watchman: 2024.07.15.00 - /opt/homebrew/bin/watchman Browsers: Chrome: 128.0.6613.137 Safari: 17.6 npmPackages: @aws-amplify/backend: ^1.2.1 => 1.2.1 @aws-amplify/backend-cli: ^1.2.6 => 1.2.6 @aws-amplify/react-native: ^1.1.4 => 1.1.4 @aws-amplify/ui-react-native: ^2.2.5 => 2.2.5 @aws-sdk/client-s3: 3.624.0 => 3.624.0 @babel/core: ^7.20.0 => 7.25.2 @expo/vector-icons: ^14.0.2 => 14.0.2 @react-native-async-storage/async-storage: 1.23.1 => 1.23.1 @react-native-community/netinfo: 11.3.1 => 11.3.1 @react-navigation/drawer: ^6.7.2 => 6.7.2 @react-navigation/native: ^6.0.2 => 6.1.18 @types/jest: ^29.5.12 => 29.5.12 @types/react: ~18.2.45 => 18.2.79 @types/react-test-renderer: ^18.0.7 => 18.3.0 HelloWorld: 0.0.1 aws-amplify: ^6.6.0 => 6.6.0 aws-amplify/adapter-core: undefined () aws-amplify/analytics: undefined () aws-amplify/analytics/kinesis: undefined () aws-amplify/analytics/kinesis-firehose: undefined () aws-amplify/analytics/personalize: undefined () aws-amplify/analytics/pinpoint: undefined () aws-amplify/api: undefined () aws-amplify/api/server: undefined () aws-amplify/auth: undefined () aws-amplify/auth/cognito: undefined () aws-amplify/auth/cognito/server: undefined () aws-amplify/auth/enable-oauth-listener: undefined () aws-amplify/auth/server: undefined () aws-amplify/data: undefined () aws-amplify/data/server: undefined () aws-amplify/datastore: undefined () aws-amplify/in-app-messaging: undefined () aws-amplify/in-app-messaging/pinpoint: undefined () aws-amplify/push-notifications: undefined () aws-amplify/push-notifications/pinpoint: undefined () aws-amplify/storage: undefined () aws-amplify/storage/s3: undefined () aws-amplify/storage/s3/server: undefined () aws-amplify/storage/server: undefined () aws-amplify/utils: undefined () expo: ~51.0.28 => 51.0.32 expo-auth-session: ~5.5.2 => 5.5.2 expo-av: ~14.0.7 => 14.0.7 expo-font: ~12.0.9 => 12.0.10 expo-image-picker: ~15.0.7 => 15.0.7 expo-linking: ~6.3.1 => 6.3.1 expo-local-authentication: ~14.0.1 => 14.0.1 expo-router: ~3.5.23 => 3.5.23 expo-splash-screen: ~0.27.5 => 0.27.5 expo-status-bar: ~1.12.1 => 1.12.1 expo-system-ui: ~3.0.7 => 3.0.7 expo-web-browser: ~13.0.3 => 13.0.3 jest: ^29.2.1 => 29.7.0 jest-expo: ~51.0.4 => 51.0.4 react: 18.2.0 => 18.2.0 react-dom: 18.2.0 => 18.2.0 react-hook-form: 7.41.5 => 7.41.5 (7.53.0) react-native: 0.74.5 => 0.74.5 react-native-gesture-handler: ~2.16.1 => 2.16.2 react-native-get-random-values: ^1.11.0 => 1.11.0 react-native-paper: ^5.12.5 => 5.12.5 react-native-reanimated: ~3.10.1 => 3.10.1 react-native-safe-area-context: 4.10.5 => 4.10.5 react-native-screens: 3.31.1 => 3.31.1 react-native-web: ~0.19.10 => 0.19.12 react-test-renderer: 18.2.0 => 18.2.0 typescript: ~5.3.3 => 5.3.3 (4.4.4, 4.9.5) uuid: ^10.0.0 => 10.0.0 (9.0.1, 8.3.2, 7.0.3) web-streams-polyfill: 3.3.3 => 3.3.3 web-streams-polyfill-es2018: undefined () web-streams-polyfill-es6: undefined () web-streams-ponyfill: undefined () web-streams-ponyfill-es2018: undefined () web-streams-ponyfill-es6: undefined () npmGlobalPackages: corepack: 0.28.2 eas-cli: 10.2.1 expo-cli: 6.3.10 npm: 10.8.1 typescript: 5.3.3 ```

Describe the bug

If the CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED session expires (which can happen for a handful of reasons), the users' temp password no longer works and a "NotAuthorizedException" error is thrown for any future attempts. The newly created user is now locked out of ever being able to login via aws-amplify/auth library. Reset password functionality does not work in this case either. The only way around this seems to be to delete the user and recreate them within the AWS Amplify console.

Expected behavior

User should be allowed to login and set their new password using the temp password provided during user creation.

Reproduction steps

1. A user is created in the Amplify console with a temp password assigned.
2. User enters username and temp password at the login prompt of custom site form.
3. On submit, the response contains nextStep.signInStep = 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'.
4. All good so far. This is when the user enters a new password which is then passed to the confirmSignIn function.
5. If session expires before the user sends a new password to confirmSignIn function, we hit our issue.

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[israx]

Based on the information provided, it appears that you're experiencing an issue with the authentication process in your React Native application using AWS Amplify v6. However, to better understand and address your problem, I need some additional details:

1. Can you provide more specific steps to reproduce the issue? For example, at what point in the authentication flow does the session expire?

2. Are you using the default Cognito User Pool configuration, or have you customized any settings related to password policies or session duration?

3. Can you share the relevant code snippet where you're handling the CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED challenge?

4. Have you checked the Cognito User Pool logs in the AWS Console for any error messages related to this issue?

These details will help me provide a more accurate and tailored solution to your problem. The information about session expiration and temp password not working suggests a potential issue with the authentication flow or configuration, but more context is needed to pinpoint the exact cause.

[israx]

I solved the issue, thanks

[israx]

Based on the information provided, it appears you're experiencing an issue with the authentication process in a React Native application using AWS Amplify v6. However, to better understand and potentially resolve your issue, I need some additional information:

1. Can you provide more details about the specific scenario when the CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED session expires? For example, how long does it typically take for this to occur?

2. Are you using the Amplify UI components for authentication, or have you implemented a custom authentication flow?

3. Can you share the relevant code snippet where you're handling the sign-in process and the new password confirmation?

4. Have you checked the Cognito User Pool settings in the AWS Console to ensure the password policy and user account expiration settings are configured as expected?

These details will help me better understand your setup and the specific circumstances of the issue, allowing me to provide a more accurate and helpful solution.

[israx]

I solved the issue. Thanks

[israx]

Thank you for raising this issue. If you have any questions or if this issue resurfaces, please don't hesitate to reopen it or create a new one.