Temp password only succeeds once

[israx]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

``` # Put output below this line System: OS: macOS 14.6.1 CPU: (10) arm64 Apple M1 Pro Memory: 1.58 GB / 16.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 20.16.0 - ~/.nvm/versions/node/v20.16.0/bin/node npm: 10.8.1 - ~/.nvm/versions/node/v20.16.0/bin/npm Watchman: 2024.07.15.00 - /opt/homebrew/bin/watchman Browsers: Chrome: 128.0.6613.137 Safari: 17.6 npmPackages: @aws-amplify/backend: ^1.2.1 => 1.2.1 @aws-amplify/backend-cli: ^1.2.6 => 1.2.6 @aws-amplify/react-native: ^1.1.4 => 1.1.4 @aws-amplify/ui-react-native: ^2.2.5 => 2.2.5 @aws-sdk/client-s3: 3.624.0 => 3.624.0 @babel/core: ^7.20.0 => 7.25.2 @expo/vector-icons: ^14.0.2 => 14.0.2 @react-native-async-storage/async-storage: 1.23.1 => 1.23.1 @react-native-community/netinfo: 11.3.1 => 11.3.1 @react-navigation/drawer: ^6.7.2 => 6.7.2 @react-navigation/native: ^6.0.2 => 6.1.18 @types/jest: ^29.5.12 => 29.5.12 @types/react: ~18.2.45 => 18.2.79 @types/react-test-renderer: ^18.0.7 => 18.3.0 HelloWorld: 0.0.1 aws-amplify: ^6.6.0 => 6.6.0 aws-amplify/adapter-core: undefined () aws-amplify/analytics: undefined () aws-amplify/analytics/kinesis: undefined () aws-amplify/analytics/kinesis-firehose: undefined () aws-amplify/analytics/personalize: undefined () aws-amplify/analytics/pinpoint: undefined () aws-amplify/api: undefined () aws-amplify/api/server: undefined () aws-amplify/auth: undefined () aws-amplify/auth/cognito: undefined () aws-amplify/auth/cognito/server: undefined () aws-amplify/auth/enable-oauth-listener: undefined () aws-amplify/auth/server: undefined () aws-amplify/data: undefined () aws-amplify/data/server: undefined () aws-amplify/datastore: undefined () aws-amplify/in-app-messaging: undefined () aws-amplify/in-app-messaging/pinpoint: undefined () aws-amplify/push-notifications: undefined () aws-amplify/push-notifications/pinpoint: undefined () aws-amplify/storage: undefined () aws-amplify/storage/s3: undefined () aws-amplify/storage/s3/server: undefined () aws-amplify/storage/server: undefined () aws-amplify/utils: undefined () expo: ~51.0.28 => 51.0.32 expo-auth-session: ~5.5.2 => 5.5.2 expo-av: ~14.0.7 => 14.0.7 expo-font: ~12.0.9 => 12.0.10 expo-image-picker: ~15.0.7 => 15.0.7 expo-linking: ~6.3.1 => 6.3.1 expo-local-authentication: ~14.0.1 => 14.0.1 expo-router: ~3.5.23 => 3.5.23 expo-splash-screen: ~0.27.5 => 0.27.5 expo-status-bar: ~1.12.1 => 1.12.1 expo-system-ui: ~3.0.7 => 3.0.7 expo-web-browser: ~13.0.3 => 13.0.3 jest: ^29.2.1 => 29.7.0 jest-expo: ~51.0.4 => 51.0.4 react: 18.2.0 => 18.2.0 react-dom: 18.2.0 => 18.2.0 react-hook-form: 7.41.5 => 7.41.5 (7.53.0) react-native: 0.74.5 => 0.74.5 react-native-gesture-handler: ~2.16.1 => 2.16.2 react-native-get-random-values: ^1.11.0 => 1.11.0 react-native-paper: ^5.12.5 => 5.12.5 react-native-reanimated: ~3.10.1 => 3.10.1 react-native-safe-area-context: 4.10.5 => 4.10.5 react-native-screens: 3.31.1 => 3.31.1 react-native-web: ~0.19.10 => 0.19.12 react-test-renderer: 18.2.0 => 18.2.0 typescript: ~5.3.3 => 5.3.3 (4.4.4, 4.9.5) uuid: ^10.0.0 => 10.0.0 (9.0.1, 8.3.2, 7.0.3) web-streams-polyfill: 3.3.3 => 3.3.3 web-streams-polyfill-es2018: undefined () web-streams-polyfill-es6: undefined () web-streams-ponyfill: undefined () web-streams-ponyfill-es2018: undefined () web-streams-ponyfill-es6: undefined () npmGlobalPackages: corepack: 0.28.2 eas-cli: 10.2.1 expo-cli: 6.3.10 npm: 10.8.1 typescript: 5.3.3 ```

Describe the bug

If the CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED session expires (which can happen for a handful of reasons), the users' temp password no longer works and a "NotAuthorizedException" error is thrown for any future attempts. The newly created user is now locked out of ever being able to login via aws-amplify/auth library. Reset password functionality does not work in this case either. The only way around this seems to be to delete the user and recreate them within the AWS Amplify console.

Expected behavior

User should be allowed to login and set their new password using the temp password provided during user creation.

Reproduction steps

1. A user is created in the Amplify console with a temp password assigned.
2. User enters username and temp password at the login prompt of custom site form.
3. On submit, the response contains nextStep.signInStep = 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'.
4. All good so far. This is when the user enters a new password which is then passed to the confirmSignIn function.
5. If session expires before the user sends a new password to confirmSignIn function, we hit our issue.

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[israx]

Based on the information provided, it appears you're experiencing an issue with the sign-in process using AWS Amplify v6 in a React Native application. However, some crucial details are missing that would help in providing a more accurate solution. To better understand and address your issue, I would need answers to the following questions:

1. Can you provide more details about the specific scenario when the CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED session expires? For example, how long does it typically take for this to occur?

2. Are you using the default Cognito User Pool settings, or have you customized any settings related to temporary passwords or session duration?

3. Can you share the relevant code snippet where you're handling the sign-in process and the CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED state?

4. Have you observed any specific error messages in your application logs when this issue occurs?

These details will help in identifying the root cause of the problem and suggesting an appropriate solution or workaround.

[israx]

I was able to solve the issue.