aws-samples / amazon-cognito-passwordless-email-auth Goto Github PK

Are there instructions for how to build and test this locally using SAM or something similar?

Looking for the correct type.

@deprecated — Please use specific event handler types instead

'CognitoUserPoolTriggerHandler' is deprecated ts(6385)

We would like to extend the solution to uses SMS as alternative way for a passwordless email auth using cognito. The goal is that the user can choose either email or sms for getting the secret code. How can we tell the lambda that the request from cognito was made by email or sms?

Hello,

we changed our cognito pool to support email or phonenumber as username, but now we get follwing error with the example app.

Thank you so much for your help!

Not sure what I am doing wrong. But I keep getting this error message. When I check in Cognito the user is verified and confirmed. Any help is appreciated.

{
"errorMessage": "Email address is not verified. The following identities failed the check in region US-EAST-1: [email protected]",
"errorType": "MessageRejected",
"stackTrace": [
"Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:47:29)",
"Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)",
"Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)",
"Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)",
"Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)",
"AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)",
"/var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10",
"Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)",
"Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)",
"Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)"
]
}

From the command prompt:
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

audited 1 package in 1.035s
found 0 vulnerabilities

The system cannot find the path specified.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] postinstall: cd ./lambda-triggers/create-auth-challenge && npm i && cd -
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] postinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\hanifa.amer\AppData\Roaming\npm-cache_logs\2020-10-20T09_49_46_440Z-debug.log

From the debug log:

58 http fetch POST 200 https://registry.npmjs.org/-/npm/v1/security/audits/quick 373ms
59 timing audit body Completed in 1ms
60 silly lifecycle [email protected]postinstall: Returned: code: 1 signal: null
61 info lifecycle [email protected]postinstall: Failed to exec postinstall script
62 verbose stack Error: [email protected] postinstall: cd ./lambda-triggers/create-auth-challenge && npm i && cd -
62 verbose stack Exit status 1
62 verbose stack at EventEmitter. (C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\index.js:332:16)
62 verbose stack at EventEmitter.emit (events.js:315:20)
62 verbose stack at ChildProcess. (C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\lib\spawn.js:55:14)
62 verbose stack at ChildProcess.emit (events.js:315:20)
62 verbose stack at maybeClose (internal/child_process.js:1051:16)
62 verbose stack at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

Hi,

I'm trying to create passwordless email authentications on Android. I follow this example: https://aws.amazon.com/blogs/mobile/implementing-passwordless-email-authentication-with-amazon-cognito/. I was able to signup user however I struggle with signing in. In the above instruction, there is only JS client example and it contains methods what Android SDK does not have e.g. Auth.signIn(email) or Auth.signIn(email). Can you please tell how can I make a passwordless authentication using Cognito Android SDK?

The back end should allow 3 attempts for entering the login code, but the session is invalidated in the client after the first invalid attempt.

Steps to reproduce:

1. Request login code
2. Submit invalid login code
3. Submit correct login code

Expected result:

The user should be logged in.

Actual result

The user is not logged in.

Additional context

The first Auth.sendCustomChallengeAnswer request with the INVALID code returns the following error:

Object { code: "UserLambdaValidationException", name: "UserLambdaValidationException", message: "CreateAuthChallenge failed with error 'challengeMetaData'." }

The second Auth.sendCustomChallengeAnswer request with the CORRECT code returns the following error:

Object { code: "NotAuthorizedException", name: "NotAuthorizedException", message: "Invalid session for the user." }

Hi, thanks for this very useful example.

We find that some users struggle to get the code from their email within three minutes, so we'd like codes to be valid for longer, perhaps for up to ten minutes.

Unfortunately we can't see any configuration options in Cognito to allow us to do this.

Do you know if this is possible?

There is a scenario where user types wrong email address on initial sign up accidentally or intentionally.

This will create confirmed user in user pool. User won't be able to login using this email as he won't get access code, so the account will end up in limbo.

This account email address can potentially be a legitimate email for another user who will not be able to sign up getting "User Already Exists" exception.

I think the logic should be a bit more complex, similar to below:

a) check for a new signing up user if a user pool user with the same email already exists
b) if exists - verify if user pool user has email status is confirmed
c) if user pool user email status is not confirmer - delete user pool user and proceed with a new user sign up
d) update new user pool user email status to "confirmed" after first successful sign in

Hi,

I'm wondering what's the best solution to persisting the authentication challenge session across page loads. Consider the following scenario:

1. User goes to /login and requests login code
2. User retrieves login code from email
3. User reloads /login (or opens it in new tab)

The auth challenge session information is now lost and no info is stored by aws-amplify in local storage since the user is not authenticated yet.

Hey,

I'm just curious, do you think it would be possible to make a branch of this repo which also verifies the phone at the same time? That's the main thing holding me back from trusting cognito

Thanks for your work

I have run this example and noted that refresh token is saved in web localStorage after login.

According the auth0 documentation:

A Single-Page Application (normally implementing Implicit Flow) should not ever receive a Refresh Token. A Refresh Token is essentially a user credential that allows a user to remain authenticated indefinitely. This sensitive information should be stored securely and not exposed client-side in a browser.

So, is it secure to have a refresh token on the client?