Giter Site home page Giter Site logo

Comments (6)

debora-ito avatar debora-ito commented on August 28, 2024

@lgolubenkobit I'll need more information in order to help you out.

  • Can you please provide a code sample I can use to reproduce the issue?
  • Are you able to reproduce in a local environment? If so, can you enable the verbose wirelogs and share the response of a AdminGetUser call? Please make sure to redact any sensitive information, like access keys.

According to the API Reference, mfaOptions is no longer supported, so this field won't return values.

from aws-sdk.

lgolubenkobit avatar lgolubenkobit commented on August 28, 2024

When invoke this function is expected that returns which method choose user or available options enabled in pool

   public AdminGetUserResponse getUserByUuid(String userSub) {
        AdminGetUserRequest adminGetUserRequest = AdminGetUserRequest.builder()
                .userPoolId(cognitoPoolId)
                .username(userSub)
                .build();

        return cognitoClient.adminGetUser(adminGetUserRequest);
    }

but after invoke

System.err.println("*********************************************************************************************");
AdminGetUserResponse response = cognitoUtil.getUserByUuid("");
System.err.println("*********************************************************************************************");
for (AttributeType a : response.userAttributes()) {
	System.err.println(a.name() + " " + a.value());
}
System.err.println();
System.err.println("response: " + response);
System.err.println();
System.err.println("userStatusAsString: " + response.userStatusAsString());
System.err.println("hasMFASettingList: " + response.hasUserMFASettingList());
System.err.println("MFASettingList: " + response.userMFASettingList());
System.err.println("hasMfaOptions: " + response.hasMfaOptions());
System.err.println("mfaOptions: " + response.mfaOptions());
System.err.println("preferredMfaSetting: " + response.preferredMfaSetting());
System.err.println();
			System.err.println("*********************************************************************************************");

this is the response

*********************************************************************************************
2024-02-02 11:32:27.513 DEBUG 414547 --- [           main] s.a.a.c.i.ExecutionInterceptorChain      : Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@302ab67e, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@28058dd0, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@735d1db7, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@4040559d, software.amazon.awssdk.services.cognitoidentityprovider.endpoints.internal.CognitoIdentityProviderResolveEndpointInterceptor@253c82ad, software.amazon.awssdk.services.cognitoidentityprovider.endpoints.internal.CognitoIdentityProviderRequestSetEndpointInterceptor@2153f0d7]
2024-02-02 11:32:27.848 DEBUG 414547 --- [           main] s.a.a.c.i.ExecutionInterceptorChain      : Interceptor 'software.amazon.awssdk.services.cognitoidentityprovider.endpoints.internal.CognitoIdentityProviderRequestSetEndpointInterceptor@2153f0d7' modified the message with its modifyHttpRequest method.
2024-02-02 11:32:27.992 DEBUG 414547 --- [           main] software.amazon.awssdk.request           : Sending Request: DefaultSdkHttpFullRequest(httpMethod=POST, protocol=https, host=cognito-idp.us-east-1.amazonaws.com, encodedPath=/, headers=[amz-sdk-invocation-id, Content-Length, Content-Type, User-Agent, X-Amz-Target], queryParameters=[])
2024-02-02 11:32:28.009 DEBUG 414547 --- [           main] s.a.a.c.i.io.SdkLengthAwareInputStream   : Specified InputStream length of 86 has been reached. Returning EOF.
2024-02-02 11:32:28.049 DEBUG 414547 --- [           main] s.amazon.awssdk.auth.signer.Aws4Signer   : AWS4 Canonical Request: POST
/

amz-sdk-invocation-id: ********
amz-sdk-request:attempt=1; max=4
content-length:86
content-type:application/x-amz-json-1.1
host:cognito-idp.us-east-1.amazonaws.com
x-amz-date:20240202T143228Z
x-amz-target:AWSCognitoIdentityProviderService.AdminGetUser

amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-target
********
2024-02-02 11:32:28.063 DEBUG 414547 --- [           main] s.amazon.awssdk.auth.signer.Aws4Signer   : AWS4 String to sign: *******
20240202T143228Z
20240202/us-east-1/cognito-idp/aws4_request
*******
2024-02-02 11:32:28.401 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     : Connecting socket to cognito-idp.us-east-1.amazonaws.com/54.166.64.53:443 with timeout 2000
2024-02-02 11:32:28.776 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     : Enabled protocols: [TLSv1.3, TLSv1.2]
2024-02-02 11:32:28.777 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     : Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2024-02-02 11:32:28.779 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     : socket.getSupportedProtocols(): [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2Hello], socket.getEnabledProtocols(): [TLSv1.3, TLSv1.2]
2024-02-02 11:32:28.782 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     : Starting handshake
2024-02-02 11:32:29.784 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     : Secure session established
2024-02-02 11:32:29.785 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     :  negotiated protocol: TLSv1.2
2024-02-02 11:32:29.786 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     :  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2024-02-02 11:32:29.787 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     :  peer principal: CN=cognito-idp.us-east-1.amazonaws.com
2024-02-02 11:32:29.788 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     :  peer alternative names: [cognito-idp.us-east-1.amazonaws.com, cognito-idp-fips.us-east-1.amazonaws.com]
2024-02-02 11:32:29.788 DEBUG 414547 --- [           main] s.a.a.h.a.i.conn.SdkTlsSocketFactory     :  issuer principal: CN=Amazon RSA 2048 M02, O=Amazon, C=US
2024-02-02 11:32:29.795 DEBUG 414547 --- [           main] s.a.a.h.a.internal.net.SdkSslSocket      : created: cognito-idp.us-east-1.amazonaws.com/54.166.64.53:443
2024-02-02 11:32:30.118 DEBUG 414547 --- [           main] software.amazon.awssdk.requestId         : Received successful response: 200, Request ID: *******, Extended Request ID: not available
2024-02-02 11:32:30.120 DEBUG 414547 --- [           main] software.amazon.awssdk.request           : Received successful response: 200, Request ID: *******, Extended Request ID: not available
*********************************************************************************************
sub *******
address *******
birthdate 01/01/1970
email_verified true
gender Femenino
name *****
phone_number_verified true
phone_number ********
family_name *********
email *******

response: AdminGetUserResponse(Username=*** Sensitive Data Redacted ***, UserAttributes=[AttributeType(Name=sub, Value=*** Sensitive Data Redacted ***), AttributeType(Name=address, Value=*** Sensitive Data Redacted ***), AttributeType(Name=birthdate, Value=*** Sensitive Data Redacted ***), AttributeType(Name=email_verified, Value=*** Sensitive Data Redacted ***), AttributeType(Name=gender, Value=*** Sensitive Data Redacted ***), AttributeType(Name=name, Value=*** Sensitive Data Redacted ***), AttributeType(Name=phone_number_verified, Value=*** Sensitive Data Redacted ***), AttributeType(Name=phone_number, Value=*** Sensitive Data Redacted ***), AttributeType(Name=family_name, Value=*** Sensitive Data Redacted ***), AttributeType(Name=email, Value=*** Sensitive Data Redacted ***)], UserCreateDate=2024-01-22T19:43:23.504Z, UserLastModifiedDate=2024-01-23T18:30:25.532Z, Enabled=true, UserStatus=CONFIRMED, MFAOptions=[MFAOptionType(DeliveryMedium=SMS, AttributeName=phone_number)])

userStatusAsString: CONFIRMED
hasMFASettingList: false
MFASettingList: []
hasMfaOptions: true
mfaOptions: [MFAOptionType(DeliveryMedium=SMS, AttributeName=phone_number)]
preferredMfaSetting: null

*********************************************************************************************

Both options are enabled on pool, and SMS is used by the user
image

I know that, according to documentation, mfaOptions is deprecated, but others fileld must return value according what factor choose user after first login.

from aws-sdk.

debora-ito avatar debora-ito commented on August 28, 2024

@lgolubenkobit thank you for the additional logs.

The observations in the StackOverflow answer make sense. Looking at the logs you provided, the 'UserMFASettingList' and 'PreferredMfaSetting' are not part of the AdminGetUser response initially:

response: AdminGetUserResponse(
    Username=*** Sensitive Data Redacted ***, 
    UserAttributes=[...], 
    UserCreateDate=2024-01-22T19:43:23.504Z, 
    UserLastModifiedDate=2024-01-23T18:30:25.532Z, 
    Enabled=true, 
    UserStatus=CONFIRMED, 
    MFAOptions=[MFAOptionType(DeliveryMedium=SMS, AttributeName=phone_number)]
)

but they will get populated after calling AdminSetUserMfaPreference.

I'll reach out to the Cognito team to comment on this behavior, to confirm if it's expected. If it is, I'll ask to make it clear in the AdminGetUser API Reference.

I'll also transfer this issue to the central aws/aws-sdk repo, since it's a service side issue with cross-SDK impact.

from aws-sdk.

debora-ito avatar debora-ito commented on August 28, 2024

P116943917

from aws-sdk.

debora-ito avatar debora-ito commented on August 28, 2024

@lgolubenkobit The Cognito team confirmed the behavior is expected.

As for my ask to clarify in the documentation, they said they don't see the confusion. But I'll push back on that.

I'll go ahead and close this, as there's nothing else pending from the SDK team. Feel free to reach out if you have any other question.

from aws-sdk.

github-actions avatar github-actions commented on August 28, 2024

This issue is now closed.

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

from aws-sdk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.