Custom Auth Flow - Retry Challenge?

0

Hello. We are developing a Cognito CUSTOM_AUTH flow with CUSTOM_CHALLENGE via the 3 triggers (I.e. define, create & verify auth challenge). We only have a single challenge, which is a CUSTOM_CHALLENGE that sends a verification code via a 3rd party SMS provider (we've been having issues with AWS sending SMS to T-mobile phones).

Anyhow, our Android app uses the Cognito SDK to sign up & in, etc. Everything is working fine if the user enters the correct code during the sign-in auth challenge. However, if the user enters an invalid code first, then retries with the correct code, we get: NotAuthorizedException, "Invalid session for the user." This only happens on the retry (RespondToAuthChallenge).

If they resend a new code and then enter it correctly, it also works. But no matter what, if they munge the first attempt, then the second attempt returns the error above. I never see any logs of the second attempt in AWS either. Both in the Lambda trigger logs as well as in CloudTrail Cognito logs. It's like some sort of security gate is preventing Cognito from even receiving the second RespondToAuthChallenge request.

I'm having a hard time determining if the issue is client or server-side. I found a similar post. Their steps to reproduce and error is exactly the same as ours but our scenario is different: https://github.com/aws-samples/amazon-cognito-passwordless-email-auth/issues/17

Running out of ideas, any help would be greatly appreciated. Thanks!

nub340
질문됨 4년 전2748회 조회
2개 답변
0

So based on the documentation here https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html I think that your issue is that the challenge loop ends when a false value is returned so it isn't attempting any more once it receives the bad code. Working on a path that has to navigate this issue now and will get back to you if I find a solution.

Khanson
답변함 4년 전
0

Thanks for replying! I finally figured it out, sorry I meant to update this thread last week. Your hypothesis was basically spot on. Long story short, I did not fully understand how the flow bounced back & forth between the various triggers and thus was not handling it properly...

This post on Stack Overflow helped me realize what I was doing wrong: https://stackoverflow.com/questions/50692461/aws-cognito-custom-challenge-with-retry?rq=1

nub340
답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인