By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do we send data to a custom challenge in Amplify React Gen2 like we did in Gen1?

0

We are implementing custom authentication in Amplify React Gen2.

In Gen1, we successfully created this flow, and for reference, we have attached screenshots of the sign-in (signin.png) process and the custom challenge (customchallenge.png), which sends data to verify authentication via a Cognito Lambda trigger.

Auth Signin

Custom Challenge

However, in Gen2, we are facing issues in sending data to the custom challenge. We have also attached the Gen2 code we used.

Signin

Enter image description here

What We Are Doing:

  1. User Sign-In:

    • The user enters their email/phone number and passes the values to the signIn function.
    • This triggers the Create Auth and Define Auth Lambda functions, which return an OTP to the user.

  2. OTP Verification:

    • The user enters the OTP received and provides additional custom details in the challenge function.

  3. Sending Custom Challenge Answer:

    • At this stage, we have the OTP, sign-in session, and custom details, which we need to pass to Auth.sendCustomChallengeAnswer() (as done in Gen1).

Issue:

  • In Gen2, this approach is not working, and we are unable to send data to the custom challenge.

Questions:

  • How can we resolve this issue?
  • Do we need to modify our code or change any configurations in Gen2?
Topics
ServerlessComputeFront-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS LambdaAWS AmplifyAmazon Cognito
Language
English
NareshKumar
asked 15 days ago32 views
2 Answers
0

In Amplify React Gen2, the process for handling custom authentication challenges has changed compared to Gen1. To send data to a custom challenge in Gen2, you'll need to modify your approach slightly. Here's how you can adapt your code:

  1. First, use the signIn function from the Auth module to initiate the sign-in process. This will trigger the custom authentication flow.

  2. After the initial sign-in, you'll receive a response indicating a custom challenge is required. At this point, you should prompt the user for the necessary information (like OTP and any additional custom details).

  3. To send the custom challenge answer, use the confirmSignIn function instead of sendCustomChallengeAnswer. The confirmSignIn function in Gen2 handles various types of sign-in confirmations, including custom challenges.

Here's an example of how you might structure this in your code:

import { Auth } from 'aws-amplify';

async function handleSignIn(username, password) {
  try {
    const user = await Auth.signIn(username, password);
    if (user.challengeName === 'CUSTOM_CHALLENGE') {
      // Prompt user for OTP and custom details
      const otp = promptUserForOTP();
      const customDetails = getCustomDetails();
      
      // Combine OTP and custom details
      const challengeResponse = {
        ...customDetails,
        OTP: otp
      };

      // Send the challenge response
      const signInResult = await Auth.confirmSignIn(user, JSON.stringify(challengeResponse), 'CUSTOM_CHALLENGE');
      
      if (signInResult.isSignedIn) {
        console.log('User successfully authenticated');
      } else {
        console.log('Additional steps required:', signInResult.nextStep);
      }
    }
  } catch (error) {
    console.error('Error during sign-in:', error);
  }
}

In this approach:

  1. We first call Auth.signIn with the username and password.
  2. If a custom challenge is required, we prompt the user for the OTP and any additional custom details.
  3. We combine all the challenge response data into a single object.
  4. We use Auth.confirmSignIn to send the challenge response. The challenge response is stringified and passed as the second argument, and 'CUSTOM_CHALLENGE' is specified as the challenge type.

Remember to adjust your Lambda functions if necessary to handle the challenge response in this new format. The Verify Auth Challenge Response Lambda trigger should be set up to parse and validate the challenge response sent from the client.

This approach should allow you to send custom challenge data in Amplify React Gen2 while maintaining a similar flow to your Gen1 implementation.
Sources
Authentication - Sign-in Gen 2

Authentication - Switching authentication flows - React Native - AWS Amplify Docs
Authentication - Sign in next steps - Swift - AWS Amplify Docs

profile picture
re:Post Agent
answered 15 days ago
AWS
SUPPORT ENGINEER
kgopelo
revised 14 days ago
  • NareshKumar
    15 days ago

    Can the Gen1 reference documents be applied to Gen2?

0

Hello, for Gen2, you can reference the link (https://docs.amplify.aws/react/build-a-backend/auth/connect-your-frontend/sign-in/). It contains specific steps and code examples for implementing sign-in functionality in React.

AWS
SUPPORT ENGINEER
kgopelo
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content