Custom Auth Flow - Retry Challenge?

0

Hello. We are developing a Cognito CUSTOM_AUTH flow with CUSTOM_CHALLENGE via the 3 triggers (I.e. define, create & verify auth challenge). We only have a single challenge, which is a CUSTOM_CHALLENGE that sends a verification code via a 3rd party SMS provider (we've been having issues with AWS sending SMS to T-mobile phones).

Anyhow, our Android app uses the Cognito SDK to sign up & in, etc. Everything is working fine if the user enters the correct code during the sign-in auth challenge. However, if the user enters an invalid code first, then retries with the correct code, we get: NotAuthorizedException, "Invalid session for the user." This only happens on the retry (RespondToAuthChallenge).

If they resend a new code and then enter it correctly, it also works. But no matter what, if they munge the first attempt, then the second attempt returns the error above. I never see any logs of the second attempt in AWS either. Both in the Lambda trigger logs as well as in CloudTrail Cognito logs. It's like some sort of security gate is preventing Cognito from even receiving the second RespondToAuthChallenge request.

I'm having a hard time determining if the issue is client or server-side. I found a similar post. Their steps to reproduce and error is exactly the same as ours but our scenario is different: https://github.com/aws-samples/amazon-cognito-passwordless-email-auth/issues/17

Running out of ideas, any help would be greatly appreciated. Thanks!

nub340
已提问 4 年前2743 查看次数
2 回答
0

So based on the documentation here https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html I think that your issue is that the challenge loop ends when a false value is returned so it isn't attempting any more once it receives the bad code. Working on a path that has to navigate this issue now and will get back to you if I find a solution.

Khanson
已回答 4 年前
0

Thanks for replying! I finally figured it out, sorry I meant to update this thread last week. Your hypothesis was basically spot on. Long story short, I did not fully understand how the flow bounced back & forth between the various triggers and thus was not handling it properly...

This post on Stack Overflow helped me realize what I was doing wrong: https://stackoverflow.com/questions/50692461/aws-cognito-custom-challenge-with-retry?rq=1

nub340
已回答 4 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则