Custom Auth Flow - Retry Challenge?

0

Hello. We are developing a Cognito CUSTOM_AUTH flow with CUSTOM_CHALLENGE via the 3 triggers (I.e. define, create & verify auth challenge). We only have a single challenge, which is a CUSTOM_CHALLENGE that sends a verification code via a 3rd party SMS provider (we've been having issues with AWS sending SMS to T-mobile phones).

Anyhow, our Android app uses the Cognito SDK to sign up & in, etc. Everything is working fine if the user enters the correct code during the sign-in auth challenge. However, if the user enters an invalid code first, then retries with the correct code, we get: NotAuthorizedException, "Invalid session for the user." This only happens on the retry (RespondToAuthChallenge).

If they resend a new code and then enter it correctly, it also works. But no matter what, if they munge the first attempt, then the second attempt returns the error above. I never see any logs of the second attempt in AWS either. Both in the Lambda trigger logs as well as in CloudTrail Cognito logs. It's like some sort of security gate is preventing Cognito from even receiving the second RespondToAuthChallenge request.

I'm having a hard time determining if the issue is client or server-side. I found a similar post. Their steps to reproduce and error is exactly the same as ours but our scenario is different: https://github.com/aws-samples/amazon-cognito-passwordless-email-auth/issues/17

Running out of ideas, any help would be greatly appreciated. Thanks!

nub340
已提問 4 年前檢視次數 2743 次
2 個答案
0

So based on the documentation here https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html I think that your issue is that the challenge loop ends when a false value is returned so it isn't attempting any more once it receives the bad code. Working on a path that has to navigate this issue now and will get back to you if I find a solution.

Khanson
已回答 4 年前
0

Thanks for replying! I finally figured it out, sorry I meant to update this thread last week. Your hypothesis was basically spot on. Long story short, I did not fully understand how the flow bounced back & forth between the various triggers and thus was not handling it properly...

This post on Stack Overflow helped me realize what I was doing wrong: https://stackoverflow.com/questions/50692461/aws-cognito-custom-challenge-with-retry?rq=1

nub340
已回答 4 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南