Auth: Error on Confirm Sign In after Sign Out

[Diegolotr99]

Here's the flow I'm following:

I request sign-in with an email and a null password, to get the SMS code through the Cognito lambdas:

Amplify.Auth.signIn(username, null)

First time I sign-in, everything works perfectly. I get the SMS and enter the code and confirmed sign in successfully.

In order for this to work I do the code confirmation through AWSMobileClient directly, because Amplify's method of confirming the user code does not work:

Amplify.Auth.confirmSignIn(code)

Will give this error:

AuthException{message=Confirm sign in failed, cause=java.lang.IllegalStateException: confirmSignIn called on unsupported operation, please file a feature request, recoverySuggestion=See attached exception for more details.}

But if I use AwsMobileClient.confirmSignIn(code), it works fine.

Then I perform an Amplify.Auth.signOut(). If I try to sign-in right after, I get the SMS code -- but the confirm-sign-in replies with 'CustomChallenge' instead of 'Done', and even sends a new SMS code. That new code does not work either. I navigate back to my email input screen and try a sign-in again, get a new sms code, and this time the sign in confirmation works perfectly.

But I can't release this app with a bug telling the users that if they sign out, then the first time they'll try to sign-in again it will not work, to just try again. Maybe, there is something going on in the sign-out that is not clearing the user state or event session with Cognito properly. I have already tried deleting all the shared preferences XML files from the app on the sign-out, but its makes no difference.

I am using this Gradle configurations:

implementation 'com.amplifyframework:aws-auth-cognito:1.5.0'
compileSdkVersion 29
buildToolsVersion "29.0.3"
minSdkVersion 26
'com.android.tools.build:gradle:4.0.2'
ext.kotlin_version = '1.4.0'

[Diegolotr99]

Any help please ?

[Diegolotr99]

Yes

[Diegolotr99]

Any help please ?

[TrekSoft]

Hey, sorry we left you hanging here - investigating now.

[TrekSoft]

Issue 1 - Amplify confirmSignIn doesn't work but AWSMobileClient confirmSignIn does.

Looking at the code, I'll bet you're calling AWSMobileClient's confirmSignIn method with a map parameter instead of a single string parameter. I see that overloaded method handles the case of a custom challenge whereas the other method which is being used under the hood by Amplify does not.

I believe all we need to do is add that CUSTOM_CHALLENGE condition to the switch statement for the other method and at least that part of this problem should be solved.

Issue 2 - The first SMS code you received when signing in after having signed out doesn't work but the second SMS code you received upon attempting to sign in a second time does work.

Given you are doing custom auth, I expect the error lies on the side of your custom lambda code. As far as a SMS code working or not, that lies outside the scope of what our client does. Given that you are apparently sending an SMS code in your lambda on sign in, it's proper that the client is returning a status of CustomChallenge instead of Done.

I recommend digging into how you have the custom lambda code setup to see if you are doing things properly there.

[Diegolotr99]

Hi @TrekSoft , ty for jumping in.

On Issue 1, yes what you are saying it makes sense. I think we should at least get the option to tell Amplify which of the two methods to use based on the type of parameters received. Do you think is this something that will be tackled soon?

On Issue 2, trust me I have dig deep into the process. And the issue only only happens after I request Amplify to sign out. Before that, on a fresh install of my app the SMS flow never breaks. Because the logs in my lambdas show that the code entered is good and it the auth is successful, returning tokens....right after that it sends a new custom challenge request...so I am thinking the AWS/Amplify sdk is kind of restarting or sending a request for a new custom challenge, even though seconds before it succeeded on the auth flow.
I am sure you are familiar with the diagram below:

The two steps that I have framed in the red square is where I believe there is some issue.
Like I mentioned, from the logs in the lambda I can see "Answer OK", intend to send tokens. Right after that, with almost no difference, seconds away, the logs show a new request for a new challenge.
So my suspect is that for some reason the App user receives the success message and due to some "corrupted or invalid" data cached in the SDK it requests the new challenge instead of just following along with the success...

[TrekSoft]

That's what I'm saying though - the part you highlighted in red has no interaction with the client. That's all communication between User Pools and other parts of the AWS system.

From what I understand your current issue is the following:

1. User signs in
2. User gets SMS code
3. User submits SMS code via confirmSignIn and is successfully confirmed and fully signed in
4. User signs out
5. User tries to sign in again
6. User gets SMS code
7. User calls confirmSignIn but this time isn't successful - it returns a CustomChallenge status (can you clarify how this is returned - maybe with a code sample) and is sent a new SMS code.
8. User calls confirmSignIn with new code but gets the same result as the step above (?)
9. User calls sign in
10. User gets another new SMS code
11. User calls confirmSignIn with this new code and now is confirmed and fully signed in

Can you carefully review those steps above and make sure that is an accurate timeline of your issue?

[raphkim]

Noting that this appears to be related to #805

[richardmcclellan]

Fixed by aws-amplify/aws-sdk-android#2316