Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: USER_PASSWORD_AUTH flow activates 'PASSWORD_VERIFIER' challenge #346

Open
Shpionus opened this issue Dec 7, 2022 · 0 comments
Open

Bug: USER_PASSWORD_AUTH flow activates 'PASSWORD_VERIFIER' challenge #346

Shpionus opened this issue Dec 7, 2022 · 0 comments

Comments

@Shpionus
Copy link

Shpionus commented Dec 7, 2022
edited
Loading

userPasswordAuthFlow by default returns verifyPasswordChallenge (ref).

But USER_PASSWORD_AUTH does not require providing DEVICE_KEY

Steps to reproduce:

  1. Crate pool
aws --endpoint http://127.0.0.1:5000 cognito-idp create-user-pool \
        --pool-name $POOL_NAME \
        --query UserPool.Id --output text \
        --policies "PasswordPolicy={MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7}" \
        --username-attributes "email" \
        --account-recovery-setting 'RecoveryMechanisms=[{Priority=1,Name=verified_email}]'
  1. Create client
aws --endpoint http://127.0.0.1:5000 cognito-idp create-user-pool-client \
        --user-pool-id $POOL_ID  \
        --client-name $CLIENT_NAME \
        --no-generate-secret \
        --explicit-auth-flows "ALLOW_USER_PASSWORD_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" \
        --prevent-user-existence-errors ENABLED \
        --query UserPoolClient.ClientId --output text\
  1. Sign up
aws --endpoint http://127.0.0.1:5000 cognito-idp sign-up \
        --client-id $CLIENT_ID \
        --username [email protected] \
        --password "1qazXSW@"  \
        --user-attributes Name="email",Value="[email protected]"
{
    "UserConfirmed": false,
    "UserSub": "7c82e5cc-99b6-468d-8c33-9bb0272bbbfe"
}
  1. Sign in
aws --endpoint http://127.0.0.1:5000 cognito-idp initiate-auth \
        --auth-flow USER_PASSWORD_AUTH \
        --auth-parameters USERNAME="[email protected]",PASSWORD="1qazXSW@" \
        --client-id $CLIENT_ID \
        --debug
{
    "ChallengeName": "PASSWORD_VERIFIER",
    "ChallengeParameters": {},
    "AuthenticationResult": {
        "AccessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkNvZ25pdG9Mb2NhbCJ9.eyJhdXRoX3RpbWUiOjE2NzQwMjg4NDQsImNsaWVudF9pZCI6IjA2NnJodXZ1N2N1dGNwd2liMXlzOXkydDQiLCJldmVudF9pZCI6ImM4MWNiOGM0LTdlNDYtNDU5Yi1hNTQ0LTQ4ZDIzM2NlNTY4MCIsImlhdCI6MTY3NDAyODg0NCwianRpIjoiMDlkOGQ0YzAtOGZiMy00YWZjLWFmNzYtNTQ2Yjc2YmNhMDJhIiwic2NvcGUiOiJhd3MuY29nbml0by5zaWduaW4udXNlci5hZG1pbiIsInN1YiI6IjdjODJlNWNjLTk5YjYtNDY4ZC04YzMzLTliYjAyNzJiYmJmZSIsInRva2VuX3VzZSI6ImFjY2VzcyIsInVzZXJuYW1lIjoibmV3X3VzZXJAZ21haWwuY29tIiwiZXhwIjoxNjc0MTE1MjQ0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyMjkvbG9jYWxfM3BPeUp3aUIifQ.K8LVTHNcp4TPYnQUtU8aOgS-V1MPodnEYgFkE09jJyUseN0OE7rZ5fJPBCnVLIiEcdk3sQEnb0QW91JzmHiRrpIHzLZ2rMlcw9wTAplFLVyN-rfL2TW-P2gyyNMmUPBzT8YZDPupL7b6rk67QIcVqSxVQerlGYWn9qXIMKtTXunFcH_EVXpRxz0ctWxXXLZsElodw8Zf3QNjQeXHGpqUFjXO5vCP87LGBV3FxwRac8YP3a0nWNoIBavvvBq4GjjEp1zpdXx-QwDcaJTUWCpq3OW00GPQwT4Pv1hmfXIaIyd52yGhO7V2sovQgtlKcNQRiSxmsDQJp4fVpA3zWaJmYw",
        "RefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoibmV3X3VzZXJAZ21haWwuY29tIiwiZW1haWwiOiJuZXdfdXNlckBnbWFpbC5jb20iLCJpYXQiOjE2NzQwMjg4NDQsImp0aSI6IjI2ZTY0M2VjLWQ1ZGUtNGQ5ZS05YmFiLTZiNTRkMjg5NjJjNyIsImV4cCI6MTY3NDYzMzY0NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MjI5L2xvY2FsXzNwT3lKd2lCIn0.vzjcCoTHI-gHnf-yDxnXXRT5DDRAt_R3lyx9adHBXhDGs0mABRP5cDOIiNMrTQjALfWtCB9geHRWlxVzwAwPwIV69VqUurIzdUi5zg31Xm9bcWLm_WuQrxrPsvXAw_JSR9Thvh7LfYie_FtnhKHvgIJduvzeAZf2zGHMxiCsVc79ZBrx21jOlFTzCM-UxTCU1rxEkBEbwYEOMclpFzW0N0_VhyRk6ZrNYG6HUgCgFy53ViB672w-n-zeC5jW2bo7259DKw4rBUe6dgXTf4vC8NN0MXGfibKTOmnIPytBgEEA1pnoEG8uPQJKN25FJu2hiJ42P-aJQg3T0I6ru0535w",
        "IdToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkNvZ25pdG9Mb2NhbCJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoibmV3X3VzZXJAZ21haWwuY29tIiwiYXV0aF90aW1lIjoxNjc0MDI4ODQ0LCJlbWFpbCI6Im5ld191c2VyQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiZXZlbnRfaWQiOiJjODFjYjhjNC03ZTQ2LTQ1OWItYTU0NC00OGQyMzNjZTU2ODAiLCJpYXQiOjE2NzQwMjg4NDQsImp0aSI6IjcyN2ZlMDNlLTQ4YTEtNGRlYi05NTJlLTY5NWM4MzQ0MWZlYSIsInN1YiI6IjdjODJlNWNjLTk5YjYtNDY4ZC04YzMzLTliYjAyNzJiYmJmZSIsInRva2VuX3VzZSI6ImlkIiwiZXhwIjoxNjc0MTE1MjQ0LCJhdWQiOiIwNjZyaHV2dTdjdXRjcHdpYjF5czl5MnQ0IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MjI5L2xvY2FsXzNwT3lKd2lCIn0.DKevzXf4q3eKmjMe2ZPtJDkbNfHeFQ4sKB_juMKPSLh9QkaCxE0qWCJ7gYgeLEn1diCv72WvfkOLpMxVnkPIK36CDGtPJvEpXXIL8I9VWVj4OdwdPMMJLvhBQG7sZdFebBGbY2CiPU-NPoGSIo0rEli3d3E7AzSTPPek6Qfu1jOM3Cr7JTfC60u8o_v_eoas9qncnT826GnAf6Bw8qx5MMjqoMx9f6-5enmmZU4Fwhq5jE9r4xkaI2vV40WV6G5JdlYYgOxK7AmIBlchkeirX8U1F6Lj4Smf_rWWfr64RPmCLiBD86n0Pw0wCd92S40gHQqtbqWhn28lLTyRMqb2kA"
    }
}

Expected: 'UserNotConfirmedException'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Shpionus