The sample code for use case 1 (included below for reference) produces an alert CredentialsError: Missing credentials in config when using a ClientId for which no secret is required.
AWSCognito.config.region = 'us-east-1';
var poolData = { UserPoolId : 'us-east-1_TcoKGbf7n',
ClientId : '4pe2usejqcdmhi0a25jp4b5sh3'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attributeList = [];
var dataEmail = {
Name : 'email',
Value : '[email protected]'
};
var dataPhoneNumber = {
Name : 'phone_number',
Value : '+15555555555'
};
var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);
attributeList.push(attributeEmail);
attributeList.push(attributePhoneNumber);
userPool.signUp('username', 'password', attributeList, null, function(err, result){
if (err) {
alert(err);
return;
}
cognitoUser = result.user;
console.log('user name is ' + cognitoUser.getUsername());
});
Hi Jonathan,
Thanks for bringing this up!
I have updated section 2 of the Setup with info on how to setup the config.credentials for AWSCognito.
Ionut.
@itrestian , thanks for the response.
So, I need to create an Identity Pool and a User Pool?
These are the steps I've tried:
Using the following code (all files are downloaded locally, being served on localhost), I get an error TypeError: d.CognitoIdentity is not a constructor at d.CognitoIdentit:
<html>
<head>
<script src="jsbn.js"></script>
<script src="jsbn2.js"></script>
<script src="sjcl.js"></script>
<script src="moment.min.js"></script>
<script src="aws-cognito-sdk.min.js"></script>
<script src="amazon-cognito-identity.min.js"></script>
<!--<script src="aws-sdk-2.3.4.js"></script>-->
<script>
// Cognito Identity Pool Id
AWSCognito.config.credentials = new AWSCognito.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:bb42af4a-9ec4-41fe-8211-65c60d2dcef6'
});
// Cognito User Pool Id
AWSCognito.config.region = 'us-east-1';
var poolData = { UserPoolId : 'us-east-1_A1YPLfaAS',
ClientId : '5n46spv60ijh54qhp714r4hifg'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attributeList = [];
var dataEmail = {
Name : 'email',
Value : '[email protected]'
};
var dataPhoneNumber = {
Name : 'phone_number',
Value : '+15555555555'
};
var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);
attributeList.push(attributeEmail);
attributeList.push(attributePhoneNumber);
userPool.signUp('jstewmon', 'password', attributeList, null, function(err, result){
if (err) {
alert(err);
return;
}
cognitoUser = result.user;
console.log('user name is ' + cognitoUser.getUsername());
});
</script>
</head>
</html>
I'm using aws-cognito-sdk.min.js and amazon-cognito-identity.min.js downloaded from the dist folder in this repo.
I tried creating a new SDK using the js builder and changing the object names to AWS.*, but that produced an error that CognitoUserPool is not a class.
Have I set things up properly? Should this example be working?
Hi Jonathan,
Everything is correct. The only thing is that the AWSCognito.CognitoIdentityCredentials is not in the aws-cognito-sdk.min.js. You should use AWS.CognitoIdentityCredentials. So everything is correct except:
The aws-cognito-sdk.min.js provides AWSCognito.CognitoIdentityServiceProvider and aws-sdk-2.3.4.js provides AWS.CognitoIdentityCredentials and the other AWS services.
Ionut.
I tried you suggestion, but I'm still getting the ConfigError: Missing credentials in config error.
<html>
<head>
<script src="jsbn.js"></script>
<script src="jsbn2.js"></script>
<script src="sjcl.js"></script>
<script src="moment.min.js"></script>
<script src="aws-cognito-sdk.min.js"></script>
<script src="amazon-cognito-identity.min.js"></script>
<script src="aws-sdk-2.3.4.js"></script>
<script>
// Cognito Identity Pool Id
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:bb42af4a-9ec4-41fe-8211-65c60d2dcef6'
});
// Cognito User Pool Id
AWSCognito.config.region = 'us-east-1';
var poolData = { UserPoolId : 'us-east-1_A1YPLfaAS',
ClientId : '5n46spv60ijh54qhp714r4hifg'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attributeList = [];
var dataEmail = {
Name : 'email',
Value : '[email protected]'
};
var dataPhoneNumber = {
Name : 'phone_number',
Value : '+15555555555'
};
var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);
attributeList.push(attributeEmail);
attributeList.push(attributePhoneNumber);
userPool.signUp('jstewmon', 'password', attributeList, null, function(err, result){
if (err) {
alert(err);
return;
}
cognitoUser = result.user;
console.log('user name is ' + cognitoUser.getUsername());
});
</script>
</head>
</html>
I included the following modules in aws-sdk-2.3.4.js:
Is there anything else I should include?
+1, I'm having the same issue.
+1, same issue here. ConfigError: Missing credentials in config
Buy the way, do we really need all the other libraries? If yes, we should rather create a single dist file that contains everything - using webpack or whatever?
+1. I am seeing the same alert: "ConfigError: Missing credentials in config"
I found this problem was fixed by building the sjcl library with codecBytes enabled. I had to checkout the project and build it myself, the minified version on the project site doesn't include this functionality.
+1. Getting "ConfigError: Missing credentials in config"
@sethtrain are you able to post a sample page with the libraries you leveraged? I also took the steps you mention and am unable to get the first use case (signup user) functioning. I was able to get past the Missing credentials issue (I think), but ran into an 'Unable to verify secret hash for client' error.
@ljovanovic Here is the piece of code that I threw together to get things working. This is quite dirty and just a playground but maybe it will help you. The code is specifically used for Redux within my React playground. https://gist.github.com/sethtrain/334c5e54f098052a071c679d5e0d4a3b
Note: I'm using the email address as the username also just in case that gets confusing.
I am still seeing the ConfigError: Missing credentials in config despite building sjcl.js from its master branch with the --with-codecBytes option.
$ ./configure --with-codecBytes
Enabled components:
aes
bitArray
codecString
codecHex
codecBase32
codecBase64
codecBytes
sha256
ccm
ocb2
gcm
hmac
pbkdf2
random
convenience
Compression: closure
$ make
cat core/sjcl.js core/aes.js core/bitArray.js core/codecString.js core/codecHex.js core/codecBase32.js core/codecBase64.js core/codecBytes.js core/sha256.js core/ccm.js core/ocb2.js core/gcm.js core/hmac.js core/pbkdf2.js core/random.js core/convenience.js > core.js
compress/compress_with_closure.sh core.js > core_closure.js
._tmpRC.js:338: WARNING - parameter length does not appear in <anonymous>'s parameter list
'extract': function(a, bstart, blength) {
^
._tmpRC.js:407: WARNING - parameter 0 does not appear in <anonymous>'s parameter list
'partial': function (len, x, _end) {
^
._tmpRC.js:445: WARNING - optional arguments must be at the end
_shiftRight: function (a, shift, carry, out) {
^
._tmpRC.js:479: WARNING - parameter 'bitArray' does not appear in <anonymous>'s parameter list
'byteswapM': function(a) {
^
._tmpRC.js:921: WARNING - parameter words does not appear in <anonymous>'s parameter list
_block:function (w) {
^
._tmpRC.js:1054: WARNING - parameter 64 does not appear in <anonymous>'s parameter list
'decrypt': function(prf, ciphertext, iv, adata, tlen) {
^
._tmpRC.js:1223: WARNING - optional arguments must be at the end
'encrypt': function(prp, plaintext, iv, adata, tlen, premac) {
^
._tmpRC.js:1223: WARNING - parameter false does not appear in <anonymous>'s parameter list
'encrypt': function(prp, plaintext, iv, adata, tlen, premac) {
^
._tmpRC.js:1558: WARNING - parameter hash does not appear in <anonymous>'s parameter list
sjcl['misc']['hmac'] = function (key, Hash) {
^
._tmpRC.js:1627: WARNING - optional arguments must be at the end
sjcl['misc']['pbkdf2'] = function (password, salt, count, length, Prff) {
^
0 error(s), 10 warning(s)
cp core_closure.js sjcl.js
I sourced the other libs using curl:
curl -Os http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn.js
curl -Os http://www-cs-students.stanford.edu/~tjw/jsbn/jsbn2.js
# curl -Os http://bitwiseshiftleft.github.io/sjcl/sjcl.js
curl -Os "http://momentjs.com/downloads/moment.min.js"
curl -Os "https://raw.githubusercontent.com/aws/amazon-cognito-identity-js/master/dist/aws-cognito-sdk.min.js"
curl -Os https://raw.githubusercontent.com/aws/amazon-cognito-identity-js/master/dist/amazon-cognito-identity.min.js
curl -Os https://raw.githubusercontent.com/aws/amazon-cognito-identity-js/master/dist/amazon-cognito-identity.min.js.map
Here are the shasums:
$ find . -exec shasum '{}' \;
da39a3ee5e6b4b0d3255bfef95601890afd80709 .
061c03dff086722e60a187ac101805ac891310a2 ./amazon-cognito-identity.min.js
39357efa3e6488d575deeabe219d9d9f07cdd4da ./amazon-cognito-identity.min.js.map
9efd82cc13fe9fbc8974274f21098bae324133fe ./aws-cognito-sdk.min.js
15baa32f6dfebd393048df0209a4b46ac6b55cc3 ./aws-sdk-2.3.4.js
88249c882b9c811a1c33ee4fedd289085e74a12d ./index.html
ff32ad2b2323ae7bf25d5e901bf6b25929022ac3 ./jsbn.js
f2ad38f84103ef2317516051ee93901a3d237095 ./jsbn2.js
a8ca7eea2616fa92e2e85ba6291af6ea012fd190 ./moment.min.js
995fede24283d1d7d9e13e7550ee45c18c6fdcd4 ./sjcl.js
@jstewmon I noticed two differences in what I attempted:
Let me know if upgrading changes what you see.
I still have the same issue using version 2.3.5 of the sdk: ConfigError: Missing credentials in config
<html>
<head>
<script src="jsbn.js"></script>
<script src="jsbn2.js"></script>
<script src="sjcl.js"></script>
<script src="moment.min.js"></script>
<script src="aws-cognito-sdk.min.js"></script>
<script src="amazon-cognito-identity.min.js"></script>
<script src="aws-sdk-2.3.5.js"></script>
<script>
// Cognito Identity Pool Id
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:bb42af4a-9ec4-41fe-8211-65c60d2dcef6'
});
// Cognito User Pool Id
AWSCognito.config.region = 'us-east-1';
var poolData = { UserPoolId : 'us-east-1_A1YPLfaAS',
ClientId : '5n46spv60ijh54qhp714r4hifg'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attributeList = [];
var dataEmail = {
Name : 'email',
Value : '[email protected]'
};
var dataPhoneNumber = {
Name : 'phone_number',
Value : '+15555555555'
};
var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);
attributeList.push(attributeEmail);
attributeList.push(attributePhoneNumber);
userPool.signUp('jstewmon', 'password', attributeList, null, function(err, result){
if (err) {
alert(err);
return;
}
cognitoUser = result.user;
console.log('user name is ' + cognitoUser.getUsername());
});
</script>
</head>
</html>
sha sums:
$ find . -exec shasum '{}' \;
da39a3ee5e6b4b0d3255bfef95601890afd80709 .
061c03dff086722e60a187ac101805ac891310a2 ./amazon-cognito-identity.min.js
39357efa3e6488d575deeabe219d9d9f07cdd4da ./amazon-cognito-identity.min.js.map
9efd82cc13fe9fbc8974274f21098bae324133fe ./aws-cognito-sdk.min.js
15baa32f6dfebd393048df0209a4b46ac6b55cc3 ./aws-sdk-2.3.4.js
ac698443a48ec8d9512d006da3c1d293af4397f7 ./aws-sdk-2.3.5.js
f5cd77e5718167928a108a083bdf3c76cc81fe31 ./index.html
ff32ad2b2323ae7bf25d5e901bf6b25929022ac3 ./jsbn.js
f2ad38f84103ef2317516051ee93901a3d237095 ./jsbn2.js
a8ca7eea2616fa92e2e85ba6291af6ea012fd190 ./moment.min.js
995fede24283d1d7d9e13e7550ee45c18c6fdcd4 ./sjcl.js
Here is my test page that gets me past the missing credentials and into the 'Unable to verify secret hash for client ...'
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!-- BN library for BigInteger computations -->
<script src='https://s3.amazonaws.com/zctv-public/scripts/jsbn.js'></script>
<script src='https://s3.amazonaws.com/zctv-public/scripts/jsbn2.js'></script>
<!-- Stanford Javascript Crypto Library -->
<script src='https://s3.amazonaws.com/zctv-public/scripts/sjcl.js'></script>
<!-- moment.js -->
<script src='https://s3.amazonaws.com/zctv-public/scripts/moment.min.js'></script>
<!-- AWS Cognito SDK -->
<script src='https://s3.amazonaws.com/zctv-public/scripts/aws-sdk.min.js'></script>
<script src='https://s3.amazonaws.com/zctv-public/scripts/aws-cognito-sdk.min.js'></script>
<!-- AWS Cognito Identity SDK -->
<script src='https://s3.amazonaws.com/zctv-public/scripts/amazon-cognito-identity.min.js'></script>
<title>Cognito Test Page</title>
<script type="text/javascript">
function doIt() {
AWS.config.region = 'us-east-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '...'
});
console.log('HERE');
AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '...'
});
console.log('HERE2');
const poolData = {
UserPoolId : '...',
ClientId : '...'
};
const userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attributeList = [];
var dataEmail = {
Name : 'email',
Value : '[email protected]'
};
var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
attributeList.push(attributeEmail);
console.log('HERE4');
userPool.signUp('[email protected]', 'password', attributeList, null, function(err, result){
if (err) {
console.log(err);
alert(err);
return;
}
console.log(result);
});
}
</script>
</head>
<body onLoad="doIt();">
<p>Test Page</p>
</body>
</html>
Thanks, @ljovanovic, I was missing AWS.config.credentials = .... Adding that fixed it for me. The following now works for me:
<html>
<head>
<script src="jsbn.js"></script>
<script src="jsbn2.js"></script>
<script src="sjcl.js"></script>
<script src="moment.min.js"></script>
<script src="aws-cognito-sdk.min.js"></script>
<script src="amazon-cognito-identity.min.js"></script>
<script src="aws-sdk-2.3.5.js"></script>
<script>
// Cognito Identity Pool Id
AWS.config.region = 'us-east-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:bb42af4a-9ec4-41fe-8211-65c60d2dcef6'
});
// Cognito User Pool Id
AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:bb42af4a-9ec4-41fe-8211-65c60d2dcef6'
});
var poolData = { UserPoolId : 'us-east-1_jryNNoSjQ',
ClientId : '7aobqifcs009780t28a0ahue0p'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attributeList = [];
var dataEmail = {
Name : 'email',
Value : '[email protected]'
};
var dataPhoneNumber = {
Name : 'phone_number',
Value : '+15555555555'
};
var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);
attributeList.push(attributeEmail);
attributeList.push(attributePhoneNumber);
userPool.signUp('jstewmon', 'password', attributeList, null, function(err, result){
if (err) {
alert(err);
return;
}
cognitoUser = result.user;
console.log('user name is ' + cognitoUser.getUsername());
});
</script>
</head>
</html>
hmmm... @jstewmon I must have something screwy on one of my pool definitions. I was able to get your code to work with my includes, would you be able to share or compare the details on your user pool setup and identity pool setup?
Here are my user pool details

Here are my app details

Here are my identity pool details

Hi @ljovanovic,
Thanks for the help!
In your case the problem is that you created the app for the user pool with a secret and the JavaScript SDK doesn't work with apps that have a secret for obvious reasons. When creating an app, you should leave the secret box unchecked.
Ionut.
Eureka! Thanks @itrestian. Nice teamwork ;)
I included assignments for both AWS.config... and AWSCognito.config... (as per @jstewmon example above) AND I created an app for the user pool without a secret (as described by @itrestian above) and it now works.
Thanks to all!
This is what I have:
AWS.config.region = 'us-east-1';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '...'
});
AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: '...'
});
var poolData = {
UserPoolId: '...',
ClientId: '...'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var attribute = {
Name: 'email',
Value: email
};
var attribute = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(attribute);
var attributeList = [];
attributeList.push(attribute);
var cognitoUser;
userPool.signUp(username, password, attributeList, null, function(err, result) {
console.log("In callback!");
if (err) {
console.log("Got an error :(");
console.log(err);
return;
} else {
console.log("Hurrah! User registration successful!");
cognitoUser = result.user;
}
});
I did everything that was spoken about above (assignments for both AWS.config/AWSCognito.config, created app without client secret, build sjcl.js with --with-codec-bytes...). Now, I don't get any errors, which is great - except that I don't get anything at all. I never enter the callback for userPool.signup i.e. console.log("In callback!") never gets called.
Any suggestions?
How is your user pool configured? Did you configure phone_number as required? In that case it might be that you are not specifying a phone_number. Not sure why that is not throwing an error though.
Ionut.
I only configured email to be required.
On Fri, Apr 22, 2016 at 1:44 PM, Ionut Trestian [email protected]
wrote:
How is your user pool configured? Did you configure phone_number as
required? In that case it might be that you are not specifying a
phone_number. Not sure why that is not throwing an error though.Ionut.
—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
https://github.com/aws/amazon-cognito-identity-js/issues/2#issuecomment-213525716
That is indeed strange. Your example is working for me. Can you see with firebug if the call to the service is being made at all?
Ionut.
Good thinking! The call was not going through because of one of my tin-foil extensions. Fixed it, thanks! I can now see the registered user in my User Pool.
Following this issue fixed Sign In and Confirm Registration for me.
But now I am stuck at Login, please see issue #9 .
Was anybody here able to Login without errors?
As a side note, make sure that when you create your identity pool you check the box that says
Otherwise you can have everything set up correctly in the code, but keep getting the error in question.
I am stucked at "Amazon Cognito Identity user pools" process.
I tried all possible codes for authenticating user in cognito userpools. But I always get error saying "Error: Unable to verify secret hash for client 4bmsrr65ah3oas5d4sd54st11k".
AWS.config.region = 'us-east-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:b64bb629-ec73-4569-91eb-0d950f854f4f'
});
AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:b6b629-er73-9969-91eb-0dfffff445d'
});
AWSCognito.config.update({accessKeyId: 'AKIAJNYLRONAKTKBXGMWA', secretAccessKey: 'PITHVAS5/UBADLU/dHITesd7ilsBCm'})
var poolData = {
UserPoolId : 'us-east-1_l2arPB10',
ClientId : '4bmsrr65ah3oas5d4sd54st11k'
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var userData = {
Username : '[email protected]',
Pool : userPool
};
var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);
cognitoUser.confirmRegistration('123456', true,function(err, result) {
if (err) {
alert(err);
return;
}
console.log('call result: ' + result);
});
Here is stackoverflow link: http://stackoverflow.com/questions/37438879/resolve-unable-to-verify-secret-hash-for-client-in-amazon-cognito-userpools
Hi,
Did you follow this step in the process when generating your client/app?
Create an app for your user pool. Note that the generate client secret box must be unchecked because the JavaScript SDK doesn't support apps that have a client secret.
Ionut.
@itrestian this should be made _even_ more obvious on the http://docs.aws.amazon.com/cognito/latest/developerguide/setting-up-the-javascript-sdk.html page - i know it's called out at the top, but a section at the bottom linking to this thread about known / common errors would save a little headache. Alternatively listing the explicit known errors one is likely to receive with the JS SDK and what each of them mean / how to resolve would be appreciated.
Struggled with the same 'Missing credentials in config' issue for a bit. Adding these lines just above var poolData = solved it for me:
// Need to provide placeholder keys unless unauthorised user access is enabled for user pool
AWSCognito.config.update({accessKeyId: 'anything', secretAccessKey: 'anything'})
This is mentioned here: GitHub
Strangely I had to include these lines even though unauthorised user access was enabled in my user pool.
@m-schrepel 's "Enable access to unauthenticated identities" & @itrestian 's "uncheck secret box for app of user pool" solved all my problems, thanks guys!
I want to note that I was able to create a new user through this SDK without having to use any of the following:
jsbn.js
jsbn2.js
sjcl.js
moment.min.js
registering and confirming a user should work. the libraries are only needed for authenticating with the service.
I have the intention to use an app client secret. I wonder @itrestian why you replied for obvious reasons in your comment https://github.com/aws/amazon-cognito-identity-js/issues/2#issuecomment-213497300
Thanks in advance
Most helpful comment
Hi,
Did you follow this step in the process when generating your client/app?
Create an app for your user pool. Note that the generate client secret box must be unchecked because the JavaScript SDK doesn't support apps that have a client secret.
Ionut.