Amazon-cognito-identity-js: CognitoUser.prototype.authenticateUser date is not match.

Created on 10 Jun 2016  Â·  9Comments  Â·  Source: amazon-archives/amazon-cognito-identity-js

Hello.

I made an example with browser and is working (cordova, webpage).
I made an example with nodejs and is working, from fork https://github.com/aws/amazon-cognito-identity-js/pull/43.
The same code was loaded to aws lambda and gave a error:
message: 'Incorrect username or password.', code: 'NotAuthorizedException'.
I think that date is the problem, because in other machine with date wrong is not working too.

Best regards.

Most helpful comment

captura de tela 2016-06-15 as 12 58 48

@itrestian WORKING!!!
You are correct, is a implementation of the biginteger, I was using the require('big-integer').
I changed the library to jsbn and modified the exports in isbn.
My lambda is working with authentication, signup and etc.

All 9 comments

Thanks for bringing it up! Why do you suspect this. Is the formatting of the date different between lambda and node.js working outside lambda? We do use the date as part of the password verifier and the date needs to be within a certain time interval of the server date to be able to authenticate.

I got the libraries cognito-identity.js and in the my local machine
(nodejs) and in the my browser is working. I made upload to lambda is not
running.
Why my local machine and my browser are running and lambda is not working?
I think that cognito user pool is only for client (ios, android and js) and
not backend.

My lambda: index.handler
2016-06-10T22:18:38.759Z 1206826d-2f59-11e6-b35d-b5d013948633 {
[NotAuthorizedException: Incorrect username or password.] message:
'Incorrect username or password.', code: 'NotAuthorizedException', time:
Fri Jun 10 2016 22:18:38 GMT+0000 (UTC), requestId:
'47e8e9e6-2f59-11e6-bc73-e9fff913235b', statusCode: 400, retryable: false,
retryDelay: 88.01215181592852 }

My local machine: node index.js
{"AuthenticationResult":{"AccessToken":"eyJraWQiOiJiM1QxR3ZWWHdHK1wvTWRuckRBZE5hSnpxNTdDNm5aUjFibFwvM0djZ0lubm89IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhMTg3NGU1ZS00ZjJmL......

2016-06-10 19:34 GMT-03:00 Ionut Trestian [email protected]:

Thanks for bringing it up! Why do you suspect this. Is the formatting of
the date different between lambda and node.js working outside lambda? We do
use the date as part of the password verifier and the date needs to be
within a certain time interval of the server date to be able to
authenticate.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/aws/amazon-cognito-identity-js/issues/58#issuecomment-225311928,
or mute the thread
https://github.com/notifications/unsubscribe/AH5hBHQDSVCrQSuRZV3E7HE7s3PmCRblks5qKeZagaJpZM4IzFcc
.

I performed the tests with the Cognito User Pools.
All methods are working, only the authentication to have the token that is taking 220000ms in lambda with (NotAuthorized). And it works with javascript when running in browser (Chrome, Firefox and others).
I think the function that creates the passwordChain / secretBlock should only work with the browser.
There is another alternative to authenticate?
There is a documentation creating passwordClaim, secretBlock?
It's only missing it.

1) Use the user pools to register, the flow of it. (OK).
2) With login and password to get the token (problem).

I experimented with the fork and sometimes I cannot authenticate even from my desktop. I suspect this happens because of differences in big integer library implementations (not all big integers at the byte level or add padding the same way depending on the operation). I changed the big integer implementation from biginteger to jsbn which we use in this SDK as well (in the require for the CognitoUser, AuthenticationHandler, and src/index.js).

https://www.npmjs.com/package/jsbn

The authentication is much faster now and I can always reliably authenticate from node.

captura de tela 2016-06-15 as 12 58 48

@itrestian WORKING!!!
You are correct, is a implementation of the biginteger, I was using the require('big-integer').
I changed the library to jsbn and modified the exports in isbn.
My lambda is working with authentication, signup and etc.

@cleitonjar I'd love to know how you got the Lambda function working in the end... I have done the following:

  • Setup the node.js fork
  • Changed big-integer over to jsbn
  • Tried to implement the Authentication example... I get the following:

2016-06-21T06:16:36.265Z b3276d2f-3777-11e6-ad60-3d21adad4a7d TypeError: this.client.getAuthenticationDetails is not a function
at CognitoUser.authenticateUser (/var/task/src/CognitoUser.js:88:21)
at exports.handler (/var/task/code.js:40:17)

Cheers,
Karl

Hi @dentnz
in your node_modules/aws-sdk/apis/cognito-idp-2016-04-18.min don't have getAuthenticationDetails.
Because the cognito user pools is beta.

cognito-idp-2016-04-18.min.json.zip

Thanks for your response @cleitonjar, I think that did the trick! ;)

To clarify what you are saying for anyone else that is reading this issue thread... The cognito-idp API that comes with the aws-sdk that is available in Lambda does not have the getAuthenticationDetails method at the time of writing. To 'fix' this issue, you will need to make sure that your lambda zip file contains the full SDK with the updated minified json file provided here by cleitonjar. Use npm to install the aws-sdk into the node_modules folder and replace the apis/cognito-idp-2016-04-18.min.json with the updated one.

Using the node fork of this repo, you should be able to piece it together like I have. Alternatively, wait until User Pools comes out of beta... :(

Oh, and to swap over the node fork to use jsbn, replace the require ('big-integer') with:

const BigInteger = require('jsbn').BigInteger;

i have followed the general guidelines listed in this issue (using the node fork, switching to jsbn and replacing the cognito-idp json), but my lambda function is timing out.

could anyone share a working function? it would be most appreciated!

thanks!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

sarah-pixvana picture sarah-pixvana  Â·  4Comments

hscheckenbacher picture hscheckenbacher  Â·  5Comments

kaihendry picture kaihendry  Â·  4Comments

howardya picture howardya  Â·  3Comments

m-schrepel picture m-schrepel  Â·  6Comments