Amplify-cli: Missing AppClientSecret from awsconfiguration.json file after amplify add auth

Created on 26 Nov 2020  路  8Comments  路  Source: aws-amplify/amplify-cli

Describe the bug

The problem is that amplify cli version 4.35.0 does not add a AppClientSecret key/value to the awsconfiguration.json file to my IOS App, causing the call to Amplify.Auth.signUp(...) to fail with error:
AuthError: Unable to verify secret hash for client xxxxxxxx

I have also added this bug to amplify-ios repo, as I was not sure where the problem lies.
ref: Auth.signUp() fails with error - Unable to verify secret hash for client - missing AppClientSecret in awsconfiguration.json.

Amplify CLI Version
4.35.0

To Reproduce

  1. At prompt: % amplify init
  2. At prompt: % amplify auth add (with default values)
  3. At prompt: % amplify push
  4. Check the awsconfiguration.json file to confirm if the _AppClientSecret_ key exists.

Expected behavior
I expect that the awsconfiguration.json file should contain the following:

"CognitoUserPool": {
        "Default": {
            "PoolId": "ap-southeast-2_xxxxxxx",
            "AppClientId": "xxxxxxxxxxxxxx",
            **"AppClientSecret": "xxxxxxxxxxxxxxxx",**
            "Region": "ap-southeast-2"
        }
    }

Instead the file just contains the following:

"CognitoUserPool": {
        "Default": {
            "PoolId": "ap-southeast-2_xxxxxxx",
            "AppClientId": "xxxxxxxxxxxxxx",
            "Region": "ap-southeast-2"
        }
    }

Desktop (please complete the following information):

  • OS: [Mac - macOs Big Sir - 11.0.1]
  • Node Version. v14.15.1

Additional context
This functionality is working on version 4.29.0.

dependency-issue pending-release
Source
picture dougie181
👍3

Most helpful comment

+1
Sorry guys but how can something like this happen ... I can't even begin to tell you how much inconvenience this has caused today. We were looking to release a feature for Black Friday and had to spend 4 hours trying to understand why the login doesn't work anymore. We had to unpick literally every commit made in the last week and started simulating test executions from different geographic locations because we thought this might be region specific.

We are using the iOS libraries and the error was
Unexpected error occurred with message: An unknown error occurred ... so not that helpful at all.

This is a breaking change that propagates to all of the other services i.e. API/ Datastore since the users cannot login.

picture amuresia on 27 Nov 2020
👍3

All 8 comments

+1
Sorry guys but how can something like this happen ... I can't even begin to tell you how much inconvenience this has caused today. We were looking to release a feature for Black Friday and had to spend 4 hours trying to understand why the login doesn't work anymore. We had to unpick literally every commit made in the last week and started simulating test executions from different geographic locations because we thought this might be region specific.

We are using the iOS libraries and the error was
Unexpected error occurred with message: An unknown error occurred ... so not that helpful at all.

This is a breaking change that propagates to all of the other services i.e. API/ Datastore since the users cannot login.

amuresia picture amuresia on 27 Nov 2020
👍3

I ran into this today as well, and think it's an issue on this package (i.e. the CLI) rather than the underlying SDKs. Manually adding in the correct AppClientSecret into the generated awsconfiguration.json resolved the issue for me. I think it's a CLI issue I had just upgraded @aws-amplify/cli.

This looks related: https://github.com/aws-amplify/docs/issues/2021, but is not the root cause as it's just a docs update.

Auth within non-native projects are unaffected as Amplify will create those user pools without a client secret.

javamonn picture javamonn on 27 Nov 2020

I was able to reproduce this in the latest Amplify CLI version - 4.36.0

Steps: As mentioned in the ticket description

CLI creates awsconfiguration.json file with appclient without a client secret. But if you check in AWS Cognito UserPool console, that app client actually require a client secret.

royjit picture royjit on 27 Nov 2020

This issue should be fixed by the version 4.36.2

ammarkarachi picture ammarkarachi on 28 Nov 2020
🎉1

Yup, upgrading to 4.36.2 fixed the issue for me. Thanks!

javamonn picture javamonn on 29 Nov 2020

@ammarkarachi Upon playing with this a bit more, I'm realizing that it's only working within my production environment, where I have not deployed any recent changes involving the deployment-secrets.json migration. In the environment where AppClientSecret is not getting written out to awsconfiguration.json correctly, AppClientSecret has been removed from the auth service cloudformation output as a result of this migration. The value is not part of .aws/amplify/deployment-secrets.json either. I had originally reported this change as "working" because in my production environment, I have not pushed the deployment secrets migration yet so I suspect the CLI is still able to pull the AppClientSecret value correctly.

javamonn picture javamonn on 29 Nov 2020

@javamonn Can you revert the changes and run the migration again? the migration is not actively but changing the cloudformation to remove the AppClientSecret but changes the CFN to make the hostedUIProviderCreds optional

ammarkarachi picture ammarkarachi on 29 Nov 2020

Tested 4.35.2 and it works for me... thanks for the fast turnaround :-)

dougie181 picture dougie181 on 30 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nicksmithr picture nicksmithr  路  3Comments
darrentarrant picture darrentarrant  路  3Comments
mwarger picture mwarger  路  3Comments
ffxsam picture ffxsam  路  3Comments
jexh picture jexh  路  3Comments