Amplify-js: completeNewPassword throws when responding to NEW_PASSWORD_REQUIRED
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
Calling completeNewPassword in response to a NEW_PASSWORD_REQUIRED challenge throws an error from return this.authenticateUserInternal below.
```this.client.request('RespondToAuthChallenge',
jsonReq, (errAuthenticate, dataAuthenticate) => {
if (errAuthenticate) {
return callback.onFailure(errAuthenticate);
}
return this.authenticateUserInternal(dataAuthenticate, authenticationHelper, callback);
});
return undefined;
errAuthenticate gets the value.
```errAuthenticate:{code: "UnknownError", message: "Unkown error"}```
The actual error is thrown from new CognitoUserSession(sessionData) below
getCognitoUserSession(authResult) {
const idToken = new CognitoIdToken(authResult);
const accessToken = new CognitoAccessToken(authResult);
const refreshToken = new CognitoRefreshToken(authResult);
const sessionData = {
IdToken: idToken,
AccessToken: accessToken,
RefreshToken: refreshToken,
};
return new CognitoUserSession(sessionData);
}
The error is:
"Error: You attempted to set the key 'signInUserSession' with the value '{"idToken":{"jwtToken":"ey......","payload":{"sub":"d2d...","aud":"5ir...","email_verified":true,"event_id":"22...","token_use":"id","auth_time":1527254746,"iss":"https://cognito-idp.eu-west-1.amazonaws.com/eu...","cognito:username":"d2d...","exp":1527258346,"iat":152...,"email":"pdo"}},"refreshToken":{"token":"eyJjdHkiOiJKV"},"accessToken":{"jwtToken":"eyJr....","payload":{"sub":"d2d....","device_key":"eu-west...","event_id":"22....","token_use":"access","scope":"aws.cognito.signin.user.admin","auth_time":1527254746,"iss":"https://cognito-idp.eu-west-1.amazonaws.com/eu-....","exp":1527258346,"iat":1527254747,"jti":"499....","client_id":"5ir...","username":"d2d...."}},"clockDrift":156}' on an object that is meant to be immutable and has been frozen.
at throwOnImmutableMutation (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2666:11)
at CognitoUser.authenticateUserInternal (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:100176:32)
at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:100259:25
at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:101733:35
at tryCallOne (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:3538:14)
at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:3639:17
at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2922:21
at _callTimer (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2811:9)
at _callImmediatesPass (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2847:9)
at Object.callImmediates (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:3066:14)"
The user did have their status updated from FORCE_CHANGE_PASSWORD to CONFIRMED despite the error.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. Your bug will get fixed much faster if we can run your code and it doesn't have dependencies other than AWS Amplify.
```Auth.signIn(username, password)
.then((user) => {
if(user.challengeName === "NEW_PASSWORD_REQUIRED") {
Auth.completeNewPassword(user, password, user.challengeParam.requiredAttributes)
.then(() => {
// winning
}).catch(error => {
// not winning
});
}
})
What is the expected behavior?
Updates users password in response to completeNewPassword
Which versions of Amplify, and which browser / OS are affected by this issue? Did this work in previous versions?
"aws-amplify": "^0.4.1",
You can turn on the debug mode to provide more info for us by setting window.LOG_LEVEL = 'DEBUG'; in your app.
Log:
{[DEBUG] 57:50.295 AuthClass - completeNewPassword failure: {…}}
[DEBUG] 57:50.295 AuthClass - completeNewPassword failure:
code : "UnknownError"
message:"Unkown error"
__proto__:Object
__proto__:Object
ConsoleLogger.js:100
{[DEBUG] 57:50.297 Analytics - on hub capsule auth: {…}}
[DEBUG] 57:50.297 Analytics - on hub capsule auth:
data:
code:"UnknownError"
message:"Unkown error"
__proto__:Object
event:"completeNewPassword_failure"
__proto__:Object
__proto__:Object
paul-doherty
All 17 comments
Hey @paul-doherty where did the user object come from? Is it from Auth.signIn? I assume the password is a fake password? since looks like you are calling completeNewPassword right after signIn.
From error log it is related to user object. More details would be good.
richardzcode
on 25 May 2018
Hi Richard,
The user object is the one I received back from sign in.
The situation here is public sign-ups aren't enabled so the accounts are
admin created. When the user logs in with the temporary password they
receive from the admin the signin result received contains
NEW_PASSWORD_REQUIRED to trigger the user to change the password supplied.
Initiating completeNewPassword with the user object and a new password this
the error described.
Users are in an identity pool using user pool auth.
On Fri 25 May 2018, 22:53 Richard Zhang, notifications@github.com wrote:
Hey @paul-doherty https://github.com/paul-doherty where did the user
object come from? Is it from Auth.signIn? I assume the password is a fake
password? since looks like you are calling completeNewPassword right
after signIn.From error log it is related to user object. More details would be good.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/aws/aws-amplify/issues/915#issuecomment-392197084,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFiaF7CcyPPSQOqO-xHs5H1p7hej2Dacks5t2H09gaJpZM4UODJT
.
paul-doherty
on 26 May 2018
The following code works for me.
.then((user) => {
if(user.challengeName === "NEW_PASSWORD_REQUIRED") {
user.completeNewPasswordChallenge(password)
.then(() => {
// winning
}).catch(error => {
// not winning
});
}
})
carbonrobot
on 20 Jun 2018
I tried your suggestion and indeed that function executes but it does not execute successfully.
The signature to this function is
user.completeNewPasswordChallenge(password, requiredAttributes, callback)
So supplying a callback to actually receive the response like
user.completeNewPasswordChallenge(password, user.challengeParam.requiredAttributes, {
onSuccess: function (session) {
console.log("success "+session);
},
onFailure: function (err) {
console.log('completeNewPassword failure', err);
}
});
still returns the underlying error
completeNewPassword failure {code: "UnknownError", message: "Unkown error"}
Your example simply ignores it by not supplying a callback.
paul-doherty
on 21 Jun 2018
True, but in my case it works successfully since it correctly sets the new password for the user.
I was able to debug any remaining issues by setting the debug flag.
window.LOG_LEVEL = 'DEBUG';
carbonrobot
on 21 Jun 2018
@paul-doherty can you try it with the latest version of amazon-cognito-identity-js which is 2.0.10? It fixes a bug which may help you to get rid of those unknown error
powerful23
on 21 Jun 2018
@powerful23 I updated there to 2.0.11 and I am afraid it still behaves the same way. I also unlinked and relinked and it made no difference.
paul-doherty
on 25 Jun 2018
From your error log seems like it was complaining about you are trying to cache something on immutable object. Are you using the default storage which is localStorage in the browser?
powerful23
on 25 Jun 2018
I'm having the exact same issue and I had a few questions:
- I can't find anything in the official documentation of how to deal with a first time user. Is there a discussion of this somewhere?
- "completeNewPasswordChallenge" also works for me, but it also throws the error when it runs (it throws, but it works). Has anyone figured out why?
Thanks.
differentsmoke
on 21 Sep 2018
you need to call completeNewPasswordChallenge on the authenticated cognito user (the cognito user that logged in with temp password)
ARA59
on 18 Oct 2018
- That is what I'm doing.
completeNewPasswordChallengedoesn't seem to be described in the Docs.
differentsmoke
on 22 Oct 2018
The unknown error issue maybe related to #1466
powerful23
on 22 Nov 2018
I'm following the official doc and getting the same error @powerful23
User has challengeName: "NEW_PASSWORD_REQUIRED"
my code to change password:
handleNewPasswordChallenge = async () => {
const {email, password} = this.state;
console.log('handleNewPasswordChallenge', password, email);
const user = email;
Auth.completeNewPassword(
user,
password
)
.then((user) => {
console.log(user);
NotificationManager.success('Please login', 'Password Changed!');
showNewPasswordModal(false);
hideAuthLoader();
})
.catch((err) => {
console.log('ERROR:', err);
// NotificationManager.error(err);
hideAuthLoader();
});
}
Hope it can be resolved soon!
Thanks
rfdc
on 11 Mar 2019
@differentsmoke - all the functions for Auth can be found here: https://aws-amplify.github.io/amplify-js/api/classes/authclass.html#completenewpassword
rfdc
on 11 Mar 2019
@rfdc the user object you passed into the completeNewPassword method should be a CognitoUser object, not the email. This object is returned by signIn method.
powerful23
on 11 Mar 2019
Closing the issue because of inactivity, please feel free to open a new issue if your problem persist.
elorzafe
on 3 Apr 2019
Where is the documentation on this process!? I dont see any solution in this feed either but the issue is closed :/
mikeRChambers610
on 28 Oct 2020
Related issues
epicfaace
·
3Comments
rygo6
·
3Comments
karlmosenbacher
·
3Comments
cosmosof
·
3Comments
oste
·
3Comments
Most helpful comment
I'm having the exact same issue and I had a few questions:
Thanks.