Amplify-js: Auth.signIn throws NotAuthorizedException Incorrect username or password in ios

Having the same issue in an Ionic App using @aws-amplify/[email protected]? Any update on this issue? Calls to signup etc work fine but signin doesn't so a major show stopper

@acahinton hi, can you please provide more details? What's the authentication flow you are using for signing in? Can you provide some code snippets? You can also turn on the debug mode to get more logging messages.

@powerful23 thanks for replying.

I'm using Auth pretty much out of the box:

The signin call fails in iOS only:

Auth.signIn(email, password)
      .then(data => {
          // do some stuff - happily does in Android and browser
})
      .catch(err => {
          // error thrown here in iOS only
})

Calls to other methods such as forgotpassword seem fine:

Auth.forgotPassword(email)
   .then(data => { 
        // happily works and sends me the code in iOS, Browser and Android
})

In the network calls I can see the initial USER_SRP_AUTH call to cognito made and then a secondary PASSWORD_VERIFIER call returns a 400 - seems like it fails part way through as in the browser and Android it completes the remaining calls to authenticate...

Again, simple out of the box configuration for cognito:

Auth.configure({
  Auth: {
    identityPoolId: 'xxx',
    region: 'xxx',
    userPoolId: 'xxx',
    userPoolWebClientId: 'xxx'
  }
})

How do I turn on the debug mode for Auth to get more logging messages - sorry if that's a silly question...

All help and guidance gratefully received!

As a further observation it appears that the issue happens only on --prod ionic cordova builds

How do I turn on the debug mode for Auth to get more logging messages - sorry if that's a silly question...
This is a great question and one I'd love to find/see an answer for.

@tonyatoms by putting window.LOG_LEVEL='DEBUG' in your code.

@tonyatoms by putting window.LOG_LEVEL='DEBUG' in your code.

Thanks, I added that to the function in which I call Auth.signIn() but I'm not seeing any additional information in the console. (This is in a react-native app.) I still see:

  "code": "NotAuthorizedException",
  "message": "Incorrect username or password.",
  "name": "NotAuthorizedException", 

For a user which is CONFIRMED in Cognito.

@tonyatoms you should put that right after those import statements under index.js.

Did anyone figure this out? It's happening to me now, same symptoms however it's just web, not iOS or using Ionic. It works locally, but not in production, user is CONFIRMED etc.

@powerful23 Surely this is a widespread issue, it's been 7 months since this was opened? I raised this as a ticket with business support too, but they don't seem to have any clue.

@mrowles I'm wondering the same thing. Running "@aws-amplify/auth" v. 1.2.6 in create-react-app. Everything runs fine in Android, browser, and >= iOS 7. As far as I can tell, my issue is with Auth.signIn only. I'm having good luck with Auth.forgotPassword and Auth.forgotPasswordSubmit but the authentication flow fails there being that Auth.signIn must be called at the end of Auth.forgotPasswordSubmit - I'm assuming this since the new password is successfully submitted and changed, but still gets the error "NoAuthorizedException" that @manoramahp was initially getting (and what I'm getting when running Auth.signIn.

Hi @mrowles

It works locally, but not in production

Can you elaborate a little bit on this (bundler used, flags, config)?

I ask for this details because @acahinton mentioned seeing this with the --prod flag only.

@manueliglesias Apologies, that’s what I meant. In my production builds, it fails. Assume it’s some tree shaking or typescript compilation ‘issues’. I use webpack to build my stuff but will try and run an angular-cli ‘build —prod’ to see if it causes the same issues, assume it will as it has for others.

I tried with just AOT (ahead of time compilation) flag this morning and it actually seemed okay, which is where I thought the issue might lie. Also the fact is that people are seeing this issue with react and not only angular seems that it is a bundling/minification/tree-shaking issue with prod builds for Amplify more generally.

@mrowles

Ok, I can reproduce with a simple

ng serve

vs

ng serve --prod

Let me keep looking into this, definitely a bundling issue

@manueliglesias Thanks mate, appreciate it!

@mrowles

I think I found the issue, while I send a PR, can you try adding this import before you import aws-amplify?

import 'crypto-js/lib-typedarrays'; 

Nuts, looks good on local prod build! Pushing to my prod env to see if all swell, but positive outlook so far 😁Cheers

Edit: @manueliglesias can confirm this worked. Well done mate, this was a long outstanding issue that I (and others) struggled with for months.

Awesome news @mrowles !

post-mortem:

amazon-cognito-identity-js is doing an import like this:

import TypedArrays from 'crypto-js/lib-typedarrays';

where TypedArrays is unused; this is presumably making bundlers drop it when doing tree-shaking.

the import was changed to:

import 'crypto-js/lib-typedarrays';

Reference:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import#Import_a_module_for_its_side_effects_only

Import a module for its side effects onlySection
Import an entire module for side effects only, without importing anything. This runs the module's global code, but doesn't actually import any values.

Mate nice find, I stepped through hours of unminified vs minified code and was at a
complete loss, no idea how you came across this but well in 😂

VS Code gave me a big clue 😛

The line of code import 'crypto-js/lib-typedarrays'; is not working for us on localhost. Imported where you mentioned @manueliglesias but haven't seen any different results (Still the same as original result - UserNotAuthorizedException - even though user is set up and credentials are correct).

I'm sorry but I'm not following that the fix is. Do we simply need to add crypto-js to package.json and add import 'crypto-js/lib-typedarrays'; before import 'amazon-cognito-identity-js';?

Is there a fix in the 'amazon-cognito-identity-js' npm package being developed?

@manueliglesias I have the same problem! Always gives back an incorrect password or username no matter what i'm doing. Could you help me out mate? Cheers

Did anyone find a solution ?

the suggestion above worked for me.
that is just add import 'crypto-js/lib-typedarrays'; above import { ... } from 'amazon-cognito-identity-js'; or above the import for aws-amplify if your using that

@gaborcsontos @matthiasSchedel the suggestion above worked for me
that is simply adding import 'crypto-js/lib-typedarrays'; above the import statement for amazon-cognito-identity-js or aws-amplify

@dzegel-blockcrowd Thanks this solution is only for fixing the problem on native devices (android and ios) correct?

If I only checked the last option it suddenly worked! (not sure if this helps anyone)

@matthiasSchedel I'm using in on regular webapp (desktop browser)

I am getting this issue currently.

"amazon-cognito-identity-js": "^3.0.12",
"aws-amplify": "^1.1.27",
"aws-amplify-vue": "^0.2.10"

This is interesting as it WAS working when I used amplify to manage my AWS resources. I switched to using serverless to manage my resources, and was manually configuring amplify client side code to use the resources created in serverless.
creating users, entering confirmation code etc all work, it seems to be this exact issue again, only when logging in.

FWIW my issue was unrelated - I had a single missing char from a cut n paste error for my user pool id. It seems the messaging is a bit wrong in this scenario where the identity pool is correct but the pool was incorrect - the only thing that did not work was logging in.