Amplify-js: amazon-cognito-identity-js: Error: Only radix 2, 4, 8, 16, 32 are supported
I am using amazon-cognito-identity-js (v 3.2.0).
My Cognito UserPool is set up to allow users to connect with a verified email address. Logging-in with a username or a verified email address works fine. However, when I try to log in with an unverified email address, I get the following error in the console. This happens whether or not the entered password is correct.
Error: Only radix 2, 4, 8, 16, 32 are supported
at BigInteger.bnToString [as toString] (BigInteger.js:221)
at BigInteger.bnToString [as toString] (BigInteger.js:219)
at AuthenticationHelper.padHex (AuthenticationHelper.js:346)
at AuthenticationHelper.getPasswordAuthenticationKey (AuthenticationHelper.js:288)
at CognitoUser.js:301
at Client.js:63
at ZoneDelegate.invoke (zone-evergreen.js:359)
at Object.onInvoke (core.js:39699)
at ZoneDelegate.invoke (zone-evergreen.js:358)
at Zone.run (zone-evergreen.js:124)
In the network tab, the corresponding call has the x-amz-target: AWSCognitoIdentityProviderService.InitiateAuth header, and the response is a json with ChallengeName: "PASSWORD_VERIFIER" and a ChallengeParameters object. I would share it here but I'm not sure if it contains sensitive information.
I'd be happy to provide more information if needed.
Edit
One thing that looks odd about the ChallengeParameters object, the salt seems to be a negative hex: SALT: "-55d8411fb9c566437988f9dca451e61d".
julamb
All 25 comments
The issue is fixed in https://github.com/aws-amplify/amplify-js/pull/4427. Once it is merged should be resolved.
ofirm93
on 21 Nov 2019
@ofirm93 Still got this error :((
vietduong-agilityio
on 29 Nov 2019
Is there a workaround until #4427 is fixed? Is there a prior version that works?
ebaizel
on 30 Nov 2019
Still got this error
reejeshkv
on 30 Nov 2019
@ebaizel There is a dump way for temp, you can open the BinInteger.js after install node and update bnToString(b) method into:
if (this.s < 0) return '-' + this.negate().toString(); => if (this.s < 0) return '-' + this.negate().toString(b);
vietduong-agilityio
on 2 Dec 2019
The issue is fixed in #4427. Once it is merged should be resolved.
Hi, I'm new to AWS Cognito and I'm having this issue as well. Would this fixed can cover my case also? Here's my policy, I don't even have an email and phone number attributes. Only username, password, and two custom attributes. I did a pre-sign up lamba trigger to autoConfirm the user.
Then when I tested my Cognito sign in lambda, these are the wrong credential combinations that I tried when the error occurs.
- Both username and password are wrong
- Only username is wrong, and the password is correct
allencart
on 3 Dec 2019
- Go to User Pools
- Open App Clients
- Click Show Details
- Change Prevent User Existence Errors from Enabled (Recommended) to Legacy
zcmgyu
on 5 Dec 2019
Fixed in #4427. Release on @aws-amplify/[email protected]
tohjg
on 20 Dec 2019
@julamb @allencart We merged down fixes with #4520 and released it a few days later via 2.2.1.
This issue should be resolved, but if you update to latest and still experience problems, please comment so we can re-open!
ericclemmons
on 7 Jan 2020
I solved it by chasing the mail in lowercase letters and using a trim. and in the same way when reading the email that the user enters when they log in. It caused me the error if the user wrote it, it was case sensitive
JxDarkAngel
on 24 Feb 2020
on "amazon-cognito-identity-js": "^3.2.0"
getting this error when trying to authenticate using email of user that does not exist in user pool
UPD: will check if updating to latest versions will fix the issue..
rilian
on 25 Feb 2020
Hi everyone. I starting getting this error when authenticating any user on my userpool, it started showing up all of a sudden. Has updating to the latest version worked for anybody here?
ELRuncho
on 20 Apr 2020
This is occurring on 2.2.6. It seems to be only specific strings of un-authenticated accounts that this occurs with. For example: [email protected] yields a not authorized exception with message Incorrect username or password, but [email protected] returns the error OP described (Only radix 2, 4, 8, 16, 32 are supported). Of course these are only examples, this is occurring for more valid looking emails.
Pulling off Auth from "aws-amplify": "^2.2.6",
Jmedders
on 30 Apr 2020
I have tracked this down to an issue with Cognito returning a bad value for SALT which is for some reason preceded with a minus sign for some email addresses and not others.
I have raised a support ticket with AWS, but in the meantime would it be possible to handle this in Amplify by cleaning the SALT value? Assuming that would be quicker than waiting for a Cognito bug fix?
Request URL: https://cognito-idp.eu-west-1.amazonaws.com/
Request Method: POST
Status Code: 200
# Bad Example ([email protected])
{
"AuthFlow": "USER_SRP_AUTH",
"ClientId": "1e...06",
"AuthParameters": {
"USERNAME": "[email protected]",
"SRP_A": "***"
},
"ClientMetadata": {}
}
{
"ChallengeName":"PASSWORD_VERIFIER",
"ChallengeParameters":{
"SALT":"-7e6c89a610ada13205836f7df5da14db", <-- Minus sign in front of salt value????
...
}
}
# Good Example ([email protected])
{
"AuthFlow": "USER_SRP_AUTH",
"ClientId": "1e...06",
"AuthParameters": {
"USERNAME": "[email protected]",
"SRP_A": "***"
},
"ClientMetadata": {}
}
{
"ChallengeName":"PASSWORD_VERIFIER",
"ChallengeParameters":{
"SALT":"41d247d8d39d08e9e20ab9ad42c831ab",
...
}
}
PaulBurridge-kcom
on 5 May 2020
Hey @ELRuncho, I updated from "aws-amplify": "^2.2.6", to "@aws-amplify/auth": "^3.2.6", and no longer have this error.
If anybody comes across this & is importing the entire aws-amplify package for simple auth as I was instead of the modularized @aws-amplify/auth and @aws-amplify/core I highly recommend trying the modular packages instead. Was able to reduce react bundle size by over 2mb with this simple change. See #122
Jmedders
on 5 May 2020
Hey @ELRuncho, I updated from
"aws-amplify": "^2.2.6",to"@aws-amplify/auth": "^3.2.6",and no longer have this error.If anybody comes across this & is importing the entire
aws-amplifypackage for simple auth as I was instead of the modularized@aws-amplify/authand@aws-amplify/coreI highly recommend trying the modular packages instead. Was able to reduce react bundle size by over 2mb with this simple change. See #122
Yep, that did the trick for me
ELRuncho
on 5 May 2020
I'm receiving the same error message: "Only radix 2, 4, 8, 16, 32 are supported". It gets shown for usernames (emails) that are not registered / not in cognito user pool. "@aws-amplify/auth": "^2.1.6". The interesting thing is that I have two different apps and only in one of them the error gets shown! Both apps have the same version of aws-amplify. The first app shows the error: "Incorrect username or password", the other one shows "Only radix 2, 4, 8, 16, 32 are supported".
tarasowski
on 12 May 2020
I'm receiving the same error message: "Only radix 2, 4, 8, 16, 32 are supported". It gets shown for usernames (emails) that are not registered / not in cognito user pool.
"@aws-amplify/auth": "^2.1.6". The interesting thing is that I have two different apps and only in one of them the error gets shown! Both apps have the same version of aws-amplify. The first app shows the error: "Incorrect username or password", the other one shows "Only radix 2, 4, 8, 16, 32 are supported".
I have the same issue
katerinaonair
on 10 Jun 2020
@katerinaonair If you've updated your aws-amplify dependencies to latest, cleared lock files, node_modules, and are still experiencing this, can you open a new issue with a reproducible sample?
ericclemmons
on 10 Jun 2020
@katerinaonair If you've updated your
aws-amplifydependencies tolatest, cleared lock files,node_modules, and are still experiencing this, can you open a new issue with a reproducible sample?
Resolved with "Legacy", many thanks to @zcmgyu
katerinaonair
on 11 Jun 2020
Thanks for the update @katerinaonair!
ericclemmons
on 11 Jun 2020
Hi @katerinaonair , just came here to remind you that switching to "Legacy" isn't the best option other than bumping the lib to the latest version which fixes the issue.
The reason is, because the "Legacy" User Errors will send too much information from the Cognito pool endpoint, that could potentially make attacker's life easier. I know this sounds "too much preventive", but updating the library seems safer here.
Saeger
on 11 Aug 2020
@PaulBurridge-kcom, in your comment, you said you raised a support ticket with AWS. Did they ever get back to you about whether the negative salt value is actually correct?
paulie4
on 15 Oct 2020
@paulie4 AWS Support said they had fixed this in Amplify, basically they altered Amplify to work around the Coignito bug without acknowledging (or fixing) the bug in Cognito.
PaulBurridge-kcom
on 15 Oct 2020
Yeah, the negative salt value definitely seems like a bug, and it looks like the code in this project is just working by luck. AuthenticationHelper.getPasswordAuthenticationKey() calls AuthenticationHelper.hexHash(), which does new util.Buffer(hexStr, 'hex'), and a variable name of hexStr for a buffer would imply that there should not be any characters besides 0-9 and a-f in the string. The lucky thing is that Buffer.hexWrite() calls parseInt(string.substr(i * 2, 2), 16), and the negative symbol is the second character, so parseInt() just ignores it.
paulie4
on 15 Oct 2020
Related issues
simon998yang
路
3Comments
rygo6
路
3Comments
romainquellec
路
3Comments
cosmosof
路
3Comments
epicfaace
路
3Comments
Most helpful comment