Amplify-js: Cannot get guest credentials when mandatory signin enabled - Cognito and Encryption SDK+KMS

Created on 1 Jul 2020 · 7Comments · Source: aws-amplify/amplify-js

Describe the bug
I am using Cognito and Amplify to authenticate users into my React application. I want to use the Javascript Encryption SDK which requires that the IAM Key and Secret credentials be passed to it. To get those I'm calling currentUserCredentials after my user has definitely logged in using withAuthenticator. The call to current always errors with "cannot get guest credentials when mandatory signin enabled" despite being an active session.

https://aws-amplify.github.io/amplify-js/api/classes/authclass.html#currentcredentials

To Reproduce
Steps to reproduce the behavior:

Go to an active Amplify React application.
Call currentUserCredentials()
Check for errors

Expected behavior
Return a credentials object according to the current session so that we can fill out ::
/* Create a KMS client provider with your AWS credentials */
const clientProvider = getClient(KMS, {
credentials: {
accessKeyId,
secretAccessKey
}
})

Code Snippet

    Auth.currentUserCredentials(data => {
        setText(setUpKMS(data));
    });

Gives
-> Uncaught (in promise) cannot get guest credentials when mandatory signin enabled

Amplify.configure({
  Auth: {

      // REQUIRED - Amazon Cognito Region
      region: 'XX-west-2',

      // OPTIONAL - Amazon Cognito User Pool ID
      userPoolId: 'eu-west-2_vcXuJXXXX',

      // OPTIONAL - Amazon Cognito Web Client ID (26-char alphanumeric string)
      userPoolWebClientId: 'XXXXXXXXXXX',

      // OPTIONAL - Enforce user authentication prior to accessing AWS resources or not
      mandatorySignIn: true       
  },
  API: {
    // All endpoints target the DEV stage (note the jwtToken on Cognito secured services)
    endpoints: [
        {
            name: "SomeAPI",
            endpoint: "https://XXX/dev"
        },
        {
            name: "SomeAPI",
            endpoint: "https://XXX/dev",
            custom_header: async () => {
              let cogId = await Auth.currentSession(); 
              return {"Authorization" : cogId.getIdToken().getJwtToken() }              
            }
        },
        {
            name: "SomeOtherAPI",
            endpoint: "https://XXXX.execute-api.XX-west-2.amazonaws.com/dev"
        }
    ]
}
});
   ```



<details>
  <summary><strong>Environment</strong></summary>

<!-- Please run the following command inside your project and copy/paste the output into the codeblock: -->

System:
OS: macOS 10.15.5
CPU: (4) x64 Intel(R) Core(TM) i5-8210Y CPU @ 1.60GHz
Memory: 47.73 MB / 8.00 GB
Shell: 5.7.1 - /bin/zsh
Binaries:
Node: 12.16.0 - /usr/local/bin/node
Yarn: 1.22.4 - /usr/local/bin/yarn
npm: 6.14.5 - /usr/local/bin/npm
Browsers:
Chrome: 80.0.3987.100
Safari: 13.1.1
npmPackages:
@aws-amplify/ui-react: ^0.2.4 => 0.2.4
@aws-crypto/client-browser: ^1.0.6 => 1.0.6
@testing-library/jest-dom: ^4.2.4 => 4.2.4
@testing-library/react: ^9.3.2 => 9.5.0
@testing-library/user-event: ^7.1.2 => 7.2.1
aws-amplify: ^3.0.9 => 3.0.9
bootstrap: ^4.4.1 => 4.4.1
cypress: ^4.5.0 => 4.5.0
react: ^16.13.1 => 16.13.1
react-bootstrap: ^1.0.1 => 1.0.1
react-bootstrap-icons: ^1.0.1-alpha3 => 1.0.1-alpha3
react-dom: ^16.13.1 => 16.13.1
react-router-dom: ^5.1.2 => 5.1.2
react-scripts: 3.4.1 => 3.4.1
npmGlobalPackages:
@accordproject/cicero-cli: 0.20.10
@accordproject/cicero-ui: 0.5.19
@accordproject/generator-cicero-template: 0.20.10
@aws-amplify/cli: 4.18.1
legalesign_api: 1.0.0
legalesign-ts-fetch: 1.0.2
mocha: 7.1.2
npm: 6.14.5
pm2: 4.4.0
serve: 11.3.0
typescript: 3.5.2
vue-cli: 2.9.6
yo: 3.1.1
```

Auth to-be-reproduced

Source

monscamus

Most helpful comment

Ah ok - this scenario explained it to me: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-aws-and-user-pool

Feel free to close this issue - I guess maybe the error code could be better worded but the Logger output that you suggested was fairly definitive.

For those stumbling on this in the future:

/* Create a KMS client provider with your AWS credentials */
const clientProvider = getClient(KMS, { credentials: creds });

Works if there is an associated identity pool with AuthRole that has appropriate kms permissions.

monscamus on 2 Jul 2020

🚀1 👍1

All 7 comments

Ah - here's how the Encryption SDK wants to be called:

Encryption SDK

/* Create a KMS client provider with your AWS credentials */
const clientProvider = getClient(KMS, {
  credentials: {
    accessKeyId,
    secretAccessKey
  }
})

monscamus on 1 Jul 2020

@monscamus, can you enable debug logs and paste here all the logs resulted from Auth.currentCredentials() call? Also I believe you should be calling currentCredentials instead of currentUserCredentials which gets called automatically if there are no cached credentials.

My suspicion is that getting the session tokens is failing which is why Amplify is falling back to getting guest credentials https://github.com/aws-amplify/amplify-js/blob/a047ce73/packages/auth/src/Auth.ts#L1326-L1335. Hopefully we can learn more from the debug logs.

Amplifiyer on 1 Jul 2020

❤1

ConsoleLogger.ts:99 [DEBUG] 48:23.983 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.983 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.984 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 Interactions - configure Interactions {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 XR - configure XR {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 AbstractXRProvider - configure SumerianProvider {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.985 Predictions - configure Predictions {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
Crypto.js:16 AuthClass {userPool: CognitoUserPool, user: null, _config: {…}, _storage: Storage, currentUserCredentials: ƒ, …}
ConsoleLogger.ts:91 [DEBUG] 48:24.111 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.115 RestClient - GET https://xxxxxxx.execute-api.eu-west-2.amazonaws.com/dev/invitation/1234-1243-xxxx-xxxx
ConsoleLogger.ts:91 [DEBUG] 48:24.117 Credentials - getting credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - picking up credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - getting new cred promise
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - checking if credentials exists and not expired
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - need to get a new credential or refresh the existing one
ConsoleLogger.ts:91 [DEBUG] 48:24.120 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.122 AuthClass - Getting current session
ConsoleLogger.ts:91 [DEBUG] 48:24.123 AuthClass - Getting current session
ConsoleLogger.ts:99 [DEBUG] 48:24.131 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.132 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.134 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.135 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.137 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:99 [DEBUG] 48:24.138 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:91 [DEBUG] 48:23.974 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.975 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.975 PubSub - configure PubSub {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.976 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.976 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.977 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.977 RestAPI - configure Rest API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.978 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.978 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.979 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.979 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.980 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.980 RestAPI - configure Rest API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.981 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.982 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.983 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.983 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.984 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 Interactions - configure Interactions {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 XR - configure XR {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 AbstractXRProvider - configure SumerianProvider {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.985 Predictions - configure Predictions {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
Crypto.js:15 Firing crypto
Crypto.js:16 AuthClass {userPool: CognitoUserPool, user: null, _config: {…}, _storage: Storage, currentUserCredentials: ƒ, …}
ConsoleLogger.ts:91 [DEBUG] 48:24.111 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.115 RestClient - GET https://hv16gg9cw3.execute-api.eu-west-2.amazonaws.com/dev/invitation/1234-1243-1341-1231
ConsoleLogger.ts:91 [DEBUG] 48:24.117 Credentials - getting credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - picking up credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - getting new cred promise
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - checking if credentials exists and not expired
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - need to get a new credential or refresh the existing one
ConsoleLogger.ts:91 [DEBUG] 48:24.120 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.122 AuthClass - Getting current session
ConsoleLogger.ts:91 [DEBUG] 48:24.123 AuthClass - Getting current session
ConsoleLogger.ts:99 [DEBUG] 48:24.131 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.132 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.134 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.135 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.137 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:99 [DEBUG] 48:24.138 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:91 [DEBUG] 48:24.139 RestClient - No ConsoleLogger.ts:91 [DEBUG] 48:23.974 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.975 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.975 PubSub - configure PubSub {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.976 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.976 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.977 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.977 RestAPI - configure Rest API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.978 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.978 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.979 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.979 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.980 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.980 RestAPI - configure Rest API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.981 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.982 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.983 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.983 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.984 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 Interactions - configure Interactions {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 XR - configure XR {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 AbstractXRProvider - configure SumerianProvider {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.985 Predictions - configure Predictions {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
Crypto.js:15 Firing crypto
Crypto.js:16 AuthClass {userPool: CognitoUserPool, user: null, _config: {…}, _storage: Storage, currentUserCredentials: ƒ, …}
ConsoleLogger.ts:91 [DEBUG] 48:24.111 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.115 RestClient - GET https://hv16gg9cw3.execute-api.eu-west-2.amazonaws.com/dev/invitation/1234-1243-1341-1231
ConsoleLogger.ts:91 [DEBUG] 48:24.117 Credentials - getting credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - picking up credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - getting new cred promise
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - checking if credentials exists and not expired
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - need to get a new credential or refresh the existing one
ConsoleLogger.ts:91 [DEBUG] 48:24.120 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.122 AuthClass - Getting current session
ConsoleLogger.ts:91 [DEBUG] 48:24.123 AuthClass - Getting current session
ConsoleLogger.ts:99 [DEBUG] 48:24.131 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.132 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.134 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.135 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.137 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:99 [DEBUG] 48:24.138 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:91 [DEBUG] 48:24.139 RestClient - No ConsoleLogger.ts:91 [DEBUG] 48:23.974 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.975 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.975 PubSub - configure PubSub {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.976 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.976 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.977 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.977 RestAPI - configure Rest API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.978 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.978 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.979 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.979 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.980 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.980 RestAPI - configure Rest API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.981 RestAPI - create Rest API instance
ConsoleLogger.ts:99 [DEBUG] 48:23.982 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, endpoints: Array(3), Auth: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.983 GraphQLAPI - configure GraphQL API {opt: {…}}
ConsoleLogger.ts:91 [DEBUG] 48:23.983 GraphQLAPI - create Rest instance
ConsoleLogger.ts:99 [DEBUG] 48:23.984 RestClient - API Options {aws_project_region: "eu-west-2", region: "eu-west-2", header: {…}, Auth: {…}, endpoints: Array(3)}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 Interactions - configure Interactions {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 XR - configure XR {opt: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.984 AbstractXRProvider - configure SumerianProvider {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
ConsoleLogger.ts:99 [DEBUG] 48:23.985 Predictions - configure Predictions {aws_project_region: "eu-west-2", Auth: {…}, API: {…}}
Crypto.js:15 Firing crypto
Crypto.js:16 AuthClass {userPool: CognitoUserPool, user: null, _config: {…}, _storage: Storage, currentUserCredentials: ƒ, …}
ConsoleLogger.ts:91 [DEBUG] 48:24.111 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.115 RestClient - GET https://xxxxxxx.execute-api.eu-west-2.amazonaws.com/dev/invitation/1234-1243-xxxx-1231
ConsoleLogger.ts:91 [DEBUG] 48:24.117 Credentials - getting credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - picking up credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.118 Credentials - getting new cred promise
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - checking if credentials exists and not expired
ConsoleLogger.ts:91 [DEBUG] 48:24.119 Credentials - need to get a new credential or refresh the existing one
ConsoleLogger.ts:91 [DEBUG] 48:24.120 AuthClass - Getting current user credentials
ConsoleLogger.ts:91 [DEBUG] 48:24.122 AuthClass - Getting current session
ConsoleLogger.ts:91 [DEBUG] 48:24.123 AuthClass - Getting current session
ConsoleLogger.ts:99 [DEBUG] 48:24.131 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.132 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Getting the session from this user: CognitoUser {username: "alex.[email protected]", pool: CognitoUserPool, Session: null, client: Client, signInUserSession: CognitoUserSession, …}
ConsoleLogger.ts:99 [DEBUG] 48:24.133 AuthClass - Succeed to get the user session CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:99 [DEBUG] 48:24.134 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.135 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.135 AuthClass - getting session success CognitoUserSession {idToken: CognitoIdToken, refreshToken: CognitoRefreshToken, accessToken: CognitoAccessToken, clockDrift: 0}
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - set credentials from session
ConsoleLogger.ts:91 [DEBUG] 48:24.136 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 48:24.137 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
ConsoleLogger.ts:99 [DEBUG] 48:24.138 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 48:24.138 Credentials - setting credentials for guest
[DEBUG] 48:24.139 RestClient - No credentials available, the request will be unsigned
1234-1243-1341-1231:1 Uncaught (in promise) cannot get guest credentials when mandatory signin enabled

monscamus on 2 Jul 2020

Altered as you suggest to currentCredentials rather than currentUserCredentials with the same effect:

ConsoleLogger.ts:91 [DEBUG] 03:57.958 Credentials - No Cognito Federated Identity pool provided
ConsoleLogger.ts:99 [DEBUG] 03:58.7 AuthClass - getting session failed No Cognito Federated Identity pool provided
ConsoleLogger.ts:91 [DEBUG] 03:58.11 Credentials - setting credentials for guest
ConsoleLogger.ts:91 [DEBUG] 03:58.11 RestClient - No credentials available, the request will be unsigned
1234-1243-1341-1231:1 Uncaught (in promise) cannot get guest credentials when mandatory signin enabled

monscamus on 2 Jul 2020

My user pool has no associated identity pool - is that required to have IAM credentials?
The AWS use case for ID Pools says:

Identity pool use cases

"Generate temporary AWS credentials for unauthenticated users."

But I'm not interested in unauthenticated users.

Appreciate your help!

monscamus on 2 Jul 2020

Ah ok - this scenario explained it to me: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html#scenario-aws-and-user-pool

Feel free to close this issue - I guess maybe the error code could be better worded but the Logger output that you suggested was fairly definitive.

For those stumbling on this in the future:

/* Create a KMS client provider with your AWS credentials */
const clientProvider = getClient(KMS, { credentials: creds });

Works if there is an associated identity pool with AuthRole that has appropriate kms permissions.

monscamus on 2 Jul 2020

🚀1 👍1

thanks @monscamus for providing the solution, will help other folks. Closing this.

Amplifiyer on 2 Jul 2020

😄1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Duplicate identifier 'Subscriber with typescript

karlmosenbacher · 3Comments

awsmobile appsync enable forces schema creation

oste · 3Comments

Can't find variable: setTimeout in react-native

shinnapatthesix · 3Comments

required field attribute is not properly implemented in Vue SignUp component

lucasmike · 3Comments

react-native PushNotification.onRegister called twice on Android

ddemoll · 3Comments