Aws-sdk-js: AWS Cognito send invalid devicename in authevents

Created on 4 Dec 2020 · 4Comments · Source: aws/aws-sdk-js

Confirm by changing [ ] to [x] below to ensure that it's a bug:

[x] I've gone through Developer Guide and API reference
[x] I've checked AWS Forums and StackOverflow for answers
[x] I've searched for previous similar issues and didn't find any solution

Bug description
I used CognitoIdentityServiceProvider.adminListUserAuthEvents for getting user auth events but received an invalid result. I logged in from Opera but Cognito displays that I used Chrome 8 (this is a mistake).

I could fix that if I get original navigator.userAgent (for example: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400), but I only received data like that:

 {
    "EventId": {EVENT_ID},
    "EventType": "SignIn",
    "CreationDate": {CREATION_DATE},
    "EventResponse": "Pass",
    "EventRisk": {
      "RiskDecision": "AccountTakeover",
      "RiskLevel": "Low",
      "CompromisedCredentialsDetected": false
    },
    "ChallengeResponses": [
      {
        "ChallengeName": "Password",
        "ChallengeResponse": "Success"
      }
    ],
    "EventContextData": {
      "IpAddress": {MY_IP_ADDR},
      "DeviceName": "Chrome 8, Linux",
      "City": {MY_CITY},
      "Country": {MY_COUNTRY}
    }
  }

I wouldn't like to make the crutch, to clarify this information, like creating preauth Cognito trigger which will log this information in another Table and handle this flow by myself.

Crutch for detection browser I found here

Is the issue in the browser/Node.js?
I got this data from CognitoIdentityServiceProvider.adminListUserAuthEvents in my Lambda function

If on Node.js, are you running this on AWS Lambda?

Yes

Details of the browser/Node.js version
local sh:

node -v
v12.16.1

serverless config:

...
runtime: nodejs12.x
...

SDK version number

dependencies:

yarn list v1.22.10
warning Filtering by arguments is deprecated. Please use the pattern option instead.
├─ @aws-amplify/[email protected]
│  └─ [email protected]
└─ [email protected]
Done in 0.95s.

To Reproduce (observed behavior)

create a login from Opera like testUser
get adminListUserAuthEvents of its user
you can see in the result, that instead of Opera Chrome is displayed

Expected behavior
I expect to get a valid name of the browser which the user uses for login, or getting the original userAgent field

Screenshots
none

Additional context
Duplicate this issue/bug on stackoverflow

TT: V292264332

feature-request service-api

Source

Fomin2402

Most helpful comment

Thanks for opening this issue, this does seem to be a Cognito issue and not SDK, let me forward a request to them, will update the issue once I have a response from the team.

ajredniwja on 16 Dec 2020

👍2

All 4 comments

Opera is based on Chromium, this could be why.

uncodable on 5 Dec 2020

@uncodable

Opera is based on Chromium, this could be why.

I know that, but there are some hacks on how to avoid this mistake

For example, my userAgent from Opera on Ubuntu:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 OPR/72.0.3815.400

So, this string includes OPR/72.0.3815.400 for detecting that this is the Opera.

So, what I want?:
I want to get the correct name of the browser.

For example, I see some ways to solve this problem:

AWS will add original userAgent field to the answer from CognitoIdentityServiceProvider.adminListUserAuthEvents
- AWS will update his method of browser detecting

Fomin2402 on 6 Dec 2020

👍1

Thanks for opening this issue, this does seem to be a Cognito issue and not SDK, let me forward a request to them, will update the issue once I have a response from the team.

ajredniwja on 16 Dec 2020

👍2

Soft update: The Cognito team has acknowledged the issue, they are working on the fix, while there is not a fixed ETA on it, it should be in January.

ajredniwja on 29 Dec 2020

Was this page helpful?

0 / 5 - 0 ratings