Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cognito Sign Up not returning Session #6724

Closed
3 of 4 tasks
leonardoalifraco opened this issue Dec 11, 2024 · 10 comments
Closed
3 of 4 tasks

Cognito Sign Up not returning Session #6724

leonardoalifraco opened this issue Dec 11, 2024 · 10 comments
Assignees
Labels
bug This issue is a bug. p2 This is a standard priority issue service-api This issue is due to a problem in a service API, not the SDK implementation.

Comments

@leonardoalifraco
Copy link

leonardoalifraco commented Dec 11, 2024

Checkboxes for prior research

Describe the bug

The documentation for the SignUp operation, indicates that the response will include a Session attribute that you can pass to ConfirmSignUp when you want to immediately sign in your user with the USER_AUTH flow after they complete sign-up.

However the Session attribute is returned always as null.

Tried different configurations in Cognito, allowing all Authentication Flows, but the session still returns as null (or doesn't return at all when called from AWS CLI).

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html#API_SignUp_ResponseSyntax

Regression Issue

  • Select this option if this issue appears to be a regression.

SDK version number

@aws-sdk/[email protected]

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

Node v20.11.1

Reproduction Steps

  1. Call Sign Up
  2. Inspect response, Session is null

Observed Behavior

Session attribute from the SignUpCommandOutput is always null.

Expected Behavior

Session attribute from the SignUpCommand should have a value that can be persisted locally and eventually included in the ConfirmSignUpCommand.

Possible Solution

No response

Additional Information/Context

No response

@leonardoalifraco leonardoalifraco added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 11, 2024
@aBurmeseDev aBurmeseDev self-assigned this Dec 12, 2024
@aBurmeseDev
Copy link
Member

aBurmeseDev commented Dec 12, 2024

Hi @leonardoalifraco - thanks for reaching out.

According to service model, Session may not always return but I'm going to reach out to service team to verify that (ref P179073426). In the meantime, could you please provide your code snippet along with the response you're receiving?

@aBurmeseDev aBurmeseDev added response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Dec 12, 2024
@leonardoalifraco
Copy link
Author

leonardoalifraco commented Dec 13, 2024

Hi @aBurmeseDev, thank you very much.

Adding code snippet below, exec instructions and response below.
I'm using @aws-sdk/client-cognito-identity-provider version 3.710.0

import { CognitoIdentityProviderClient, SignUpCommand, SignUpCommandInput } from "@aws-sdk/client-cognito-identity-provider";
import { createHmac } from 'crypto';

const generateSecretHash = (username: string) => {
  const message = username + process.env.COGNITO_CLIENT_ID;
  return createHmac('sha256', process.env.COGNITO_CLIENT_SECRET || '')
    .update(message)
    .digest('base64');
};

const signUp = async (
  username: string,
  password: string,
  userAttributes: {
    email: string;
    name: string;
  },
) => {
  const cognitoClient = new CognitoIdentityProviderClient();
  const params: SignUpCommandInput = {
    ClientId: process.env.COGNITO_CLIENT_ID,
    Username: username,
    Password: password,
    SecretHash: generateSecretHash(username),
    UserAttributes: [
      { Name: 'email', Value: userAttributes.email },
      { Name: 'name', Value: userAttributes.name },
    ],
  };
  const command = new SignUpCommand(params);
  return await cognitoClient.send(command);
};

const main = async () => {
  try {
    const response = await signUp("username", "Password01!", {
      email: "[email protected]",
      name: "Leo",
    });
    console.log("Sign-up successful:", JSON.stringify(response, null, 2));
  } catch (error) {
    console.error("Failed to sign up:", error);
  }
};

main().catch((error) => {
  console.error("Unhandled error in main:", error);
});

Run with:
COGNITO_CLIENT_ID=<client_id_here> COGNITO_CLIENT_SECRET=<client_secret_here> npx ts-node snippet.ts

Response was:

{
  "$metadata": {
    "httpStatusCode": 200,
    "requestId": "c8309cca-a36d-4dde-954b-d9e1a81c4c34",
    "attempts": 1,
    "totalRetryDelay": 0
  },
  "CodeDeliveryDetails": {
    "AttributeName": "email",
    "DeliveryMedium": "EMAIL",
    "Destination": "t***@d***"
  },
  "UserConfirmed": false,
  "UserSub": "44a8a4c8-e0f1-70f5-7faa-1e6675e36647"
}

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. label Dec 14, 2024
@baraya
Copy link

baraya commented Dec 14, 2024

Ran into the same missing Session attribute yesterday but on the ConfirmSignUpCommand

  new ConfirmSignUpCommand({
    ClientId: process.env.COGNITO_CLIENT_ID,
    SecretHash: secretHash(email),
    Username: email,
    ConfirmationCode: code
  })
);

Response is missing the Session

{
    "$metadata":{"httpStatusCode":200,"requestId":"c2fbe131-a18d-4869-953f-981f1194aa6a","attempts":1,"totalRetryDelay":0}
}

@sjaghori
Copy link

same issue

@aBurmeseDev aBurmeseDev added the service-api This issue is due to a problem in a service API, not the SDK implementation. label Dec 16, 2024
@sjaghori
Copy link

any updates on this one? @aBurmeseDev

@leonardoalifraco
Copy link
Author

Hi @aBurmeseDev, did you have any updates from the Service team?

@aBurmeseDev
Copy link
Member

aBurmeseDev commented Jan 7, 2025

Hi @leonardoalifraco - sorry for the wait. I just heard back from service team member and here's the response

SignUp only will return "Session" when the client has turned on User_Auth. Client setting link: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html#CognitoUserPools-CreateUserPoolClient-request-ExplicitAuthFlows
The reason of this behavior is because only User_Auth flow can use this session from SignUp to authenticate directly after sign up. All other auth flows, the session can not be used / will not take any effect. This is intended behavior.

If you've turned on User_Auth and Session hasn't returned, please let me know and I'll contact service team again.

cc: @sjaghori @baraya

@aBurmeseDev aBurmeseDev added the response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. label Jan 7, 2025
@leonardoalifraco
Copy link
Author

leonardoalifraco commented Jan 8, 2025

Thank you very much @aBurmeseDev.

I have enabled USER_AUTH for the Cognito App Client and it worked perfectly.

For reference, I am attaching test code on how I am confirming a user and initiating auth using the sign up session, and later the confirm sign up session.

This code runs after #6724 (comment) and is returning auth tokens without the need of other user credentials but the session.

import { CognitoIdentityProviderClient, ConfirmSignUpCommand, ConfirmSignUpCommandInput, AuthFlowType, InitiateAuthCommand, InitiateAuthCommandInput} from "@aws-sdk/client-cognito-identity-provider";
import { createHmac } from 'crypto';

const generateSecretHash = (username: string) => {
  const message = username + process.env.COGNITO_CLIENT_ID;
  return createHmac('sha256', process.env.COGNITO_CLIENT_SECRET || '')
    .update(message)
    .digest('base64');
};

const confirmSignUp = async (
  username: string,
  confirmationCode: string,
  session: string,
) => {
  const cognitoClient = new CognitoIdentityProviderClient();
  const params: ConfirmSignUpCommandInput = {
    ClientId: process.env.COGNITO_CLIENT_ID,
    Username: username,
    SecretHash: generateSecretHash(username),
    ConfirmationCode: confirmationCode,
    Session: session,
  };
  const command = new ConfirmSignUpCommand(params);
  return await cognitoClient.send(command);
};

const initiateAuth = async (
  username: string,
  session: string,
) => {
  const cognitoClient = new CognitoIdentityProviderClient();
  const params: InitiateAuthCommandInput = {
    ClientId: process.env.COGNITO_CLIENT_ID,
    AuthFlow: AuthFlowType.USER_AUTH,
    AuthParameters: {
      USERNAME: username,
      SECRET_HASH: generateSecretHash(username),
    },
    Session: session,
  };
  const command = new InitiateAuthCommand(params);
  return await cognitoClient.send(command);
};

const main = async () => {
  try {
    const username = ""; // username here
    const confirmationCode = ""; // confirmation code here
    const session = ""; // sign-up session here
    const response = await confirmSignUp(username, confirmationCode, session);
    console.log("Confirm Sign-Up successful:", JSON.stringify(response, null, 2));

    const initiateAuthResponse = await initiateAuth(username, response.Session || "");
    console.log("InitiateAuth successful:", JSON.stringify(initiateAuthResponse, null, 2));
  } catch (error) {
    console.error("Failed:", error);
  }
};

main().catch((error) => {
  console.error("Unhandled error in main:", error);
});

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. label Jan 9, 2025
@aBurmeseDev
Copy link
Member

Glad it worked out, and I appreciate you for sharing the code for others who might face similar issues down the road. Feel free to reach out anytime if you need anything else.

Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue is a bug. p2 This is a standard priority issue service-api This issue is due to a problem in a service API, not the SDK implementation.
Projects
None yet
Development

No branches or pull requests

4 participants