Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Auth: signIn always returns { challengeName : "NEW_PASSWORD_REQUIRED" }

See original GitHub issue

Describe the bug The Auth.signIn() function always returns a new password challenge in the user object: { challengeName : "NEW_PASSWORD_REQUIRED" }, even after doing Auth.completeNewPassword()

The user status is “CONFIRMED” in the AWS Cognito user list.

To Reproduce Steps to reproduce the behavior:

Create a new user
Start sign in flow:

signIn(username, password )
      .then(user => {
        if ((user.challengeName == 'NEW_PASSWORD_REQUIRED')) {
          this._setCompletePasswordState(user);
        } else {
          this.props.onSignIn(user);
        }
      })

Start complete password flow:

completeNewPassword(params)
      .then(response => {
        console.log('password changed: ', response);
        this.props.onSignIn();
      })

Log out
Log back in and inspect user payload

Expected behavior I think the challengeName should be empty

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: macOS
Browser: Chrome
Version: 68

Additional context I am currently getting around this by running checkCurrentAuth() after signIn() and using a catch to detect if the user needs to reset their password:

 signIn({ username, password })
      .then(user => {
        checkCurrentAuth()
          .then(() => {
            this.props.onSignIn(user);
          })
          .catch(() => {
            this._setCompletePasswordState(user);
          });
      })

Issue Analytics

State:
Created 5 years ago
Comments:10 (4 by maintainers)

Top GitHub Comments

4reactions

r-moorecommented, May 17, 2019

You appear to be asigning the value to user.challengeName instead of reading it.

I think if (user.challengeName = 'NEW_PASSWORD_REQUIRED') should be if (user.challengeName === 'NEW_PASSWORD_REQUIRED') ?

See: https://aws-amplify.github.io/docs/js/authentication#complete-new-password

0reactions

github-actions[bot]commented, Aug 28, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

Top Results From Across the Web

How to process with AWS-cognito ...

You can use the respondToAuthChallenge method to set the user's new password and log them in. It should also return the accessToken for...

RespondToAuthChallenge - Amazon Cognito User Pools

The result returned by the server in response to the request to respond to the authentication challenge. Type: AuthenticationResultType object. ChallengeName.

Overcoming shortfalls of AWS Cognito Part1 – Email OTP

This gets called once define auth lambda returns challenge name as ... throw a NEW_PASSWORD_REQUIRED challenge for the first-time login.

initiate-auth — AWS CLI 2.9.6 Command Reference

You can't sign in a user with a federated IdP with InitiateAuth . ... REFRESH_TOKEN_AUTH takes in a valid refresh token and returns...

Application Authentication Using Amazon Cognito and An ...

Typically, the user authentication requirements for an application can be largely classified in ... ChallengeName='NEW_PASSWORD_REQUIRED',.