Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Auth.setupTOTP - Invalid session for the user
See original GitHub issueDescribe the bug I set up Amplify with Cognito authentication with SMS MFA enabled. I have configured my own UI to provide the credentials and it used to work just fine. However, the SMS text messages suddenly stopped being delivered. I could tell the messages were trying to be sent. CloudWatch had the errors logged and said “Phone is currently unreachable/unavailable.” In all the research I’ve done, I haven’t been able to find a reason why. Increased spending limits did not solve the problem. I encountered another issue that sounded similar [#5137] and although it wasn’t technically resolved I decided to implement the workaround from that issue.
The workaround was to implement TOTP MFA. However, I am unable to get it to work. Every time
Auth.setupTOTP(user)
is called, I get this error:
{code: "NotAuthorizedException", name: "NotAuthorizedException", message: "Invalid session for the user."}
This is the CognitoUser object returned from the sign in method provided by Amplify:
{
Session: "xxxxxx"
authenticationFlowType: "USER_SRP_AUTH"
challengeName: "SMS_MFA"
challengeParam: {CODE_DELIVERY_DELIVERY_MEDIUM: "SMS", CODE_DELIVERY_DESTINATION: "+*******9088"}
client: Client {endpoint: "https://cognito-idp.us-west-2.amazonaws.com/", userAgent: "aws-amplify/0.1.x js"}
keyPrefix: "CognitoIdentityServiceProvider.xxx"
pool: CognitoUserPool {userPoolId: "us-west-2_xxx", clientId: "xxx", client: Client, advancedSecurityDataCollectionFlag: true, storage: Storage}
signInUserSession: null
storage: Storage {aws.cognito.identity-id.us-west-2:xxx: "us-west-2:xxx", aws.cognito.identity-id.us-west-2:xxx: "us-west-2:xxx", CognitoIdentityId-us-west-2:xxx: "us-west-2:xxx", CognitoIdentityId-us-west-2:xxx: "us-west-2:xxx", length: 4}
userDataKey: "CognitoIdentityServiceProvider.xxx.michael.userData"
username: "michael"
}
The Session variable has a value, but the signInUserSession variable is null. I assume the signInUserSession being null is the reason why this isn’t working.
To Reproduce Steps to reproduce the behavior:
- Configure app via amplify cli to have MFA (TOTP) required
- Sign up a new user (confirm email and everything)
- Sign in newly created user using
Auth.signIn - Attempt to set up MFA TOTP via
Auth.setupTOTPwith theuserobject returned from the sign in method
Expected behavior
Auth.setupTOTP(user) would accept the user object returned from the Auth.signIn(username, password) method to allow MFA TOTP to be configured. With this, the setupMFA method would return a code to generate a QR code for end user to configure their Authenticator application.
Issue Analytics
- State:
- Created 3 years ago
- Comments:27 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Just wanna confirm that following workflow works: initiateAuth -> associcateSoftwareToken -> VerifySoftwareToken -> RespondToAuthChallenge.
I’m currently seeing this issue.