Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CUSTOM_AUTH with password does not work with Auth.signIn()

See original GitHub issue

Describe the bug

I am using a Custom Auth flow with the 3 Lambda Function to generate a secret and have the user verify that secret. I have set authenticationFlowType: 'CUSTOM_AUTH' in the client side. However, calling Auth.signIn(username, password) shows the error below-

TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.

To Reproduce Steps to reproduce the behavior:

Set the three Lambda Functions for a CUSTOM_CHALLENGE in Cognito Define, Create and Verify Auth Challenge Triggers
Set authenticationFlowType: 'CUSTOM_AUTH' in the client (Javascript)
Make a call to Amplify Auth.signIn method with username & password
Notice Error - TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.

Expected behavior Expected behavior is to get back an instance of CognitoUser object with custom challenge property so that the user can be prompted to respond to the challenge.

Screenshots Screen Shot 2019-04-24 at 8 44 22 AM

Desktop (please complete the following information):

OS: macOS
Browser: Chrome Version 73.0.3683.103 (Official Build) (64-bit)

Additional context The issue seem to be related to #594 and #525. However, the code being referred to in these threads are already in the latest build . i.e.

else if (this.authenticationFlowType === 'USER_SRP_AUTH' || this.authenticationFlowType === 'CUSTOM_AUTH') {

However, passing the password still doesn’t work and continues to show the error. Removing, the password or passing null for password in Auth.signIn works as expected but this would mean paswordless authentication which is not what we intend. Not sure if the SDK supports CUSTOM_AUTH flow with only passwordless authentication.

The error reported above seems to be coming from this line.

It also looks like that initiateAuth() is only called in paswordless mode

https://github.com/aws-amplify/amplify-js/blob/f5cf034d244879f56dca6c11aca74863ed6a340f/packages/auth/src/Auth.ts#L466-L487

Issue Analytics

State:
Created 4 years ago
Reactions:4
Comments:20 (2 by maintainers)

Top GitHub Comments

3reactions

annjawncommented, Apr 30, 2019

@b-tiwari I think this error has a lot to do with how you code the Define Auth Lambda Trigger function I noticed that if you want to do Password verification and then a CUSTOM_AUTH from your app then your Define Auth lambda has to be exactly as shown below especially the SRP_A part which is the first if check. If I do authenticationFlowType: 'CUSTOM_AUTH' with the lambda function as below then it works fine and cognito first verifies the password and then returns the token with the CUSTOM_CHALLENGE back to the App at which point I can prompt the user to enter whatever custom challenge I have defined (i.e. Captcha, or temporary code etc.).

exports.handler = async (event, context) => {    
    if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'PASSWORD_VERIFIER';
    } else if (event.request.session.length == 2  &&  event.request.session[1].challengeName == 'PASSWORD_VERIFIER'  && event.request.session[1].challengeResult == true) {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'CUSTOM_CHALLENGE';
    } else if (event.request.session.length == 3  &&  event.request.session[2].challengeName == 'CUSTOM_CHALLENGE'  && event.request.session[2].challengeResult == true) {
        event.response.issueTokens = true;
        event.response.failAuthentication = false;
    } else {
        event.response.issueTokens = false;
        event.response.failAuthentication = true;
    }
    context.done(null, event);
};

Also, keep in mind, that you will need to atleast have created the Define Challenge trigger as well to be able to even test this whole thing. It’s just that the documentation on CUSTOM_AUTH is not very good or detailed and the only meaningful documentation is this blog post- https://aws.amazon.com/blogs/mobile/customizing-your-user-pool-authentication-flow/

2reactions

purwa-astawacommented, Oct 20, 2022

works for me using @obonyojimmy suggestion, passing empty string for the password

Auth.signIn({
            username,
            password: '',
})

Top Results From Across the Web

Switching authentication flows - JavaScript - AWS Amplify Docs

For client side authentication there are three different flows: ... To initiate a custom authentication flow in your app, call signIn without a...

Django's admin does not login after custom authentication

The custom authentication I wrote follows the instructions from the docs. I am able to register, login, and logout the user, no problem...

Authenticate with Firebase using Password-Based Accounts ...

On the Sign in method tab, enable the Email/password sign-in method and click Save. Create a password-based account. To create a new user...

Managing error responses - Amazon Cognito

Custom error responses are available for user creation and authentication, ... The error response works when the status is ENABLED and the user...

Authentication - 2.x - CakePHP Cookbook

Creating custom password hasher classes; Manually logging users in; Accessing the ... You don't need to hash passwords before calling $this->Auth->login() .