Angular - authState looks to not update after completeNewPassword is being triggered

[39ro]

Hello guys, I was trying to re-write the Angular components for AWS-amplify and I encountered a few problems with the completeNewPassword method.

Here the component provided by you: require-new-password.component.ts

1. I am trying to login an user with "UserStatus": "FORCE_CHANGE_PASSWORD" (ex. after creating an User using the API admin-create-user ),
2. My completeChallengeNewPassword CanActivate is triggered, check if (this._auth.currentUser.challengeName === 'NEW_PASSWORD_REQUIRED'), true redirect to "/new-password" to let him update his new password.
3. After I submit my new password, the completeChallengeNewPassword is being triggered but the AuthState doesn't looks to update his challengeName field and my CanActivate still match the condition
   if (this._auth.currentUser.challengeName === 'NEW_PASSWORD_REQUIRED') as true, avoiding me to redirect the user to protected pages.

Now trying to refresh the page manually the AuthState is being updated and I can now redirect the user to protected pages.

• Authentication Service
• New Password Component
• ChallengeNewPasswordRequired - CanActivate: the ChallengeNewPasswordRequired is a guardian. CanActivate, to help me protect specific routes.

It's a couple of hours that I am struggling on it and would be happy if one of you could help me to sort out where the problem is. Thanks!

[39ro]

Ok, I was able to solve it by signing in again the user with the new password, after the completeNewPassword has been triggered.

  completeChallengeNewPassword(password) {
    this._auth.completeNewPassword(password.newPassword)
      .then(user => {
        this._auth.login({username: user.username, password: this.newPassword}).then(() => {
          this.route.navigate(['/admin'])
        });
      })
      .catch(err => this.errorMessage = err.message)
  }

The previous behavior doesn't sound really good, at least I am not able to understand why the authStateChange$ is not updating!
After I set a new password (completeChallengeNewPassword: Promise) the response still result as challengeName: 'NEW_PASSWORD_REQUIRED'.
Refreshing the page the user result logged in and no challengeName are present.

[jan1za]

I think the reason is is not working is there is no decorator (auth.decorator.ts) for completeNewPassword. Temp workaround is to call the following when the Auth.completeNewPassword comes back successful .
amplifyService.setAuthState({ state: 'signedIn', user: userReturned });

Where userReturned is the user I got back from Auth.completeNewPassword.

The decorators (auth.decorator.ts) are not complete, so if you for example:
I delete the user in cognito while still logged in on the frontend, and you refresh the angular page. The authstate remains signedIn. Even if Auth.currentUserInfo() returns {}. The reason is function check(authState: Subject) in auth.decorator.ts returns a user, on check but does not validate that it has data? So it makes it signed in even though it is not and the service call to Cognito threw a 400.

Something else, amplify.service.ts has private _authState = new Subject();
If my code signs up late for the authState, I dont get a value, unless I do something. It should be BehaviorSubject and not Subject.

If what I am saying is crap, please let me know. I am trying to learn TypeScript only been busy with it for 2 days, else I would have updated the code and submitted. I don't want to be that idiot :)

Thank you again for an awesome package. Much nicer than building cognito intergation it in JavaScript.

[elorzafe]

@39ro @jan1za, @haverchuck is looking into this issue.

[haverchuck]

@39ro @jan1za - Yes, I think this is a decorator issue. Continuing to look into it.

Update - Not necessarily a decorator issue, entirely.

Update 2: This was actually an issue with the amazon-cognito-identity-js package. Basically, the challengeName on the cognito user object was not getting reset after the response came back from Cognito upon completion of the completePassword function. I've submitted a PR to fix this.

I'd rather not add another decorator quite yet, because under current conditions it would result in duplicate state setting. I can fix later if necessary.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.