You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CognitoUser.getSession initiated with "USER_PASSWORD" authentication type does not send secret hash with the in auth request which leads to: "NotAuthorizedException: Unable to verify secret hash for client"
To help us solve your problem better, please answer the following list of questions.
What service are you using?
Cognito
In what version of SDK are you facing the problem?
aws-android-sdk-cognitoauth:2.6.23
Is the issue limited to Simulators / Actual Devices?
Any
Can your problem be resolved if you bump to a higher version of SDK?
There is no higher SDK version at the moment
Is this problem related to specific Android/OS version?
No
Can you give us steps to reproduce with a minimal, complete, and verifiable example? Please include any specific network conditions that might be required to reproduce the problem.
I tracked problem down to: CognitoUser.initiateUserPasswordAuthRequest, it doesn't add SECRET_HASH parameter to the auth request.
Reproduce:
Call CognitoUser.getSession(...) with such a code in the AuthenticationHandler:
@Override
public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String username)
{
AuthenticationDetails authDetails = new AuthenticationDetails(username, password, null);
authDetails.setAuthenticationType(CognitoServiceConstants.CHLG_TYPE_USER_PASSWORD);
authenticationContinuation.setAuthenticationDetails(authDetails);
authenticationContinuation.continueTask();
}
Auth request will be sent without "SECRET_HASH" property set, which leads to "...NotAuthorizedException: Unable to verify secret hash for client..." exception.
Please include a stacktrace if applicable.
com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException: Unable to verify secret hash for client iDontWantToShareClint (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 1616d336-7d20-11e8-aa2a-79a1678c9988)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:730)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
at com.amazonaws.services.cognitoidentityprovider.AmazonCognitoIdentityProviderClient.invoke(AmazonCognitoIdentityProviderClient.java:5200)
at com.amazonaws.services.cognitoidentityprovider.AmazonCognitoIdentityProviderClient.initiateAuth(AmazonCognitoIdentityProviderClient.java:3580)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.startWithUserPasswordAuth(CognitoUser.java:2571)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.initiateUserAuthentication(CognitoUser.java:773)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation.continueTask(AuthenticationContinuation.java:115)
at com.shutterfly.android.commons.usersession.providers.CognitoAuthentication$LoginHandler.getAuthenticationDetails(CognitoAuthentication.java:192)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:744)
at com.shutterfly.android.commons.usersession.providers.CognitoAuthentication.login(CognitoAuthentication.java:86)
at com.shutterfly.android.commons.usersession.AuthDataManager.loginSync(AuthDataManager.java:574)
at com.shutterfly.android.commons.usersession.AuthDataManager.lambda$login$1$AuthDataManager(AuthDataManager.java:532)
at com.shutterfly.android.commons.usersession.AuthDataManager$$Lambda$1.run(Unknown Source:24)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:457)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
If you need help with understanding how to implement something in particular then we suggest that you first look into our developer guide. You can also simplify your process of creating an application by using Mobile Hub.
The text was updated successfully, but these errors were encountered:
Problem.
CognitoUser.getSession
initiated with "USER_PASSWORD" authentication type does not send secret hash with the in auth request which leads to: "NotAuthorizedException: Unable to verify secret hash for client"To help us solve your problem better, please answer the following list of questions.
Cognito
aws-android-sdk-cognitoauth:2.6.23
Any
There is no higher SDK version at the moment
No
I tracked problem down to:
CognitoUser.initiateUserPasswordAuthRequest
, it doesn't addSECRET_HASH
parameter to the auth request.Reproduce:
Call
CognitoUser.getSession(...)
with such a code in theAuthenticationHandler
:Auth request will be sent without "SECRET_HASH" property set, which leads to "...NotAuthorizedException: Unable to verify secret hash for client..." exception.
If you need help with understanding how to implement something in particular then we suggest that you first look into our developer guide. You can also simplify your process of creating an application by using Mobile Hub.
The text was updated successfully, but these errors were encountered: