Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed the bug that made DEVICE_PASSWORD_VERIFIER for remembered device fail #62

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fixed the bug that made DEVICE_PASSWORD_VERIFIER for remembered device fail #62

wants to merge 1 commit into from

Conversation

LudySu
Copy link

@LudySu LudySu commented Oct 25, 2019

If you have enabled device remembering feature in you User Pool, this SDK will fail in response to DEVICE_PASSWORD_VERIFIER challenge, which occurs on the second time you login with the same device. Here is the error response from AWS:

HTTP/1.1 400 Bad Request
x-amzn-ErrorType: NotAuthorizedException:
x-amzn-ErrorMessage: Incorrect username or password.

{
  "__type": "NotAuthorizedException",
  "message": "Incorrect username or password."
}

This is because when you first time login with this device, it sends the WRONG PasswordVerifier JSON parameter in the AWSCognitoIdentityProviderService.ConfirmDevice request. This doesn't fail, which means you will be able to login the first time, but it is sending a WRONG parameter (hash based of the combination of device key, device group key and a random string), so AWS Cognito remembers the WRONG information. Consequently, the second time when the SDK sends a parameter PASSWORD_CLAIM_SIGNATURE in the DEVICE_PASSWORD_VERIFIER phase using the CORRECT device key and device group key to generate that hash, hence the conflict.

More details from my blog if anyone is interested.

@LudySu
Fixed the bug that made DEVICE_SRP_AUTH for remembered device not abl…
a97647f 
…e to login. There is one extra character when calculating the hash `PasswordVerifier` in the `AWSCognitoIdentityProviderService.ConfirmDevice` request for the first login.
@LudySu LudySu mentioned this pull request Oct 25, 2019
Open
@furaiev
Copy link

furaiev commented Dec 23, 2019

Hi,
I've copied this project in a separate package (because this one isn't supported anymore) https://pub.dev/packages/amazon_cognito_identity_dart_2
Welcome to contribute.

@LudySu LudySu mentioned this pull request Jan 6, 2020
Merged
@isaiahtaylorhh
Copy link

Hi, thanks for your work on this. Unfortunately I am still getting this error even with the merged fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LudySu @furaiev @isaiahtaylorhh