amplify-js: amazon-cognito-identity-js: Error: Only radix 2, 4, 8, 16, 32 are supported

I am using amazon-cognito-identity-js (v 3.2.0).

My Cognito UserPool is set up to allow users to connect with a verified email address. Logging-in with a username or a verified email address works fine. However, when I try to log in with an unverified email address, I get the following error in the console. This happens whether or not the entered password is correct.

Error: Only radix 2, 4, 8, 16, 32 are supported
    at BigInteger.bnToString [as toString] (BigInteger.js:221)
    at BigInteger.bnToString [as toString] (BigInteger.js:219)
    at AuthenticationHelper.padHex (AuthenticationHelper.js:346)
    at AuthenticationHelper.getPasswordAuthenticationKey (AuthenticationHelper.js:288)
    at CognitoUser.js:301
    at Client.js:63
    at ZoneDelegate.invoke (zone-evergreen.js:359)
    at Object.onInvoke (core.js:39699)
    at ZoneDelegate.invoke (zone-evergreen.js:358)
    at Zone.run (zone-evergreen.js:124)

In the network tab, the corresponding call has the x-amz-target: AWSCognitoIdentityProviderService.InitiateAuth header, and the response is a json with ChallengeName: "PASSWORD_VERIFIER" and a ChallengeParameters object. I would share it here but I’m not sure if it contains sensitive information.

I’d be happy to provide more information if needed.

Edit

One thing that looks odd about the ChallengeParameters object, the salt seems to be a negative hex: SALT: "-55d8411fb9c566437988f9dca451e61d".

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 5
Comments: 26 (3 by maintainers)

Most upvoted comments

Go to User Pools
Open App Clients
Click Show Details
Change Prevent User Existence Errors from Enabled (Recommended) to Legacy

Screen Shot 2019-12-05 at 13 08 16

+27

zcmgyu on Dec 5, 2019

The issue is fixed in https://github.com/aws-amplify/amplify-js/pull/4427. Once it is merged should be resolved.

ofirm93 on Nov 21, 2019

Hey @ELRuncho, I updated from "aws-amplify": "^2.2.6", to "@aws-amplify/auth": "^3.2.6", and no longer have this error.

If anybody comes across this & is importing the entire aws-amplify package for simple auth as I was instead of the modularized @aws-amplify/auth and @aws-amplify/core I highly recommend trying the modular packages instead. Was able to reduce react bundle size by over 2mb with this simple change. See #122

Jmedders on May 5, 2020

Hi @katerinaonair , just came here to remind you that switching to “Legacy” isn’t the best option other than bumping the lib to the latest version which fixes the issue. The reason is, because the “Legacy” User Errors will send too much information from the Cognito pool endpoint, that could potentially make attacker’s life easier. I know this sounds “too much preventive”, but updating the library seems safer here.

Saeger on Aug 11, 2020

@katerinaonair If you’ve updated your aws-amplify dependencies to latest, cleared lock files, node_modules, and are still experiencing this, can you open a new issue with a reproducible sample?

Resolved with “Legacy”, many thanks to @zcmgyu

katerinaonair on Jun 11, 2020

Hi everyone. I starting getting this error when authenticating any user on my userpool, it started showing up all of a sudden. Has updating to the latest version worked for anybody here?

ELRuncho on Apr 20, 2020

on "amazon-cognito-identity-js": "^3.2.0"

getting this error when trying to authenticate using email of user that does not exist in user pool

UPD: will check if updating to latest versions will fix the issue…

rilian on Feb 25, 2020

@ebaizel There is a dump way for temp, you can open the BinInteger.js after install node and update bnToString(b) method into: if (this.s < 0) return '-' + this.negate().toString(); => if (this.s < 0) return '-' + this.negate().toString(b);

vietduong-agilityio on Dec 2, 2019

@ofirm93 Still got this error 😦(

vietduong-agilityio on Nov 29, 2019