amplify-js: completeNewPassword throws when responding to NEW_PASSWORD_REQUIRED

Do you want to request a feature or report a bug? Bug

What is the current behavior?

Calling completeNewPassword in response to a NEW_PASSWORD_REQUIRED challenge throws an error from return this.authenticateUserInternal below.

        jsonReq, (errAuthenticate, dataAuthenticate) => {
          if (errAuthenticate) {
            return callback.onFailure(errAuthenticate);
          }
          return this.authenticateUserInternal(dataAuthenticate, authenticationHelper, callback);
        });
    return undefined;

errAuthenticate gets the value.

errAuthenticate:{code: "UnknownError", message: "Unkown error"}

The actual error is thrown from new CognitoUserSession(sessionData) below

getCognitoUserSession(authResult) {
    const idToken = new CognitoIdToken(authResult);
    const accessToken = new CognitoAccessToken(authResult);
    const refreshToken = new CognitoRefreshToken(authResult);

    const sessionData = {
      IdToken: idToken,
      AccessToken: accessToken,
      RefreshToken: refreshToken,
    };

    return new CognitoUserSession(sessionData);
  }

The error is:

"Error: You attempted to set the key 'signInUserSession' with the value '{"idToken":{"jwtToken":"ey......","payload":{"sub":"d2d...","aud":"5ir...","email_verified":true,"event_id":"22...","token_use":"id","auth_time":1527254746,"iss":"https://cognito-idp.eu-west-1.amazonaws.com/eu...","cognito:username":"d2d...","exp":1527258346,"iat":152...,"email":"pdo"}},"refreshToken":{"token":"eyJjdHkiOiJKV"},"accessToken":{"jwtToken":"eyJr....","payload":{"sub":"d2d....","device_key":"eu-west...","event_id":"22....","token_use":"access","scope":"aws.cognito.signin.user.admin","auth_time":1527254746,"iss":"https://cognito-idp.eu-west-1.amazonaws.com/eu-....","exp":1527258346,"iat":1527254747,"jti":"499....","client_id":"5ir...","username":"d2d...."}},"clockDrift":156}' on an object that is meant to be immutable and has been frozen.
    at throwOnImmutableMutation (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2666:11)
    at CognitoUser.authenticateUserInternal (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:100176:32)
    at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:100259:25
    at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:101733:35
    at tryCallOne (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:3538:14)
    at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:3639:17
    at blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2922:21
    at _callTimer (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2811:9)
    at _callImmediatesPass (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:2847:9)
    at Object.callImmediates (blob:http://localhost:8081/6e44dfc7-e89e-4750-8e03-e1689bade17a:3066:14)"

The user did have their status updated from FORCE_CHANGE_PASSWORD to CONFIRMED despite the error.

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. Your bug will get fixed much faster if we can run your code and it doesn’t have dependencies other than AWS Amplify.

      .then((user) => {
        if(user.challengeName === "NEW_PASSWORD_REQUIRED") {
          Auth.completeNewPassword(user, password, user.challengeParam.requiredAttributes)
                  .then(() => {
                      // winning
                  }).catch(error => {
                    // not winning
           });
        } 
      })

What is the expected behavior?

Updates users password in response to completeNewPassword

Which versions of Amplify, and which browser / OS are affected by this issue? Did this work in previous versions?

“aws-amplify”: “^0.4.1”,

You can turn on the debug mode to provide more info for us by setting window.LOG_LEVEL = 'DEBUG'; in your app.

Log:

{[DEBUG] 57:50.295 AuthClass - completeNewPassword failure: {…}}
[DEBUG] 57:50.295 AuthClass - completeNewPassword failure:
  code : "UnknownError"
message:"Unkown error"
__proto__:Object
__proto__:Object
ConsoleLogger.js:100
{[DEBUG] 57:50.297 Analytics - on hub capsule auth: {…}}
[DEBUG] 57:50.297 Analytics - on hub capsule auth:
  data:
    code:"UnknownError"
message:"Unkown error"
__proto__:Object
event:"completeNewPassword_failure"
__proto__:Object
__proto__:Object

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 4
  • Comments: 18 (6 by maintainers)

Most upvoted comments

I’m having the exact same issue and I had a few questions:

  • I can’t find anything in the official documentation of how to deal with a first time user. Is there a discussion of this somewhere?
  • “completeNewPasswordChallenge” also works for me, but it also throws the error when it runs (it throws, but it works). Has anyone figured out why? Thanks.
+7
differentsmoke on Sep 21, 2018

@rfdc the user object you passed into the completeNewPassword method should be a CognitoUser object, not the email. This object is returned by signIn method.

+4
powerful23 on Mar 11, 2019

The following code works for me.

      .then((user) => {
        if(user.challengeName === "NEW_PASSWORD_REQUIRED") {
          user.completeNewPasswordChallenge(password)
                  .then(() => {
                      // winning
                  }).catch(error => {
                    // not winning
           });
        } 
      })
+2
carbonrobot on Jun 20, 2018

Closing the issue because of inactivity, please feel free to open a new issue if your problem persist.

+1
elorzafe on Apr 3, 2019
  1. That is what I’m doing.
  2. completeNewPasswordChallenge doesn’t seem to be described in the Docs.
+1
differentsmoke on Oct 22, 2018
Read more comments on GitHub
← amplify-js: cognito.user.signOut() does not invalidate tokens
amplify-js: Configured event breaking change not documented →