amplify-js: CUSTOM_AUTH with password does not work with Auth.signIn()

Describe the bug

I am using a Custom Auth flow with the 3 Lambda Function to generate a secret and have the user verify that secret. I have set authenticationFlowType: 'CUSTOM_AUTH' in the client side. However, calling Auth.signIn(username, password) shows the error below-

TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.

To Reproduce Steps to reproduce the behavior:

  1. Set the three Lambda Functions for a CUSTOM_CHALLENGE in Cognito Define, Create and Verify Auth Challenge Triggers
  2. Set authenticationFlowType: 'CUSTOM_AUTH' in the client (Javascript)
  3. Make a call to Amplify Auth.signIn method with username & password
  4. Notice Error - TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.

Expected behavior Expected behavior is to get back an instance of CognitoUser object with custom challenge property so that the user can be prompted to respond to the challenge.

Screenshots Screen Shot 2019-04-24 at 8 44 22 AM

Desktop (please complete the following information):

  • OS: macOS
  • Browser: Chrome Version 73.0.3683.103 (Official Build) (64-bit)

Additional context The issue seem to be related to #594 and #525. However, the code being referred to in these threads are already in the latest build . i.e.

else if (this.authenticationFlowType === 'USER_SRP_AUTH' || this.authenticationFlowType === 'CUSTOM_AUTH') {

However, passing the password still doesn’t work and continues to show the error. Removing, the password or passing null for password in Auth.signIn works as expected but this would mean paswordless authentication which is not what we intend. Not sure if the SDK supports CUSTOM_AUTH flow with only passwordless authentication.

The error reported above seems to be coming from this line.

It also looks like that initiateAuth() is only called in paswordless mode

https://github.com/aws-amplify/amplify-js/blob/f5cf034d244879f56dca6c11aca74863ed6a340f/packages/auth/src/Auth.ts#L466-L487

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 4
  • Comments: 28 (7 by maintainers)

Most upvoted comments

@b-tiwari I think this error has a lot to do with how you code the Define Auth Lambda Trigger function I noticed that if you want to do Password verification and then a CUSTOM_AUTH from your app then your Define Auth lambda has to be exactly as shown below especially the SRP_A part which is the first if check. If I do authenticationFlowType: 'CUSTOM_AUTH' with the lambda function as below then it works fine and cognito first verifies the password and then returns the token with the CUSTOM_CHALLENGE back to the App at which point I can prompt the user to enter whatever custom challenge I have defined (i.e. Captcha, or temporary code etc.).

exports.handler = async (event, context) => {    
    if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'PASSWORD_VERIFIER';
    } else if (event.request.session.length == 2  &&  event.request.session[1].challengeName == 'PASSWORD_VERIFIER'  && event.request.session[1].challengeResult == true) {
        event.response.issueTokens = false;
        event.response.failAuthentication = false;
        event.response.challengeName = 'CUSTOM_CHALLENGE';
    } else if (event.request.session.length == 3  &&  event.request.session[2].challengeName == 'CUSTOM_CHALLENGE'  && event.request.session[2].challengeResult == true) {
        event.response.issueTokens = true;
        event.response.failAuthentication = false;
    } else {
        event.response.issueTokens = false;
        event.response.failAuthentication = true;
    }
    context.done(null, event);
};

Also, keep in mind, that you will need to atleast have created the Define Challenge trigger as well to be able to even test this whole thing. It’s just that the documentation on CUSTOM_AUTH is not very good or detailed and the only meaningful documentation is this blog post- https://aws.amazon.com/blogs/mobile/customizing-your-user-pool-authentication-flow/

+6
annjawn on Mar 15, 2023

works for me using @obonyojimmy suggestion, passing empty string for the password

Auth.signIn({
            username,
            password: '',
})
+2
purwa-astawa on Oct 20, 2022

Hi all, I’m going to close out this issue for now, as it is not an issue with the library but a gap in documentation. We are tracking the documentation improvement here and should have an update published soon.

If you have any additional questions let me know.

+1
nadetastic on Sep 27, 2023

Hi @nadetastic Can you please check the above code and let me know if you can help us with this?

+1
theintellify on Apr 20, 2023

@nadetastic Is there any update on this bug? This is a road blocker for our production release. Can you please help us out with this?

+1
theintellify on Apr 17, 2023

I also noticed that if using Auth.signIn(username, password) , but works if using Auth.signIn({ username, password }) ie an object of {username, password}

+1
obonyojimmy on Oct 20, 2022
Read more comments on GitHub
← amplify-js: Custom auth lambda trigger is not configured for the user pool -> on Sign Up Confirmation
amplify-js: Data live in DynamoDB however AppSync list query doesn't show some of the data →