amplify-swift: Device Binding not working as expected

Describe the bug

We integrated the Amplify iOS SDK (v2.0.2) to our project via SPM (https://github.com/aws-amplify/amplify-ios) to implement our auth flow with Cognito. We also enabled device binding in the Cognito console.

Nevertheless on every login we detected in the Cognito console that there is a new device with a new device key, please see screenshot:

203513558-7d5ece30-1db4-4ece-a8f5-43cc1e868ea7

We integrated the amplify SDK with Swift Package Manager. Therefore we were able to add some prints to ClientHandler#handle function to it to see how the requests the SDK send are looking like by editing the file /Users/<USERNAME>/Library/Developer/Xcode/DerivedData/<APP>/SourcePackages/checkouts/smithy-swift/Packages/ClientRuntime/Sources/Networking/Http/SdkHttpClient.swift :


func handle(context: HttpContext, input: SdkHttpRequest) async throws -> OperationOutput<Output> {
        print(“DEBUGLOG REQUEST\nPath:\n\(input.endpoint.path)\n Headers:\n\(input.headers)\nBody:\n\(input.body.debugDescription)“)

        let httpResponse = try await engine.execute(request: input)

        print(“DEBUGLOG RESPONSE\nHeaders:\n\(httpResponse.headers)\nBody:\n\(httpResponse.body)\n status code:\n\(httpResponse.statusCode)“)

        return OperationOutput<Output>(httpResponse: httpResponse)
    }

After doing this and running the project we realized that the SDK call Amplify.Auth.signIn(username: “username”, password: “pin”) does not send the device key in the request body like it should according the documentation here https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_RequestSyntax. This could be the reason the device binding does not work as expected and on every login we see a new device in the Cognito console

Under the hood this SDK method does a AWSCognitoIdentityProviderService.InitiateAuth From what I see in the logout.

In the iOS app we have the configuration file amplifyconfiguration.json and it looks like this:


{
    "auth": {
        "plugins": {
            "awsCognitoAuthPlugin": {
                "IdentityManager": {
                    "Default": {}
                },
                "CognitoUserPool": {
                    "Default": {
                        "PoolId": "pool-id",
                        "AppClientId": "app-client-id",
                        "Region": "eu-central-1"
                    }
                },
                "Auth": {
                    "Default": {
                        "authenticationFlowType": "USER_SRP_AUTH"
                    }
                }
            }
        }
    }
}

The configuration of the user pool in the Cognito console for the device binding looks like this:

1C7D8130-7372-490B-84AF-18C04C0447C7

Steps To Reproduce

Already described in the 1st section

Expected behavior

Amplify.Auth.signIn(username: “username”, password: “pin”) sends the device key. In the console - we only see one device if we are doing multiple logins on the same device

Amplify Framework Version

2.0.2

Amplify Categories

Auth

Dependency manager

Swift PM

Swift version

5.7

CLI version

10.4.0

Xcode version

14.0.1

Relevant log output

AWSCognitoIdentityProviderService.InitiateAuth looks like this in the XCode log after adding the prints:

Request AWSCognitoIdentityProviderService.InitiateAuth:

Path:
/

Headers:
User-Agent: aws-sdk-swift/1.0 api/cognito-identity-provider/1.0 os/iOS/16.1.0 lang/swift/5.7 lib/amplify-ios/2.0.2,
Content-Type: application/x-amz-json-1.1,
Content-Length: 6624,
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth,
x-amz-user-agent: aws-sdk-swift/1.0,
Host: http://cognito-idp.eu-central-1.amazonaws.com

Body:
{“UserContextData”:{“EncodedData”:“xxx“},“ClientMetadata”:{},“AuthParameters”:{“SRP_A”:“xxx”,“USERNAME”:“+49xxxxxxxx"},“AuthFlow”:“USER_SRP_AUTH”,“ClientId”:“xxx”}

Response AWSCognitoIdentityProviderService.InitiateAuth:


Headers:
Content-Type: application/x-amz-json-1.1,
Date: Wed, 23 Nov 2022 09:09:18 GMT,
Content-Length: 2731,
x-amzn-RequestId: 5ef59369-1dcb-4db3-838c-710ecdbf7b50,
Connection: keep-alive

Body:
{“ChallengeName”:“PASSWORD_VERIFIER”,“ChallengeParameters”:{“SALT”:“xx”,“SECRET_BLOCK”:“xxx“,”SRP_B”:“xxx”,“USERNAME”:“c81xx”,“USER_ID_FOR_SRP”:“c81xx”}}

status code:
http_status_200

Is this a regression?

No

Regression additional context

No response

Device

iPhone 13 pro

iOS Version

iOS 16.1

Specific to simulators

No

Additional context

Nothing

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 36 (19 by maintainers)

Most upvoted comments

The changes are merged to main branch and will be available in the next release - https://github.com/aws-amplify/amplify-swift/pull/2717

+2
royjit on Feb 20, 2023

@rb090 , your error looks like this issue https://github.com/awslabs/aws-sdk-swift/issues/560. Are you testing with Swift Playgrounds? Have you tried reset package cache?

+1
5d on Nov 28, 2022
Read more comments on GitHub
← amplify-swift: DataStore persistence not working
amplify-swift: Error happened when I return back from offline mode and turn on the wifi, Also a crash happened if I restarted the data store again →