Cannot authenticate: Auth.signIn() fails with "false provider" and "Error in federating the token" messages in Android simulator #1204
Comments
dorontal
changed the title
dorontal
changed the title
dorontal
changed the title
|
Hello @dorontal - Thanks for opening the issue. I want to clarify a few things. Are you awaiting the future returned from Auth.signIn(). Do the calls look like: Amplify.Auth.signIn()
Amplify.Auth.getCurrentUser()or this: await Amplify.Auth.signIn()
Amplify.Auth.getCurrentUser()Do you know what version of amplify_flutter you were using when this was working? Do you know if you were using the same device and OS version when this was working? Thanks |
Yes.
Please accept my apologies but I do not know which version worked. I know that when I saw things working:
Always used the same device & OS - they have always been the Android Simulator from Android Studio. The emulated device is a mobile "Nexus 6" like device with Android 8.0 x86 "Oreo" |
|
@dorontal - Thanks for the info.
It sounds like you are frequently recreating environments with the latest CLI version. Your pubspec file shows you are using amplify_flutter 0.2.10. Do you also frequently upgrade this, or do you believe you were using the same version of amplify_flutter when this was previously working? |
|
Thanks @Jordan-Nelson for responding. Unfortunately, I don't remember exactly. Looking through the backups for this project, which only start on 12/5, I see that on 12/10 I switched over from Amplify CLI version |
|
The version of amplify_flutter and amplify cli are not connected. Even though you are frequently upgrading amplify cli, you may have been using the same version of amplify_flutter. This is not necessarily an issue, but it would be helpful to know if you are also frequently upgrading amplify_flutter in order to reproduce this. The amplify_flutter version is specified in your pubspec.yaml file. Based on the output from your pubspec.lock, you are currently using version 0.2.10 of amplify_flutter. Do you know if you have upgraded the version of amplify_flutter (the value listed in your your pubspec.yaml file, not the cli version) recently? |
|
@Jordan-Nelson just checked the repository history of |
Jordan-Nelson
added
the
to-be-reproduced
|
Today, with absolutely zero new changes to the code since this issue was reported - everything is working! The user does get signed in after the call to I'm going to assume that this was an infrastructure issue on the AWS server end and close this. |
|
Today, after upgrading to the Amplify CLI version I don't know what is causing this issue to be intermittent. Does anybody see a similar issue? To summarize, what I see is that after a call to |
|
Noticed that there are more error messages not shown above, so here's the output, in VSCode's "DEBUG CONSOLE" tab: I'll split this output into phases, depending on which function is getting called per phase: Upon starting the app, before the auth service is even activated, we see this: The app calls Now a user tries to sign in and Notice the message Invalid identity pool configuration. Check assigned IAM roles for this pool above. I did check the identity pool and user pool connection and configuration in the AWS console and all seems correctly configured there. For example, I used these instructions to check that trust relationships have been properly set-up, plus many other checks -- all seems fine at the AWS console. Also notice the last message Library attempted to call user callback twice, expected only once. Right after the call to |
|
any solutions? |
|
Just tried again with version |
|
Still, nobody can sign-in to any of my apps because of this bug. My apps are set-up for email-only verification and sign-up / sign-in. Has anybody been able to log their users into their app when setting up with the CLI version |
|
Just tried the new CLI version |
|
Hi @dorontal thanks for posting all that information. It sounds like updating the 'amplify-cli' broke your working setup correct? Is it easy for you to share the commands you made in amplify cli to setup your project? I'm thinking that we should make a basic replication of your Auth code flow on our side in Flutter and on an Android native app with Amplify Android. If the problem persists on Android native the issue is likely outside of our Amplify Flutter library which means we should reach out to other teams. |
|
Hi @fjnoyp and thanks very much for the response. Hopefully the issue I reported is not specific/unique to my setup. Not worthwhile for you to replicate the entire setup (8 expect scripts,1 shell script, driven by a master shell script - that create auth, storage, a graphql api, two lambda triggers, a lambda with a rest api) but the most relevant script is the expect script that sets up auth via amplify auth update here it is below. To fully replicate the issue, one needs to use this setup and - from your flutter program - first sign up with email and password, then try to sign in with email and password - you'll see the issue and never be able to sign in in a way that returns success from Expect script that sets up Auth via
|
|
Hi @dorontal unfortunately I am not able to reproduce your problem on my side. Please let me know if I didn't properly reproduce your setup. Also, perhaps your Lambda function is doing something strange? Observed BehaviorWhen I run sign up, I get a lambda error but I didn't configure any lambda functions so that's expected. Out of curiosity what did you write in your lambda? Console Output``` E/amplify:flutter:auth_cognito( 2631): LambdaException E/amplify:flutter:auth_cognito( 2631): AuthException{message=Confirm sign up failed, cause=com.amazonaws.services.cognitoidentityprovider.model.UserLambdaValidationException: PostConfirmation failed with error callback is not a function. (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: UserLambdaValidationException; Request ID: 8e307518-9a5d-4247-9371-b0669d729eee), recoverySuggestion=See attached exception for more details.} E/amplify:flutter:auth_cognito( 2631): at com.amplifyframework.auth.cognito.util.CognitoAuthExceptionConverter.lookup(CognitoAuthExceptionConverter.java:126) ```However, when I try to sign in and call Reproduction StepsI am running Amplify CLI When setting it up in Amplify for: Here is what I did in Amplify CLI setup
For the code, I just used the new Amplify Authenticator component. It's really easy to setup and use: Make sure to use https://docs.amplify.aws/ui/auth/authenticator/q/framework/flutter/ |
|
Hi @fjnoyp thank you very much for trying to reproduce the issue. Also thanks for the recommendation to use Authenticator - glad it's ready, I will try using it and most likely this issue will not exist when using the Authenticator. Will report. There are two lambda functions in this case: one to add user to group (too default Amplify-generated code) and a custom one to create a default user profile model and store it in dynamo DB. Or I should say it's one lambda function, but two modules, as implemented by the Amplify CLI. ps. just took a look at Authenticator and will wait until there is more documentation / examples for my specific use case (email-only sign-up), to evaluate it. |
|
Just tried the AWS CLI version 7.6.11 and this issue still stands - it is still the same issue with the new version. |
|
Just tried the Amplify CLI new version ( This issue still causes no user to be able to log in to my app. I see other issues that seem to indicate others may have the same problem, e.g. #1271 Also: I saw a similar problem with an Ionic/Angular version of the same app, so this may not be Flutter related - if I determine that, I will move this issue to |
|
Possibly related to this issue: aws-amplify/amplify-android#1635 |
|
Hi @dorontal I've invited you to the basic auth app with email only sign up setup with Authenticator. Could you see if running that locally still results in the same issue when calling |
|
If you don't have the issue in the basic auth app, I'd be curious to know if it works still after you swap in your own |
|
Hi @fjnoyp thanks for sharing this code! I just tried it and, interestingly, the same error / issue reported here showed up exactly in the same way: the Android logs of the running app in the VSCode console are saying I have a couple of things going on with my configuration that are non-standard, they may be the cause, I checked them:
I now believe that it is very possible that those steps 1-4 that were done for using attributes for access control may be what is causing the Amplify Authenticator (or my custom function calls) to fail in federating the token. If my setup for using attributes for access control has caused this, I cannot see the reason why or the connection to the issue, but by elimination -- this may be the reason -- it's the main difference between my version of your app, which doesn't work, and yours, which does work. I hope this helps. |
|
@fjnoyp finally found what is causing the issue: played around today with the various differences between my setup and the one in the sample app you've given me. I do several things in my setup that your test program doesn't and one of them always causes this issue to come up. It is the step where I add "attributes for access control" as described in this AWS article and as I do by following Step 2 here. When I add the attribute mapping cognitoId -> sub to set up attributes for access control, this issue comes up exactly as reported. When this mapping is removed, the issue disappears. To reproduce make the following changes in the AWS console, up to step 2, described here add that mapping to any app that uses email/password - and you'll see the issue come up. I also saw this behavior (this issue no longer an issue after you remove the attributes-for-access-control mapping) in an Angular version of the same app, so I don't think that this is Amplify-Flutter specific. I am not sure where the best place to put this issue with a new title like "Adding attributes for access control causes Cognito to fail to federate tokens and therefore makes sign-in impossible" - Amplify CLI? Once I figure out where to move this issue, if there's a better repository for it (amplify-cli?) I will move it. |
|
@fjnoyp so to summarize, you can reproduce the issue fully: just add attributes for access control to your existing app, as described in steps 1 & 2 here -- all you need is to create the single mapping However, I now realize that this issue is not really Flutter-specific, probably, right? I would like to re-open this issue in the right place, if this repository is not perfect for it, but I'm having a difficult time figuring out which repository to open it in: |
|
Hi @dorontal seems like a cli issue. Thank you for the very detailed context. I'll check it out and confirm if cli repo is where you should open the issue. |
|
Hi @fjnoyp - since it's been determined pretty clearly that this is a CLI issue, I opened this issue there in a more concise form. Closing this one for that reason. Thanks for all your help! Now moving this issue to |
Describe the bug
The Auth flow for this app is email & password sign-in / sign-up, with email only verification. When calling
await Amplify.Auth.signIn(...)from an app running on the Android simulator, the user never gets signed in! Instead, you see some Java errors in the debug console (they are pasted below) and even though the call tosignIn()returns an object with.isSignedIn == trueand.nextStep!.signInStep == 'DONE'the user never gets to be signed in -- that's at least true in the following sense: if you callawait getCurrentUser()right after theawait signIn()call it throws aSignedOutException; if you callawait Auth.fetchAuthSession()it returns a session whose.isSignedInisfalseand if you callawait Auth.fetchAuthSession(options: CognitoSessionOptions(getAWSCredentials: true))it throws aSessionExpiredExceptionas described in issue #441.[ This happens after an email-only
signUp()call with email-verification, made via the call]
I checked that
amplifyconfiguration.darthas been created correctly and that the relevant values for endpoints of the user pool and identity pool and identity-pool Id there match those on the AWS console - they all do. Here is the output of the Android simulator when running right after the call toAmplify.Auth.signIn():NOTE: This bug is showing up in code that used to work - the same code did not produce the bug in the past. Either something is wrong with the network infrastructure or perhaps it is related to an older version of the Amplify Flutter library - not sure, but the code definitely worked before with an older version of the Amplify Flutter libraries.
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
await Amplify.Auth.getCurrentUser()immediately after that and it will throw aSignedOutExceptionalso you'll see the above output in your debug consoleExpected behavior
Expected
getCurrentUser()to return a user object that allows us to get the sub and the email for that user.Platform
Amplify Flutter current supports iOS and Android. This issue is reproducible in (check all that apply):
Only tested in Android simulator.
Output of
flutter doctor -vDependencies (
pubspec.lock)Smartphone (please complete the following information):
Additional context
This problem did not exist before - I believe it was the same code but an older version of the Amplify libraries.
The text was updated successfully, but these errors were encountered: