cognitoUser.initiateAuth ignores the authentication flow setting

[imjustdavid]

Do you want to request a feature or report a bug?

Potential bug

What is the current behavior?

The function cognitoUser.initiateAuth() ignores the authentication flow setting. It always sends a request specifying a CUSTOM_AUTH flow. When used to implement a lamba user migration trigger as specified in https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-javascript-sdk-user-migration-lambda.html, it causes the lambda user migration not to be invoked, since Cognito is expecting a USER_PASSWORD_AUTH authentication flow.
This can be circumvented by using cognitoUser.authenticateUser() instead, that configures the request considering the authentication flow setting

[yuntuowang]

Hi @imjustdavid, there was a typo in our README.md user case 30. Now it is correct. Thanks!!

[Jun711]

Hi @yuntuowang, is it the same that lambda user migration can be triggered if I use aws-amplify Auth API ?

It seems that it is default to be 'USER_SRP_AUTH'?
https://github.com/aws/aws-amplify/blob/36acdc91b38c97f211d7eae4b9ff44ede88a05be/packages/aws-amplify/src/Auth/Auth.ts#L213

https://github.com/aws/aws-amplify/blob/fc8722ee79f5a691843901af3729be57dbadba0b/packages/amazon-cognito-identity-js/src/CognitoUser.js#L92

[yuntuowang]

Hi @Jun711, yes, the default flow type is 'USER_SRP_AUTH'. If you want to use the lambda user migration, you need to set flow type as 'USER_PASSWORD_AUTH'.

[Jun711]

thanks @yuntuowang
Will amplify library support the use of 'USER_PASSWORD_AUTH' flow as well in the near future?

[yuntuowang]

Hi @Jun711, we already supported it in amplify library. Please see the use case 30 in the README.md and use the newest version of SDK(v1.32.0).

[Jun711]

@yuntuowang
Right, it is available via amazon-cognito-identity-js.
What if I use the Auth from Amplify library instead of using amazon-cognito-identity-js within Amplify? If I can do it using Auth, could you please point me to the right documentation?
Auth doesn't seem to expose this function.
https://aws.github.io/aws-amplify/api/classes/authclass.html

[yuntuowang]

I see. Hi @mlabieniec, can you answer this question? @Jun711 wants to use the Auth from Amplify library instead of using amazon-cognito-identity-js within Amplify.

[mlabieniec]

@Jun711 are you using a framework i.e. React, Angular etc. Or similar? Or are you using vanilla javascript? If JavaScript, are you using ES2015+ with a transpiler i.e. Babel etc? Just trying to understand your environment so I can make the right recommendation.

Generally, you can check here which will support any JavaScript environment via APIs.

For React you can also use the HOCs.

[Jun711]

@mlabieniec I am using Angular to use migration trigger, it needs 'USER_PASSWORD_AUTH' flow type in authentication. However, this is not exposed via Auth, I think. What is the way around it?
the authenticateUser method can be modified take optional argument?

btw, @yuntuowang , how to import CognitoUser from amazon-cognito-identity-js within Amplify? Is it like the following?
import { CognitoUser } from 'aws-amplify';

[mlabieniec]

You can get the current user with Auth.currentAuthenticatedUser() method. I will look into exposing the password flow options as well here.

[Jun711]

I was trying to get the current user but I was trying to use amazon-cognito-identity-js within Amplify.
npm install --save amazon-cognito-identity-js
import { CognitoUserPool, CognitoUserAttribute, CognitoUser } from 'amazon-cognito-identity-js';
I guess I have do the above two things to use amazon-cognito-identity-js, right?

Regarding the password, probably something like and use an argument to decide whether to set USER_PASSWORD_AUTH flow will work ?

var user = new CognitoUser({
    Username: username,
    Pool: this.userPool
});
user.setAuthenticationFlowType('USER_PASSWORD_AUTH');

If it works, lambda user migration should be invoked via Auth.signIn method?

Can I use only Amplify library with its dependencies and be able to use Amazon Cognito? (as in without using amazon-cognito-identity-js)

[imjustdavid]

Thanks a lot @yuntuowang.
Closing the issue then.

[yuntuowang]

Hi @Jun711, you can import in this way:

import { CognitoUser } from 'aws-amplify/node_modules/amazon-cognito-identity-js/lib/';

About the second question, yes. you can follow Use case 30 in README.md.

[Jun711]

thanks @yuntuowang
I think I gonna do a pull request on amplify since I am using amplify for other function as well, I gonna stick with it instead of using cognito identity js directly. Do u recommend using cognito identity directly?
Yea, thanks for the use case 30.

[yuntuowang]

Hi @Jun711, I think using amplify is better for your use case. Sure, you can post a PR and we can review it. Thanks!

[Jun711]

@yuntuowang I am trying to do a pul request.
I wonder if there is any configuration that I need to do before I can run npm test.
I ran npm install in the root directory level; when I ran npm test, I got this error:

Cannot find module 'eslint-config-airbnb-base'
Referenced from: /Users/Jun/Projects/aws-amplify/packages/amazon-cognito-identity-js/.eslintrc.yaml
Error: Cannot find module 'eslint-config-airbnb-base'
Referenced from: /Users/Jun/Projects/aws-amplify/packages/amazon-cognito-identity-js/.eslintrc.yaml

And, there are 2 lock files. Should I run npm install or yarn? Thanks

[portenez]

I'm a bit confused about the conclusion of this ticket. Is there any way to tell Amplify to use USER_PASSWORD_AUTH? or the solution is to go back to amazon-cognito-identity-js? I'm trying to do this from within REACT

[brendan-lovepop]

⬆️ on this issue, it doesn't currently seem possible to direct amplify to use USER_PASSWORD_AUTH, which isn't ideal for users that are migrating away from an old system

[shawnlauzon]

There is a solution now, at least: you can set the authenticationFlowType in the AWS.Amplify configuration object.

See https://aws-amplify.github.io/amplify-js/api/interfaces/authoptions.html

[jarrettj]

Hi,

Good day.

Took me a while to figure this out. But I'm using angular and to set the flow I did the following in my app.component.ts:

import { Auth } from 'aws-amplify';
Auth.configure({
    authenticationFlowType: 'USER_PASSWORD_AUTH'
});

Hope that helps somebody else out there. (who's a noob like me:)

Regards.
Jarrett

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.