There is an issue where if Cognito presents the user with an authorization challenge, such as "NEW_PASSWORD_REQUIRED", the user will not be fully authenticated but the application incorrectly believes a user is logged in until it is reloaded/refreshed.
Problem starts here (auth.service.ts line 34):
public signIn(email, password): Observable<any> {
return fromPromise(Auth.signIn(email, password))
.pipe(
tap(() => this.loggedIn.next(true))
);
}
If there is a challenge like "NEW_PASSWORD_REQUIRED", loggedIn is still set to true even though the authentication process has not completed.
Then, here (login.component.ts line 31):
onSubmitLogin(value: any) {
const email = value.email, password = value.password;
this.auth.signIn(email, password)
.subscribe(
result => {
this.router.navigate(['/']);
},
error => {
console.log(error);
});
}
When onSubmitLogin gets the result from the auth service signIn function, there is no error, so the login component also continues on as though the user authentication was successful.
This is particularly critical when building a site with Cognito user pools where there is no open registration and/or admins create users manually. All new Cognito users created manually will encounter a NEW_PASSWORD_REQUIRED challenge upon attempting to authenticate.
Here is a suggestion...
My auth service signIn function:
public signIn(email, password): Observable<any> {
return fromPromise(Auth.signIn(email, password)).pipe(
tap((result) => {
if(result.constructor.name === "CognitoUser") {
this.loggedIn.next(true);
}
else {
//Rise to the challenge
}
}, (error) => {
//Handle any errors.
})
);
}
And my login component onSubmit:
onSubmitLogin(value: any) {
const email = value.email, password = value.password;
this.auth.signIn(email, password)
.subscribe(
result => {
if(result.constructor.name === "CognitoUser") {
this.messenger.add("Congrats! You've been authenticated", "success");
}
else {
//Rise to the challenge
}
},
error => {
console.log(error);
});
}
When a result is received without error, it now checks to ensure there is a CognitoUser returned. If not, then code can be implemented to deal with challenge scenarios.
There is an issue where if Cognito presents the user with an authorization challenge, such as "NEW_PASSWORD_REQUIRED", the user will not be fully authenticated but the application incorrectly believes a user is logged in until it is reloaded/refreshed.
Problem starts here (auth.service.ts line 34):
If there is a challenge like "NEW_PASSWORD_REQUIRED", loggedIn is still set to true even though the authentication process has not completed.
Then, here (login.component.ts line 31):
When onSubmitLogin gets the result from the auth service signIn function, there is no error, so the login component also continues on as though the user authentication was successful.
This is particularly critical when building a site with Cognito user pools where there is no open registration and/or admins create users manually. All new Cognito users created manually will encounter a NEW_PASSWORD_REQUIRED challenge upon attempting to authenticate.
Here is a suggestion...
My auth service signIn function:
And my login component onSubmit:
When a result is received without error, it now checks to ensure there is a CognitoUser returned. If not, then code can be implemented to deal with challenge scenarios.