CODEWITHSUNDEEP
javascriptnode.jsamazon-web-servicesaws-lambdaamazon-cognito
Ramya
Ramya

Reputation: 47

Cognito - adminRespondToAuthChallenge returns Invalid session for the user

Step 1: I created a customer and then initiated an Authorization challenge through adminInitiateAuth(), which triggers Create_auth_challenge in Cognito.

Step 2: The user receives an OTP which gets returned to Cognito through adminRespondToAuthChallenge().

Step 3: The first time all works fine. example request/response below below

{
    "username": "bf2e77f6-c5ec-4644-8f52-2076fa1d4e5a",
    "answer": "1725",
    "session": "xxxxxxxx..."
}

Response example:

{
    "ChallengeParameters": {},
    "AuthenticationResult": {
        "AccessToken": "xxxx..",
        "ExpiresIn": 3600,
        "TokenType": "Bearer",
        "RefreshToken": "ccccc...",
        "IdToken": "mmmm.."
    }
}

Step 4: If I restart from step 1 then step 2 fails consistently for the next 3 times.

Request sent to adminRespondToAuthChallenge() with the new session id.

{
    "username": "bf2e77f6-c5ec-4644-8f52-2076fa1d4e5a",
    "answer": "1725",
    "session": "xxxxxxxx..." 
}

Response:

{
    "message": "Invalid session for the user.",
    "code": "NotAuthorizedException",
    "time": "2020-12-17T19:06:05.449Z",
    "requestId": "dbe83978-25b4-4b6b-ac4a-696b1a16c71d",
    "statusCode": 400,
    "retryable": false,
    "retryDelay": 24.18704505654443
}

Step 5: Lastly, the fifth attempt consistently works normally again.

This behaviour manifests itself regardless of the delay between each attempt.

Can you please help me understand what is happening?

Upvotes: 2

Views: 3786

Answers (1)

Ramya
Ramya

Reputation: 47

I removed the callback and used the response. :) Hope this helps.

I changed my code from

const result = cognitoidentityserviceprovider.adminRespondToAuthChallenge(payload,
    async (err, data) => {
      if (err) {
        log.info('Init auth Response', {
          err
        });
        return err;
      } else {
        log.info('Init auth Response', {
          data
        });
        return data;
      }
    });

to

  const result = cognitoidentityserviceprovider.adminRespondToAuthChallenge(payload);
log.info('Init auth Response', {
    result
  });

Upvotes: 2

Related Questions