CODEWITHSUNDEEP
amazon-web-servicesaws-lambdaamazon-cognito
RHauck
RHauck

Reputation: 271

Cognito passwordless solution sends code multiple times

I have successfully implemented these instructions from AWS (https://aws.amazon.com/de/blogs/mobile/implementing-passwordless-email-authentication-with-amazon-cognito/), but as soon as I execute the signIn function via aws-amplify, it often takes up to 7 seconds and I receive 3 emails with different codes. The reason for this is that the event createAuthChallenge executes the respective lambda function 3 times, which generates and sends the respective code. This only happens if I do not login/register for a certain time (~10 minutes). I thought that this might be because the function is cold and tried to keep it warm by setting "Provisioned Concurrency" in the lambda functions

to 1 and additionally(!) tried to warm up the functions by executing them every 5 minutes via cloudwatch. I don't know what else I should do.

Thx!

Upvotes: 2

Views: 528

Answers (2)

perpil
perpil

Reputation: 1584

You get 5 seconds for the lambda to complete, otherwise it retries. Cold starts and the blocking call to send the email via SES is what is eating all of those 5 seconds. You can make the call to SES asynchronous by writing the code, email address, timestamp and other necessary details to the log instead with some fixed prefix like SEND_EMAIL. Since this is sensitive data, you should encode the data into some format like json, encrypt it and base64 encode it before writing it to the log. Then you can attach a Cloudwatch subscription filter to the lambda log to route the log lines with SEND_EMAIL to a lambda to decrypt and decode the details and send the actual email via SES. This allows you to take longer than 5 seconds to send the email and workaround the timeouts.

Upvotes: 0

TDDdev
TDDdev

Reputation: 1539

We had followed a different post to setup our custom auth flow, but had the same issue with 3 codes being sent out.

In that post it has the CreateAuthChallenge lambda start with

exports.handler = async (event) => {
    const crypto = require('crypto')
    const aws = require('aws-sdk')
...
}

We have been able to stop sending 3 verification codes by moving those requires outside of the handler method.

const crypto = require('crypto')
const aws = require('aws-sdk')
  
exports.handler = async (event) => {
...
}

My guess is that trying to read the entire aws-sdk inside of the function was the cause of the slowness and because this lambda took longer than the cognito system allows for, it ended up getting called multiple times and eventually did complete, thus causing the extra verification codes.

I did not see the same issue from the link you posted, but it would worth reviewing the specific code you have and check if its trying to bring in a package that needs to be handled differently.

Upvotes: 1

Related Questions