Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DeviceKey is empty after logging in again after remembering device #2609

Closed
1 task done
DutchPixels opened this issue Oct 17, 2023 · 2 comments · Fixed by #2614
Closed
1 task done

DeviceKey is empty after logging in again after remembering device #2609

DutchPixels opened this issue Oct 17, 2023 · 2 comments · Fixed by #2614
Assignees
@gpanshu
Labels
auth Related to the Auth category/plugins bug Something isn't working

Comments

@DutchPixels
Copy link

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication

Gradle script dependencies

// Put output below this line
amplify = "2.14.0"
amplify = { module = "com.github.stkent:amplify", version.ref = "github-amplify" }
amplify-aws-api = { module = "com.amplifyframework:aws-api", version.ref = "amplify" }
amplify-aws-auth = { module = "com.amplifyframework:aws-auth-cognito", version.ref = "amplify" }
amplify-core = { module = "com.amplifyframework:core-kotlin", version.ref = "amplify" }

Environment information

# Put output below this line
------------------------------------------------------------
Gradle 8.1.1
------------------------------------------------------------

Build time:   2023-04-21 12:31:26 UTC
Revision:     1cf537a851c635c364a4214885f8b9798051175b

Kotlin:       1.8.10
Groovy:       3.0.15
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          17.0.8.1 (Amazon.com Inc. 17.0.8.1+8-LTS)
OS:           Mac OS X 14.0 aarch64

Please include any relevant guides or documentation you're referencing

https://docs.amplify.aws/lib/auth/device_features/q/platform/android/#terminology

Describe the bug

Each time we login we're getting a new deviceKey even though the user should be remembered after entering the MFA code. In the console the device tracking is set to "always remember".
It seems to be caused by the key at which the deviceKey is being saved as, when using the debugger, the data is still available after logging in again.

When looking at the AWSCognitoAuthCredentialStore this can be validated, saving the deviceKey (available in the dashboard as well) is used with a key like this (in the saveDeviceMetadata method):

amplify.us-east-1_x4Z4E1i2Z.f9663a13-13db-40b1-bb7d-85d653915a67.deviceMetadata

How the key is being generated is fine, however the crucial part is the username in the middle: f9663a13-13db-40b1-bb7d-85d653915a67.
After logging out and logging in again the device metadata is being retrieved using this key:

[email protected]

As you could see, the first one is using some kind of backend user ID and the second one is using the actual username the user filled in.
The interesting part is when using the key from above (with the backend user ID) the device metadata can be successfully retrieved when having a breakpoint in the retrieveDeviceMetadata method in AWSCognitoAuthCredentialStore.kt.

With the iOS SDK this is working fine, we also double checked the authenticationFlowType which all seem to be matching the documentation.

Reproduction steps (if applicable)

  1. Login
  2. Enter MFA credentials (see that the deviceKey is being saved)
  3. Logout
  4. Login again (see the PASSWORD VERIFIER challenge HTTP call, the DEVICE_KEY is empty, also the breakpoint from the description above is triggered with the actual users username)
  5. Enter MFA credentials (this should be skipped already)

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

Screenshot 2023-10-17 at 09 12 09

As shown this is the retrieveDeviceMetadata function, the username is in this case the actual email of the user. The first line in the normal debug window shows getting the metadata like it does now. It returns null.

The window on top is showing getting the metadata with using the backend user ID, this returns deviceMetadata with the deviceKey which probably should be used to skip the MFA flow.
@gpanshu gpanshu self-assigned this Oct 17, 2023
@gpanshu gpanshu added the auth Related to the Auth category/plugins label Oct 17, 2023
@gpanshu gpanshu removed their assignment Oct 17, 2023
@tylerjroach tylerjroach added the bug Something isn't working label Oct 17, 2023
@tylerjroach
Copy link
Member

Thank you for the detailed report! Someone on our team will be taking a look.

@gpanshu gpanshu mentioned this issue Oct 23, 2023
Merged
6 tasks
@gpanshu gpanshu self-assigned this Oct 23, 2023
@gpanshu gpanshu linked a pull request Oct 23, 2023 that will close this issue
fix(auth): Fix for when alias is used to sign in and deviceKey is stored with the entered username instead of retrieved username #2614
Merged
6 tasks
@github-actions
Copy link
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gpanshu gpanshu

Labels
auth Related to the Auth category/plugins bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@tylerjroach @DutchPixels @gpanshu