Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong error message when user provides correct credentials after too many incorrect attempts #92

Closed
sasaar opened this issue Sep 13, 2024 · 6 comments
Closed

Wrong error message when user provides correct credentials after too many incorrect attempts #92

sasaar opened this issue Sep 13, 2024 · 6 comments
Labels
feature-request New feature or request

Comments

@sasaar
Copy link

sasaar commented Sep 13, 2024

Description:
This is more feature request than bug, but after user has entered wrong credentials on login several times and then provides correct credentials, localised message for .notAuthorized is returned:

if case .notAuthorized(_, _, _) = error {
    return "authenticator.authError.incorrectCredentials".localized()
}

AuthenticatorBaseState still seems to know the exact reason:
Screenshot 2024-08-23 at 14 36 36

Would it be possible to get own localized message for login error when password attempts are exceeded?
@github-actions github-actions bot added pending-triage Issue is pending triage pending-maintainer-response Issue is pending response from an Amplify team member labels Sep 13, 2024
@ruisebas
Copy link
Member

ruisebas commented Sep 13, 2024
edited
Loading

Hi @sasaar , thanks for opening this issue.

Unfortunately Cognito returns a NotAuthorizedException error both when the credentials are incorrect and when the attempts have been exceeded. Because of that, we don't have a reliable way of differentiating them either, since the "Password attempts exceeded" string you see is also directly coming from the service and might change without notice.

I'll tag this as a feature request and we'll discuss if there's any alternative we can offer.
Thanks!

@ruisebas ruisebas added the feature-request New feature or request label Sep 13, 2024
@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Sep 13, 2024
@ruisebas ruisebas removed the pending-triage Issue is pending triage label Sep 13, 2024
@sasaar
Copy link
Author

sasaar commented Sep 16, 2024

Thanks for the prompt reply.

@github-actions github-actions bot added the pending-maintainer-response Issue is pending response from an Amplify team member label Sep 16, 2024
@ruisebas
Copy link
Member

We've released version 1.1.7 that now lets you use the errorMap(_:) view modifier to provide a new message only for the error you wish to overwrite; if you return nil then the Authenticator will handle it as usual.

For example, this would achieve what you wish:

Authenticator { _ in 
    // ....
}
.errorMap { error in
    // Return custom message when password attempts are exceeded
    if case .notAuthorized(let description, _, _) = error, description == "Password attempts exceeded" {
        return .error(message: "[Your custom message]")
    }

    // Let the Authenticator handle all remaining errors
    return nil
}

However, as I said earlier, keep in mind that the description string is coming directly from the Cognito service and that it might change.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Sep 16, 2024
@sasaar
Copy link
Author

sasaar commented Sep 17, 2024

Many thanks. We will try this (version 1.1.7) asap.

@github-actions github-actions bot added the pending-maintainer-response Issue is pending response from an Amplify team member label Sep 17, 2024
@ruisebas ruisebas removed the pending-maintainer-response Issue is pending response from an Amplify team member label Sep 17, 2024
@ruisebas ruisebas mentioned this issue Sep 20, 2024
Merged
@ruisebas
Copy link
Member

Hi @sasaar, we've decided to handle this particular scenario within the Authenticator. It's been released in version 1.1.8.

You can still use the errorMap(_:) function to provide custom error messages, but now the Authenticator should already show a different error message when the passwords attempts are exceeded.

I'm closing this feature request as completed. Feel free to reopen it or create another issue if something's not working as expected.
Thanks!

@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ruisebas @sasaar