When I try to authenticateUser I get
Error: Unable to verify secret hash for client <CLIENT_ID_HERE>
Whats wrong? My code below:
import {
Config,
CognitoIdentityCredentials
} from "aws-sdk"
import {
CognitoUserPool,
CognitoUserAttribute,
AuthenticationDetails,
CognitoUser
} from "amazon-cognito-identity-js"
Config.region = "ap-northeast-2"
var userpool = new CognitoUserPool({
UserPoolId: "ap-northeast-2_QosOiWMkd",
ClientId: "1bd6s9mv98bo2lucen2vesbqls"
})
var userData = {
Username: "[email protected]",
Pool: userpool
}
var authData = new AuthenticationDetails({
Username: "[email protected]",
Password: "P@$$w0rd"
})
var cognitoUser = new CognitoUser(userData)
cognitoUser.authenticateUser(authData, {
onSuccess: function (result) {
console.log("authenticated with", result)
},
onFailure: function (err) {
console.error(err)
}
})
On AWS, Client secret is already disabled
When I try to authenticateUser I get
Error: Unable to verify secret hash for client <CLIENT_ID_HERE>
Whats wrong? My code below:
import {
Config,
CognitoIdentityCredentials
} from "aws-sdk"
import {
CognitoUserPool,
CognitoUserAttribute,
AuthenticationDetails,
CognitoUser
} from "amazon-cognito-identity-js"
Config.region = "ap-northeast-2"
var userpool = new CognitoUserPool({
UserPoolId: "ap-northeast-2_QosOiWMkd",
ClientId: "1bd6s9mv98bo2lucen2vesbqls"
})
var userData = {
Username: "[email protected]",
Pool: userpool
}
var authData = new AuthenticationDetails({
Username: "[email protected]",
Password: "P@$$w0rd"
})
var cognitoUser = new CognitoUser(userData)
cognitoUser.authenticateUser(authData, {
onSuccess: function (result) {
console.log("authenticated with", result)
},
onFailure: function (err) {
console.error(err)
}
})
On AWS, Client secret is already disabled
Share Improve this question asked Apr 27, 2017 at 13:33 Jiew MengJiew Meng 88.2k191 gold badges523 silver badges832 bronze badges2 Answers
Reset to default 16The Amazon Cognito Identity SDK for JavaScript does not support Apps with client secret. This is stated in the SDK documentation:
When creating the App, the generate client secret box must be unchecked because the JavaScript SDK doesn't support apps that have a client secret.
It looks like you are going to have to re-configure your app.
The solution is to pass secret_hash along with the adminAuthInitiate Request. And to calculate the secret hash you can use the following method:
public static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
SecretKeySpec signingKey = new SecretKeySpec(
userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
HMAC_SHA256_ALGORITHM);
try {
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
mac.update(userName.getBytes(StandardCharsets.UTF_8));
byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(rawHmac);
} catch (Exception e) {
throw new RuntimeException("Error while calculating ");
}
}
How to Pass Secret_Hash
Map<String, String> authParams = new HashMap<>(2);
authParams.put("USERNAME", <username>);
authParams.put("PASSWORD", <password>);
authParams.put("SECRET_HASH", calculateSecretHash(cognitoClientId, cognitoClientSecret, <username>));
AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
.withClientId(userPool.getClientId()).withUserPoolId(userPool.getUserPoolId())
.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(authParams);
AdminInitiateAuthResult result = cognito.adminInitiateAuth(authRequest);
auth = result.getAuthenticationResult();