I am trying to make a custom authentication flow using AWS Cognito so that i can send MFA codes via email instead through the cognito triggers. I am using the initiateAuth() method to do this which is correct according to the documentation;

.html .html#initiateAuth-property

My payload seems to be valid but when i try login with a user i get the error 't.getauthparameters is not a function'

I've had a look through some other stackoverflow posts but nothing is helping

Any ideas what is going wrong?

This is a snippet from my code below:

const payload = {
          AuthFlow: 'CUSTOM_AUTH',
          ClientId: 'my client id', 
          AuthParameters: {
             USERNAME: $('input[name=username]').val(),
             PASSWORD: $('input[name=password]').val(),
             CHALLENGE_NAME: 'SRP_A'
          }
        };
        
        cognitoUser.initiateAuth(payload, {
            onSuccess: function(result) {
                // User authentication was successful
            },
            onFailure: function(err) {
                // User authentication was not successful
            },
            customChallenge: function(challengeParameters) {
                // User authentication depends on challenge response
                var verificationCode = prompt('Please input OTP code' ,'');
                cognitoUser.sendCustomChallengeAnswer(verificationCode, this);
            },
        });

I am trying to make a custom authentication flow using AWS Cognito so that i can send MFA codes via email instead through the cognito triggers. I am using the initiateAuth() method to do this which is correct according to the documentation;

https://docs.aws.amazon./cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html https://docs.aws.amazon./AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#initiateAuth-property

My payload seems to be valid but when i try login with a user i get the error 't.getauthparameters is not a function'

I've had a look through some other stackoverflow posts but nothing is helping

Any ideas what is going wrong?

This is a snippet from my code below:

const payload = {
          AuthFlow: 'CUSTOM_AUTH',
          ClientId: 'my client id', 
          AuthParameters: {
             USERNAME: $('input[name=username]').val(),
             PASSWORD: $('input[name=password]').val(),
             CHALLENGE_NAME: 'SRP_A'
          }
        };
        
        cognitoUser.initiateAuth(payload, {
            onSuccess: function(result) {
                // User authentication was successful
            },
            onFailure: function(err) {
                // User authentication was not successful
            },
            customChallenge: function(challengeParameters) {
                // User authentication depends on challenge response
                var verificationCode = prompt('Please input OTP code' ,'');
                cognitoUser.sendCustomChallengeAnswer(verificationCode, this);
            },
        });

• javascript
• amazon-web-services
• frontend
• amazon-cognito
• amazon-cognito-triggers

3 Answers 3

So i ended up finding out that initiateAuth() is not the correct method to use.

The right method to use is cognitoUser.authenticateUser() (since i am using SRP-based authentication then adding a custom challenge) - My updated code is below

This was a similar example that i followed to help me find the answer

I couldnt find very much online for doing it with just the Amazon Cognito Identity SDK so hopefully this is helpful for anyone doing the same!

AWSCognito.config.region = 'region';
        
        var poolData = {
            UserPoolId : 'user pool id', 
            ClientId : 'client id' 
        };
        var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);
        
        var userData = {
            Username: $('input[name=username]').val(),
            Pool: userPool,
        };
        var authenticationData = {
            Username : $('input[name=username]').val(),
            Password : $('input[name=password]').val(),
        };

        var authenticationDetails = new AmazonCognitoIdentity.AuthenticationDetails(authenticationData);
        var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
        
        cognitoUser.setAuthenticationFlowType('CUSTOM_AUTH');
        
        cognitoUser.authenticateUser(authenticationDetails, {
            onSuccess: function(result) {
                console.log('success');
                var resultStr = 'Login Successful';
                console.log(resultStr);
                $('#resultsSignIn').html(resultStr);
            },
            onFailure: function(err) {
                alert(err);
            },
            customChallenge: function(challengeParameters) {
                // User authentication depends on challenge response
                var verificationCode = prompt('Please input OTP code' ,'');
                cognitoUser.sendCustomChallengeAnswer(verificationCode, this);
            },
        });
        
        return false;`

A downside to the authenticateUser() method is that you won't be able to get user's input mid-execution during the authenticateUser workflow (i.e, having to use prompts in the callbacks for customchallenge etc). I believe initiateAuth() would solve this issue.

https://docs.aws.amazon./cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html

Long time back, I encountered the same issue and discovered a solution that worked. Instead of using the regular initiateAuth, I made the switch to adminInitiateAuth. This admin method allows you to initiate authentication on behalf of the user.

Here's the code snippet:

customChallenge: async () => {
  try {
    const data = await identityProvider.adminInitiateAuth(initiateAuthParams);
    resolve({ challengeName: data.ChallengeName });
  } catch (err) {
    reject(err);
  }
};