amazon-cognito-identity-js icon indicating copy to clipboard operation
amazon-cognito-identity-js copied to clipboard

Published 20 hours ago verified publisher icon amazon-archives

Invalid username and password unless I use Debug JS Remotely

Open dmongit opened this issue 7 years ago • 12 comments

I'm able to register users, confirm users, etc, so I know I'm communicating with cognito. And, the user can log in but only if (on a Expo react-native app) debug js remotely is turned on. If debug JS remotely is off, the code appears to bog down in BigInteger and eventually returns a "invalid username or password" after about 30 seconds.

I've used several different variations of amazon-cognito-identity from other samples on git. The code is just about the same except for some references and BigInteger is different. I've tried every version of BigInteger that I've found.

In the bnpFromString and bnToString functions, in BigInteger, I put a console.log as the first line. I put in a console.log inside of each (b == ) condition (in both functions). The first console.log will write out quick then nothing while the code is bogged down. Before I get the "incorrect user name and password" error, I see a bunch of different calls to those two functions and all of my console.logs inside the if statement write out at once (about 4 of them).

Any help would be appreciated. Thanks!

dmongit avatar Jul 24 '17 17:07 dmongit

we recently released a sample that demonstrates how to use native bridges to use Cognito User Pools in a react native app @ https://github.com/awslabs/aws-sdk-react-native. This should speed up the login.

itrestian avatar Jul 24 '17 17:07 itrestian

@itrestian, Thank you for the response!

That looks like I'd have to detach Expo and that isn't what I want. It also looks like I'll wait for the aws-sdk-react-native to be released. At that point, will the Android (mostly, Android) bugs be resolved? Or will I still have to detach from Expo? Should I just hurry up and wait? Any workarounds?

iOS is also a little slow as is, taking 8-10 seconds, but at least it's not displaying "incorrect username" to the user after a minute like on Android.

dmongit avatar Jul 24 '17 18:07 dmongit

Have you tried this: https://github.com/aws/amazon-cognito-identity-js/issues/340

itrestian avatar Jul 24 '17 18:07 itrestian

@itrestian Yes, I have. I tried that a couple of days ago. I took the files from src and have them in my project, like https://github.com/torrens/react-native-aws-cognito-expo has it. I'm using the UI from that link, too. Before I used the code from #340 on its own. I'm actually not sure what point I had iOS working though bc I've been testing with Android.

dmongit avatar Jul 24 '17 18:07 dmongit

Yes, there are no bugs as to say in the implementation but mostly that the modpow function was taking a long while to finish. Those particular implementations use native bridges for the secure remote password implementation.

itrestian avatar Jul 27 '17 23:07 itrestian

The problem with the native bridge is that when you follow the Getting Started instructions for React Native, the create-react-native-app tool creates a new app using the Expo.io tools/framework. But, there is no way to link in custom native implementation while using Expo.

jderose9 avatar Jul 28 '17 15:07 jderose9

Got it.

itrestian avatar Jul 28 '17 22:07 itrestian

Do you think there is a solution for people that use amazon-congnito-identity-js with Expo? Are the upcoming enhancements on your end going to improve the performance of modpow? Perhaps the aws-sdk for react native will resolve this?

dmongit avatar Jul 31 '17 15:07 dmongit

In general, we have recommended building native bridges for hybrid platforms. The modpow we use is part of the JSBN library that uses Montgomery reduction which performs quite well compared to other well known implementations https://github.com/bitwiseshiftleft/sjcl/issues/172

One thing to note is that even with improvements to modpow, there are still going to be older and slower devices that will be slow when running big integer math in javascript.

itrestian avatar Jul 31 '17 23:07 itrestian

Not really sure what to do at this point then. I've tried on a new Android device to make sure that isn't an issue with older devices. The only thing I have not tried is turning off dev mode while using a newer Android device. But, limiting my user base isn't an option either. I can't be the first one to need Expo and need to log in with amazon-cognito-identity-js.

Are there other not-as-secure solutions that could be implemented that don't require such a performance draw on Androids?

dmongit avatar Aug 03 '17 17:08 dmongit

This one: https://github.com/AirLabsTeam/react-native-aws-cognito-js is working like a charm. It's doing (only) the big integer math on the native side.

maartenvandillen avatar Sep 29 '17 13:09 maartenvandillen

@maartenvandillen That one won't work with Expo.io since react-native link can't be used.

jderose9 avatar Sep 29 '17 14:09 jderose9