amplify-js icon indicating copy to clipboard operation
amplify-js copied to clipboard
verified publisher icon aws-amplify

InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when user not found in pool

Open saharJ95 opened this issue 1 year ago • 3 comments

Before opening, please confirm:

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

# Put output below this line

Production

Describe the bug

Using Cognito User Pool

Getting InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when the user doesnot exisit in pool or deleted

Expected behavior

Response should be User not Found with defined code

Reproduction steps

login with non exsisting users

Code Snippet

image

Log output

image

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

saharJ95 avatar May 09 '24 12:05 saharJ95

Hello, @saharJ95 👋 and sorry to hear you're running into this. We may need a little more information on the steps you took to set up Auth to determine why this error is happening. Are you trying to use a custom lambda to send back a message when a user is not in the user pool? Can you share the lambda code, which of the Auth lambdas are causing this, and a little more context there? Also, if you log in with an existing user is everything working just fine?

cwomack avatar May 09 '24 19:05 cwomack

Hi @cwomack , I am not using any custom code/lambda What I am doing is..

  1. Configure aws
  2. Import signIn from aws-amplify/auth
  3. Calling with required Attributes

Existing users work fine, I am trying to catch the exceptions although if the useremail or password is incorrect I am getting the correct response from Cognito APIs But in the UserNotFound exception, it returns InvalidLambdaResponseException image

saharJ95 avatar May 09 '24 19:05 saharJ95

hello @saharJ95 . Could you please provide the following information:

  1. Steps you took to configure amplify, did you use the CLI, gen2 or manually created resources ?
  2. your amplify configuration refraining from adding any sensitive values.
  3. Are you getting any errors when calling the signIn API with an existing user ?
  4. What do you see when you go to Cognito Console -> User pools -> -> User pool properties -> Lambda triggers
  5. network call request when getting this specific error.

This will help us to determine the root cause of the issue. Usually the InvalidResponseLambdaException is thrown when the userpool has a lambda trigger that is missconfigured.

israx avatar May 09 '24 22:05 israx

Hi @israx ,

  1. Created an identity pool and imported amplify config to my existing project.

image

  1. As I mentioned, the Existing user sign works fine, wrong password exception works fine. Issue is when the email is incorrect or the user doesn't exist

image image

image image image

Furthermore, I am getting this exception after migrating to amplify v6

saharJ95 avatar May 10 '24 06:05 saharJ95

Hello @saharJ95 . Thank you for providing all the feedback. I see you have set a pre authentication lambda trigger which can be used to perform extra validation before authenticating a user. So based on the lambda docs we have that

Note This Lambda trigger doesn't activate when a user doesn't exist, or already has an existing session in your user pool. If the PreventUserExistenceErrors setting of a user pool app client is set to ENABLED, then the Lambda trigger will activate.

So the reason you are getting the InvalidLambdaResponseException error is because your user pool has activated the PreventUserExistenceErrors setting. This setting can be located at Cognito console -> user pools -> -> App integration -> App client list -> -> App client information -> edit -> Prevent user existence errors.

In order to solve your issue you could do the following:

  1. Disable the Prevent user existence errors setting - NOT RECOMMENDED
  2. Edit your Pre authentication lambda and throw an specific error - RECOMMENDED

I highly recommend not disabling the Prevent user existence errors setting. This will help you to prevent user enumeration errors.

israx avatar May 10 '24 14:05 israx

Hi @israx , Thank you for your quick response. I fixed the pre auth lambda with the proper exception and it works fine .

Thanks :)

saharJ95 avatar May 11 '24 20:05 saharJ95