aws-amplify
Android confirmSignIn erroring with "Value at 'session' failed to satisfy constraint: Member must have length less than or equal to 8192"
Before opening, please confirm:
- [x] I have searched for duplicate or closed issues and discussions.
- [x] I have read the guide for submitting bug reports.
- [x] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React Native
Amplify APIs
Authentication
Amplify Version
v6
Amplify Categories
auth
Backend
Amplify CLI
Environment information
# Put output below this line
System:
OS: macOS 15.3.2
CPU: (8) arm64 Apple M1 Pro
Memory: 150.92 MB / 16.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 20.10.0 - /usr/local/bin/node
npm: 10.2.3 - /usr/local/bin/npm
Watchman: 2025.03.03.00 - /opt/homebrew/bin/watchman
Browsers:
Brave Browser: 136.1.78.94
Chrome: 136.0.7103.114
Safari: 18.3.1
npmPackages:
@aws-amplify/react-native: ^1.1.10 => 1.1.10
@aws-amplify/rtn-push-notification: ^1.1.1 => 1.2.35
@babel/core: ^7.25.2 => 7.27.3
@babel/preset-env: ^7.25.3 => 7.27.2
@babel/runtime: ^7.25.0 => 7.27.3
@expo/react-native-action-sheet: ^4.0.1 => 4.1.1
@expo/vector-icons: ^14.0.0 => 14.1.0
@google-cloud/recaptcha-enterprise-react-native: 18.7.0-beta01 => 18.7.0-beta01
@react-native-async-storage/async-storage: 1.23.1 => 1.23.1
@react-native-community/cli: 15.0.1 => 15.0.1
@react-native-community/cli-platform-android: 15.0.1 => 15.0.1
@react-native-community/cli-platform-ios: 15.0.1 => 15.0.1
@react-native-community/netinfo: 11.4.1 => 11.4.1
@react-native-masked-view/masked-view: 0.3.2 => 0.3.2
@react-native/babel-preset: 0.77.1 => 0.77.1 (0.76.7, 0.76.9)
@react-native/eslint-config: 0.77.1 => 0.77.1
@react-native/metro-config: 0.77.1 => 0.77.1
@react-native/typescript-config: 0.77.1 => 0.77.1
@react-navigation/bottom-tabs: ^7.3.3 => 7.3.13
@react-navigation/material-top-tabs: ^7.2.3 => 7.2.13
@react-navigation/native: ^7.0.19 => 7.1.9
@react-navigation/native-stack: ^7.3.3 => 7.3.13
@react-navigation/stack: ^7.2.3 => 7.3.2
@reduxjs/toolkit: ^1.9.5 => 1.9.7
@reduxjs/toolkit-query: 1.0.0
@reduxjs/toolkit-query-react: 1.0.0
@rnmapbox/maps: ^10.1.38 => 10.1.39
@tsconfig/react-native: ^3.0.0 => 3.0.5
@turf/helpers: ^7.2.0 => 7.2.0 (6.5.0)
@types/jest: ^29.5.13 => 29.5.14
@types/lodash: ^4.17.16 => 4.17.17
@types/qrcode: ^1.5.5 => 1.5.5
@types/react: ^18.2.6 => 18.3.23
@types/react-test-renderer: ^18.0.0 => 18.3.1
@types/uuid: ^10.0.0 => 10.0.0 (9.0.8)
ContextAPIMixpanel: 0.0.1
MixpanelDemo: 0.0.1
SimpleMixpanel: 0.0.1
aws-amplify: ^6.15.0 => 6.15.0
aws-amplify/adapter-core: undefined ()
aws-amplify/adapter-core/internals: undefined ()
aws-amplify/analytics: undefined ()
aws-amplify/analytics/kinesis: undefined ()
aws-amplify/analytics/kinesis-firehose: undefined ()
aws-amplify/analytics/personalize: undefined ()
aws-amplify/analytics/pinpoint: undefined ()
aws-amplify/api: undefined ()
aws-amplify/api/internals: undefined ()
aws-amplify/api/server: undefined ()
aws-amplify/auth: undefined ()
aws-amplify/auth/cognito: undefined ()
aws-amplify/auth/cognito/server: undefined ()
aws-amplify/auth/enable-oauth-listener: undefined ()
aws-amplify/auth/server: undefined ()
aws-amplify/data: undefined ()
aws-amplify/data/server: undefined ()
aws-amplify/datastore: undefined ()
aws-amplify/in-app-messaging: undefined ()
aws-amplify/in-app-messaging/pinpoint: undefined ()
aws-amplify/push-notifications: undefined ()
aws-amplify/push-notifications/pinpoint: undefined ()
aws-amplify/storage: undefined ()
aws-amplify/storage/s3: undefined ()
aws-amplify/storage/s3/server: undefined ()
aws-amplify/storage/server: undefined ()
aws-amplify/utils: undefined ()
axios: ^1.9.0 => 1.9.0
babel-jest: ^29.6.3 => 29.7.0
eslint: ^8.19.0 => 8.57.1
expo: ^52.0.0 => 52.0.46
expo-camera: ~16.0.18 => 16.0.18
expo-clipboard: ~7.0.1 => 7.0.1
expo-constants: ~17.0.8 => 17.0.8
expo-haptics: ~14.0.1 => 14.0.1
expo-image: ~2.0.6 => 2.0.7
expo-image-manipulator: ~13.0.6 => 13.0.6
expo-location: ~18.0.8 => 18.0.10
expo-media-library: ~17.0.6 => 17.0.6
expo-notifications: ^0.29.14 => 0.29.14
expo-splash-screen: ~0.29.22 => 0.29.24
formik: ^2.4.2 => 2.4.6
geojson: ^0.5.0 => 0.5.0
jest: ^29.6.3 => 29.7.0
libphonenumber-js: ^1.11.4 => 1.12.8
libphonenumber-js/build: undefined ()
libphonenumber-js/core: undefined ()
libphonenumber-js/max: undefined ()
libphonenumber-js/max/metadata: undefined ()
libphonenumber-js/min: undefined ()
libphonenumber-js/min/metadata: undefined ()
libphonenumber-js/mobile: undefined ()
libphonenumber-js/mobile/examples: undefined ()
libphonenumber-js/mobile/metadata: undefined ()
lottie-react-native: 7.1.0 => 7.1.0
metro-react-native-babel-preset: ^0.76.9 => 0.76.9
mixpanel-react-native: ^2.3.1 => 2.4.1
moment: ^2.29.4 => 2.30.1
prettier: 2.8.8 => 2.8.8
react: 18.3.1 => 18.3.1 (17.0.2)
react-native: 0.76.7 => 0.76.7
react-native-compressor: ^1.11.0 => 1.11.0
react-native-draggable-flatlist: ^4.0.1 => 4.0.3
react-native-gesture-handler: ~2.20.2 => 2.20.2
react-native-get-random-values: ~1.11.0 => 1.11.0
react-native-image-crop-picker: ^0.40.0 => 0.40.3
react-native-linear-gradient: ^2.7.3 => 2.8.3
react-native-maps: 1.18.0 => 1.18.0
react-native-pager-view: ^6.7.0 => 6.8.1
react-native-phone-number-input: ^2.1.0 => 2.1.0
react-native-qrcode-styled: ^0.3.3 => 0.3.3
react-native-reanimated: ~3.16.1 => 3.16.7
react-native-safe-area-context: 4.12.0 => 4.12.0
react-native-screens: ~4.4.0 => 4.4.0
react-native-skeleton-placeholder: ^5.2.4 => 5.2.4
react-native-svg: 15.8.0 => 15.8.0
react-native-tab-view: ^3.5.2 => 3.5.2 (4.1.0)
react-native-url-polyfill: ^1.3.0 => 1.3.0 (2.0.0)
react-redux: ^8.0.7 => 8.1.3
react-test-renderer: 18.3.1 => 18.3.1
typescript: 5.0.4 => 5.0.4
uuid: ^10.0.0 => 10.0.0 (9.0.1, 8.3.2, 7.0.3)
yup: ^1.2.0 => 1.6.1
npmGlobalPackages:
corepack: 0.22.0
ios-deploy: 1.12.2
npm: 10.2.3
typescript: 5.5.3
Describe the bug
Calling confirmSignIn on Android returns regardless of the size of the challengeResponse put in:
Value at 'session' failed to satisfy constraint: Member must have length less than or equal to 8192
This is not an issue on iOS, only Android. Previously when I was still using Auth.sendCustomChallengeAnswer', I could log the User object I passed in and the session` field for the User object was indeed larger than 8192 in length. This was not the case with iOS.
Expected behavior
Should call confirmSignIn successfully.
Reproduction steps
On an Android device.
- Call signIn
- Call confirmSignIn
Code Snippet
Log output
// Put your logs below this line
[InvalidParameterException: 1 validation error detected: Value at 'session' failed to satisfy constraint: Member must have length less than or equal to 8192]
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
Hi @kevinxu3, thanks for reporting. We'll try reproducing this and get back to you once we have more information.
Thanks!
Hi @kevinxu3 I haven't been able to reproduce this issue. And I get the expected successful sign in. Can you share some code snippets of how you are making the calls? Also can you confirm which confirmSignIn method you are using (EMAIL, SMS, TOTP)?
Also my testing was done with the following versions
"dependencies": {
"@aws-amplify/react-native": "^1.1.10",
"aws-amplify": "^6.15.0",
"expo": "~53.0.9",
"react": "19.0.0",
"react-dom": "19.0.0",
"react-native": "^0.79.2",
}
I am using a physical device if that makes a difference. Sometimes it does work which is strange but for the most part it does not. When I log signInOutput I see CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE. This also seems to be a new occurrence since I first noticed it consistently when Google Play was denying my app because they weren't able to sign in.
// Attempt sign in
const signInOutput = await signIn({
username: phoneNumber,
options: {
authFlowType: "CUSTOM_WITHOUT_SRP",
},
});
console.log(signInOutput);
// Send verification code
await confirmSignIn({ challengeResponse: token });
I'm using the below versions that are different. The other packages are the same. I do not have react-dom
"expo": "^52.0.0",
"react": "18.3.1",
"react-native": "0.76.7",
It looks like this session token is constructed by Amplify not Cognito is that correct? It looks like it might be based off of the userAgent which could explain why this is happening on my android device and not ios. I can't seem to find where we create the session token so I can't confirm if it does use the userAgent.
https://github.com/aws-amplify/amplify-js/blob/936c0f79f061a14b239695f3aa2222d4fb9ac028/packages/auth/src/providers/cognito/utils/signInHelpers.ts#L478
Hi any updates on this? This is big blocker for us since Android devices can't sign in consistently.
I checked the userAgent and it's a short string like aws-amplify/6.15.0 auth/4 framework/202. I also logged the response from await initiateAuth and the Session token in response is 8420 in length. It seems to be consistently that length.
@kevinxu3 thank you for the updates, I'm still investigating this and will provide some updates soon. Do you mind sharing the full payload of the logged response? You can obfuscate any sensitive values and replace them with place holder values
Sure. I included the Session token since I assume this is safe to share.
{"$metadata": {"attempts": 1, "cfId": undefined, "extendedRequestId": undefined, "httpStatusCode": 200, "requestId": "b4eefcca-1054-4c1b-8466-9c2d06fd4552"}, "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeParameters": {"USERNAME": "<--REDACTED-->"}, "Session": "AYABeLOv5GmGzQX9O0HtLR3TU4wAHQABAAdTZXJ2aWNlABBDb2duaXRvVXNlclBvb2xzAAEAB2F3cy1rbXMAS2Fybjphd3M6a21zOnVzLWVhc3QtMTo3NDU2MjM0Njc1NTU6a2V5L2IxNTVhZmNhLWJmMjktNGVlZC1hZmQ4LWE5ZTA5MzY1M2RiZQC4AQIBAHhR9E4zNbI1ofi3Y01_Ljgh2wK-ZaC__bKufjbgmejy4gHQnFuiNYXr4u06x1f_MIBmAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMBwRxu84Sptza2Um7AgEQgDvD8r9yO6hy0o5OCpd1XvysRhvIGl8wqO1kaWCPneBZ11HV1D4TaN7APd1CA7UBq-6nShKj7Vjni47A2QIAAAAADAAAEAAAAAAAAAAAAAAAAADEC7VX-7KPO7zIfDW0-ekiAAAAAQAAAAAAAAAAAAAAASJpTBywyujY6sxs_8lEexfAb-K63w-mE8QpfJLZhqHu3nc2w949n_lDBmz28k7zfz5_gDscxwmPI9k_3F4BM_wYVM3jP2jUdG83_qxAKIXd75ZEqVC_A0oDjXRBYQ6KugjaSAIfPloXh0G8_5lRGSQ4k6lbTack9WKkoFKmX5V3n7DrF-mDVt3D2gBkPNZAKOj6f_jzpXWMRyt53lv8DbO30xeD2UWcj6yNWNG7xnrdQzzI4C7oYfwLA6Jn8dTL86xhlHbz6M_v7VGwngsyRvd7WJ2UZ33HZfHuidUPfI9tosfHHv-G6CNqR--ZM1_NoMxZMjfCaVM7-AY7VyrFTuLUE2TcTc3aEhQ_HBymkUUxyjvpcp1GG9K__LvUP3Mb35idFWTktkBjOgPImeZCmzsLDrrNr46DZYKuU-0bBg1b52JHvXLPYB1wlKYpNi17IBwFrt9RwuaeEFH2JhNeUVkr1D2qiQ2HZXoUUbHfrUrNReOpr1TQvdQB1-IdT75RSpSbxAj7zgtareqinDopPOgysvMfU76kiPfW1F5r6CVPA981TsKR8nD5UWvw92uO1LT96q4620YXF1cOjFd1rbaDQU0PGTF7fWGmwFkdVupCRq0ohWX7AtkfG9K-2cumh12ueKumDOGh8uV36ZzBFEjJ1rKXjWXEERf03BbGSPCryn8ZhBaGZQlX3NktNTyqR09Fkuv4XXwPaBWgH4YpriX8BS4S2Hm188JjOCmLZZvR5ek0dAUDaJCewXrmIhQTmyu3pbm13H4fCPSXbsGebDONjKQ3-umJlwY3nZRoyB32cS07_TtR6Mg2ybb08XidbotNgTPtB53qdR3o24DqC7MTdu0fCV-QBpydAm9KX8llxK4fFnm0NcXm6E_6YALpKITomdHLHb67dK334R8ZC4Fd2YKT0yIAzcKYODOd_0rlDQjq3N6fv2CVb4Hvq3jPmYgETBA2CuecAPsSyTko4AlPsu3HZzr1H9gmm0P7dU4daufglMfGdcKRChekkPQ4MVacmdIVMD8EqKtb2GatYAHUEO-MMR5cfvs1N6Fb2Zy0vL79CUyic39K8kVqexa5QPHdbJUnOh8nbPQuc9ruAQfelVUtoY_QQR01dl3yUhkAmkvgriBMxcgz3Nd597aeIWQKwu3e8YGyp4Sm9pNFnehN71SPiRfkyFkrkPEV9GL1AHR4O6Ossla8QXy5bxvQbY4XkeeKj1dy99aB8CYhLavq7ZH8e3w_CtwxRu6tiu-lNRvY8T1U50qWEIO5_hhqkTTcNFbFB5K_oyzBRKONlNcpQzczexjp7Wl3RLtKWyyclWAlX_AOj8UHBuqfCO1v63PDFtawHem_TlrHzr51HrTVXHdTxNlgSfHSs9159_RjHsGvRMK9LOOwUmN-qvRdjtisAUio2DoaTqvcy__grlZv5TNB_2hOQUutFdet77fstNJQWWwa64w5MoVmJSBfOgD5_q26fI9rAhLH9voxj7HBOmtfjjljqrC9PkY7CATIUcHNxd7yjuF24IwTI28LGs_SRZE4WBF3x4tpyTUYG7GWygrnKxKm6nwEArubZSPgMava86Tbo4l27ghYarvodG0RVwczdLPItcFFLWrmMWiA1PCrPlDdoy-3pyImQGONF7ub7Csu5dAl7DydNJHkQhA8bEuOZxdh_BT8V8iIGw8CeLLpVaOwSdxIC1I7L5X4kJxBia8A9WLQZsJXLx7iJ1ucDffRCROtgTYPXRRaYQhlzsOlNYfZ2UGOg6PBMyRTkDQRUZrgcLtGRSP9GEtzXmNcItOCPw2dKXxflC90apbgqyTAwNwDrt8n_TXWW_qAM1BaylqIGJhLbtjKyYZmcAA3VOTXyXnTTMcUc1d9zRkj8pYxcIZZxWirCtVI0jHDpIxwNotbRGbOTKQTdiTFaONLd2goJnucdNXkxTTII4hcvkZlnHRC5sIeCPBGlKokwDRLSmJ8IQrOQMzva2iveP7lL_TG4UGLXubGP0OmM15UOXrufmIHvVhj2kuEpJvn3ytJNfuisTYttvQgRsUjjfqgBIS1NEeA44XonUlYUUvRxYS-zQZNV5L3o9hFl9HX4KgAgVvq2V26IpKeTVU0vFo3MiL63j16SFcHOmjWqHC-EEzpbZrek41rtzqZU1mFep_0LR-FxJKteiguGK3EqeJdC7R5GR4MqJvZLHKQDzc4VEOJZGR6LFgjuUHXxMAWFkYKL78k7mOw1Ybc9R9RP0vOGfMhZ1Ol6-a58udu5uNqluB_IbdkfQ95y5pTb_lpvh3EDagbw1aRL-ygfo0ayV91pEo0TO_hVYLP78Uph0Xguf-hVkFCm3pDBN9ievbJA6MfDgUAajD7ltBLv81j0IaNfPVJACq2_MPluIDpqxc0LOdLzLiyYuMOevc3lH5Ej_nL0SjHDv1Q18F_HK57qT_lkt-7i1BmAYlkcz_SGNgg1i_Om5tNUAHzk_GK7C-Dr9xlYvcuG2w3NVj0WhtnJgjYomivNSMLs7dqYiBhQSnvR5IvHLdhFjLeCBbZQUpgGQWziMBpuFMd9BYEXPLzpIgU-966mHBHOAaK3-NVn40R6HbmWopuXiNGnzAU6LFrAI4QWwfzeS-xnBD2W8S7lcHUvp2KrdREdQFdU0EpCwE-nnXL2o8SFiNTypiCj9__5zyekNlpDhbnjr2z_HHedJvgH2J7maeU3j8As0570O0B7_6Hg8aqDUgh-evF765ccn_095QTqhAnoq4G3u47fT9OkgXyUgPNP95EULDhzsoyR9PGCSR7NZY1fHlOYyN4q8f_V5T5NkptdfYKkaN_SJJ1xA93Ap-76i4Gc6xXMWikYRWttV1ZfW8Sxx70sIAjx2vkSyiJyo1BY-b2IsASHQq6Tnd1L7H93c6kh_bk_xX-a0uvPecZS3cuh3hNEMd6D5VMV1MaCqUT0cJlCU_Z46BCRF06qVaDOBJgH8ECG3DtP_1qaDgkcR767TDr6zORv_zQmWQeelwlP9H3oc8GWBQPiyFOl_YPkN5ZwnNYcRFyBldn0gHv7UXP0fuwImV9wCHr7yLsFurJJRKXlz3z4kUCN5S9f83Vlbv20kovETJ0eo7oPsqnbT14_q7DjwvwKGl3pG8eL4cuIQIJdjeRcoRru7ecckwnUCkWhD6zSEknCdcizBCh05G5faR13Sy4wMFjrAjgvOkdrHthr4VpdG59seGMyRMIudzU3-cU_eNIelyEVdFfNKC36xzr7cyGDipGamA0jTPtuPNmpbGBHUozBN5thofi8foyZSDo02OQlU_Dc2pJVQ9V-ElLmgVDLkg1B_4oHGEN4gOSdhafq4JiC76k2fvtTrNYqT_C06JPcCqDaL0RhXqYhx0eVgJpZVXbvvLO2cNMiZV4DUesTStZxn4QyS2NBimhnEecHc95QwoQ5dNepXT_irfHHKsKqavw7vPm6giVYEmJx-BYRFBxlnchDXvwK504I29MaOHXGZMyyTTb6ipSv8EowUsS9Rsw8dNv2ROnmFJvWfXoxKKjO75SnfcCeAD4L2kda6eRYp6PHtIYdxz5ppz8AKzZ9xmWbSuQdg2828BS5EKn7O9QYXztqRSIlptg5FdaGJ-5mQupNm0yRMjgf4B4h0jiKgHBid4uj58MfZXjU-kS4hM0jit19VmWFRVaTC2mrLR2GzfVarI6uV2uX5Bxf9Rzby2YkQJwZW73v6qfdLQuhfOnd3Q0wqdu1ZmVRTGle-BBEdi8mxn9OctbDGRTuVLVFDiSTztwXVqAguuuH1tYVL0sWRdrPdlP-C9KrciIvxllFRSE-nPrCkEl7bi3vQcaodmwKQhzASXu6_PY3kbX1hhb9Exw8N22I-OetrBJyFZWz1O32ZsmA9h567fdvAmOaOTGfL2VzKYl6e1mCqDZH5exenZT9O3LEUxVZCdv6utV4lq4UTyak4N_MJAflMwDypR2BiFWrlORKFNj8ohZtJxot15quxzrAV74ej30q3YVXyZgBtsTKDSG_VUQKGk049yxnK0gv-C87SADpVjtKUx455QOAYLQXjuUxFZDWEpbvMAvOKJKQR_fTaj7DATXIGFIKwLgA6IS7HzTm-gDLk3JqK0wb_M-gtZpmk0KSU5ylL09OSHIbssgrC3nDG5fcYsqKuP2odBsVnhuO4OQke44ZsVCeEoN8qISw42N-vkMgt6l4b6FsPEqoC-Unr5NPJevxdlnL04C0XSMlPPseepMq8VAEedZO6xqV7w5A_dmx1b_AuklLXZJe9lrwBn_EmAqkaZ2G-Y45h6JQoLz1blx0TrDUm50CfZWNdOnpiwE9W6xY5Lu56fsFSxTlo_zQRzFqaSCWj_ogqxnJhedRNNkpMMOOn7k5TTWu6yBdDQ1_rSAlXeaxQFYoZZUjW9xtRtX9PkSMHeVC7OZcEzMZwwwtc4Lolay2zqCj_OuaM13Z1TN-LO--k9g_-CIblkyx9RjtgsEkxGLivfWqIO5L6HJapOa2ObuFx032ywHBPID6e1jXUrc2DQQYTyp7tx8rWup9hnF7JbDX_a_oPGN-ZPLWNo6YwqYDFipmkhg4a_2p7i5qxy1PQ_2FQkEQ72z-Jp_U37Q0bjhBXpTBDfcz_cDcA3Kil_lQwgvRraHarstXOn_i8UHeXQmYMW5KGpnBYV9ZvGB4vYodCTbRRbswju14PYLvAyEGWUqkvSCVhV96T7WeQ4DZQvPP85Zowo_7vFAHZaUEuFhXNWxX_RqjrAqPaMwI_bZYINeLHd8s_iPLfiH4_8tlEWkLT-u7EfDiR8BK5xKTs--MsDyaD1LJWbr_bI2QsBQUFjpUNT3fHFHlO_jPvpwiBa1pgh2qC_fUKc0d-knSj4Z8mCmkZunOlv8QQMJPQibie2n3dkPrhLRKX3eFJxCAD0BPu1frkkjcvsjdaN5WHojDLSb08zjGh5qt7gexvDRoHUfHVyLiRwke2_hC_cfw-1m2EDnQ079fJHBpmQVDghtAPk4dPU0WjuJa0n_2ZF7RCK9MDFVD69BuQrDkZ5Gwvhy-51vr7PLwbqzpBc1hghLy0b9MdJd4Tt1Ryt_1tLCwofALpHth-9qfN0lJxvEktUtBlvYXs25Ip8sHQcvqmqR1J8XZDcPVGbwVXOxLQxHLlSCpHqCz_nH5DLm447_aj4CDveBY8q4S7VVB2UHvv35MCXubCpDRr_isOgSBnP3HgHbJ9BjGA4Y35HLYgC1G85pq49WDoNASKKf6UJ7Ttt3MTJoLjtKtUCVmcma3CWvYxz9UtaxvM-Y7ezukgL_Z7cO0g6FCrKNHC12kGC539I5WBdJrwwGgGSldXUkaAIAaPyO9mRHEET2wlbgRlhdrr8eY_zFtxlSt5OUwyWF4riFzjXXgmtA--p2SI5Ptrw9cFCQny1UoKYphdQWze1pkfVIK0NMhpzivRNftaKxV1EW4Eg4hdHTOujTlsUp62fI0Yql34XhIxY7rW1zw3FKTdoLrEmXUFQv_____wAAAAIAAAAAAAAAAAAAAAIAAAb4M8Xbduz0fqKM0kMR-rqG0gos-KaDbRBhLkQZfUy9zhcksQX0KPuFUfCNnMo-JjrxD0RCZHKA8sNmV3DlnD_YxxykrS9YD4Rt9Bh2BaNPJbZQYTBL2NXYv-c17pmBrIklzUsSMz8Ppao0d1EdZkYIBvV4o5jaUqn4lqloHf9n0rA2zi9xZeGM6NJt86VH-RmxyOdzmCrTIONCG2r1STxcfLQmFZ3-0oMlArDlgqLgaeT9h1nyVE9omxezGzREmxEeVaOp-nbT3PzaRNR_Z-kplDREDng2SKk8OaZcvSuMSAJlkKYMH0nsmsclvJWISzKXiV1cbT8wEeZirUdoczNl4wqY0uEDUvA7Fk44QnqO32AjeceQ7ir93ocbbA81P3B4WAO3DgHX_i5aJofrptUFgtjDvCWnRKF-xwEXGSpaq0QkDYZ2kwDcIbBv7QZGBUSUlfMg62UM843hY0P_GdcTHVl7fZUzxmvVYowEAdzlgvtGwtYpvpHG8hOGmNtkUtu_9SgM9OhpChcKQsaHoD3hHQ3JpmOQnePir0Assw1YkXB8cFMZRr29dXWOIzNOR7qNjwJSYHIlbvZXCrkUcBVsPNr7QvaEYUaaavLKugdiGynMLt_W-IKxt7OwWW1msSvhr04_AubElSCfxYq0EAllr6kE67pRvCgSEMlgQqambkeZWo_e3pxZR5FoGHQCVeOpw_iHmRTayMHMSMPw7ChsgshsAIjFYjCUqfAcY-H8Lzly5r9k2Mt-K_y-1ZolV_2Xdy7k8cG27Jtq8AVmoXyXxKrp8bv9J4vXkOt8nkMIWL3wHevzzsfee2ycRvqiyHX0hAl2U68vmnrrBLBJ0URHI8eFt-h4JwgNo3jss5TB6CQ7Dl01illbEn56Y1MAEMV9z894H3iKvekdNvGKcG5lK2T4-OLGv9N3yo8WOcvIUcyi6vlD7M2rKVmhLUuN58mU8ajt0ISb5z8FrVI6-NeXDBPArYH49L7hzsrakcqmdC1pa7BDITaNqJEDhSZapiyMYTl2pY43pninPxqXdaIlqybftIf1BQi3hqpCrNIBlLGQbaEXcFlsx8ZdLZLgSpmBkMGo34jgt3JkcCCS_M24a-XUVlmBCHGjP1l9nQ3kUmoF-8NHHKIL7Ysj2az4HBTm3AuNw1gPdjGxdwP9PpCxVa6bY0e9TMjGkMAVhQETcT9zkRWdzrRtbhrVTsxmkS492pnbYEw3yTvVPQzKHZoImQGTktr16MVhTTVXc_exeApE_PdvWAUx0DMLM4UphYf_ySxiIZej_AkeNIdGovEnGCBVirjMWacaBw6u7HDGJOCqCMLcXGqwVI3k4S5T80ulmzXpMx1CgOCpDkHmOfGAWTPLc5njUL937pN1-xQoSCB8aNypP66Y6FSM3q0dcCQnm-WVm-Ta5tfvVXj2nK4A02pJxCg43MhblwZmZcJTGTs7VmHNvjZr1NNtARNetUSS0NaL5kQqqnVhh3BYWJVckBLqmpycAPunHnN4RbyV7AI_BWiFSEjdvKOI77qSFCBNbvHSbSP-t-DmZ37k35HPrJipBcmyRcHQa6pvCWhzOLhJ5RDr8ToWTUZy-PCpc0TGT7fAET5Qe3-Ankc0xiZWn0ZFMyZfGcuLe2NW7iTK01XLrTHehLaT1EAV3GFFYV6U-pKRPEhoWMPmmqzHHBMZ5WCw0ksA8mG4iJgyG9FqyyqXBQN96ylHgsOQ0Q8sof0Hr9CNmGZi4NDA25gM964flSFXMbq2woerSNX4sPDYnLU1tgeAz_6TOU1XhDCrjTw4OosN-6sDmwa_BZ078N_XnX4LQzxDyN0Eb10D4HmkFmE6YCO0Ext7DVjS9dG_1FR5Sc6gnZhcg05V5mQT5woz65quQugxywmlO1YCG-81Kz8XSyCzU8wv7gPHZtO4LVvuBLfyLCh6hL3kGpXrkZiPIzkUnnEhSQRUtXDm2IIkT6h7afVcwNvShLvH7XcR-9AEqILt5lQi8ckHYRPsKBP7uqIWERzRdtrQbZ76Jgfuc_C2-TGQvmYor6ThFQmvLmjsFWHWe4Kyzrb27E_QVRRWWN2xLJoXvH7Rl4ilXdylhTBht8sLGFBHLlmgf8gn-1q54dHb2iICnI1gURoG32IbSmHtykfv-g-Z72F2306jPqO0EdTSjkfBQlPy6k2Rr0UIW3ZO4i035EGad3lDdjgZ8XqKqtqSjB6zb-qAZZNDvJqGqg7PT_ZS94jXBjAgrkEy1OVHnNY56p7wksADvIAlujWLek0kM8PyK7Lx6STFyITslfsVh0GhkingSI9-kaz6NMqptG9o0a-5f1VB35I9AX0On8dFomuW0ngPXwqdeHf6RhpGwvgFPercp0XsQXQWXoDyaplHN326x-Sji3f2XyCcPoq92bxH"}
Thanks for sharing the additional info @kevinxu3 , from the looks of it, it looks like at least one of the custom auth challenges that you have is resulting in a session token that is larger than what is expected. To clarify, the Session is generated by Cognito, and is included in the response from Cognito if it is determined that the application needs to pass another challenge.
Can you explain a bit more about your custom auth flow, and some of the challenges that are included?
From my testing, my session length is between 900-1100k, and my challenges include
- PASSWORD_VERIFIER (session length is 946)
- CUSTOM_CHALLENGE 1 (session length is 998)
- CUSTOM_CHALLENGE 2 (session length is 1035)
Also it may be beneficial to inspect the network instead and evaluate the response payload, and also log the session object within the DefineAuth lambda
This is how i am calling signIn
await signIn({
username,
password,
options: {
authFlowType: "CUSTOM_WITH_SRP",
},
});
I'm using CUSTOM_WITHOUT_SRP. My auth flow does not require a password. It first expects a reCaptcha v3 token to verify the client is not a bot and then sends an SMS and the user needs to respond with the correct code.
How are you inspecting the network for react native? I've been trying to find a good way to do this. In my DefineAuth, the session field is an empty array. I compared the invocation events for DefineAuth and CreateAuth for a failed request and a working iOS request, and they are identical.
I was able to get it working when running on an Android emulator for Google Pixel. I'm using a physical device a Samsung Flip3 which isn't working. I'm wondering how the device impacts the session token since it seems to be different lengths depending on the device.
Also, the Google Play store has rejected updates due to this issue, so it's also happening on their end on their devices.
@kevinxu3 What is the challenge name after sign in when you see the issue?
const user = await Auth.signIn(username, password);
console.log(user.challengeName);
My signIn code looks like this:
const signInOutput = await signIn({
username: phoneNumber,
options: {
authFlowType: "CUSTOM_WITHOUT_SRP",
},
});
console.log(signInOutput);
This is the log output:
{
"isSignedIn": false,
"nextStep": {
"additionalInfo": {
"USERNAME": "<--REDACTED-->"
},
"signInStep": "CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE"
}
}
Hello @kevinxu3 , we are working on reproducing this issue. We will get back to you when we have an update.
Could you confirm that the reCaptcha v3 token and the SMS code are the only challenges presented? Also could you provide if there's any device remembering setting?
Yes those are the only changes. I don't believe I have any device remember settings. What would that look like?
Any updates on this? I'm still experiencing this issue and it's impact our android testing and releases.
Hi @kevinxu3 for reference, device rememberance steps are documented here but it more likely that you do not have this setup.
To continue investigating this, could you add a logging statement in your Define Auth lambda function that prints the contents of the session? You can access it as event.request.session as documented in the Cognito docs here and may need to JSON.stringify it.
This can help in confirming what the shape/size of the session looks like in Cognito and compare it to what we see on the client.
Device remembrance is not on. The Define Auth lambda does not have a event.request.session logged since it's the initial request with no session token yet. Create Auth lambda also does not have event.request.session. I believe the session token is created by the user pool after create auth lambda responds with challenge parameters + acceptable answer in the linked diagram. I'm not sure how to see the token before the client receives it, but I'm pretty sure the issue lies in how cognito user pools is creating the token in the challenges answered step in the diagram since respondToAuthChallenge step fails right after.
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html
This is definitely device specific since this is working on iPhone and an emulated Pixel device and not working on my physical Samsung Flip3, I'm guessing either:
- Cognito is generating an unexpectedly long session token for certain mobile devices
- My device is somehow receiving the token from cognito and interpreting it strangely to create an oversized token
The concern though is Google Play sometimes rejects updates because of this I'm guessing also because of the variation of devices they use to verify apps.
Hey @kevinxu3, thanks for providing additional information. We will try to reproduce the error on a Samsung device and will get back to you, once we have an update.
