Amplify.Auth.signIn() returns the following error on every even numbered call: "Missing required parameter ANSWER"

[ansonallard]

Describe the bug

I've implemented custom authentication to send an email or phone an OTP code. To request a code from the cloud, I call the signIn method with my username and a dummy password value.

However, if I want to request a new code, (say the user lost the code) I expected to be able to call signIn again to send my device the new code (before calling confirmSignIn). What actually happened was I got this error: invalidParameter ▿ service : 3 elements - .0 : "Missing required parameter ANSWER" - .1 : "Make sure that the parameters passed are valid" ▿ .2 : Optional<Error> - some : AmplifyPlugins.AWSCognitoAuthError.invalidParameter

What's odd is if I make the same signIn request again, with the same parameters, the request succeeds (every odd attempt is successful, every even is a failure).

Steps To Reproduce

Steps to reproduce the behavior:
1. Call the Amplify.Auth.signIn(username: username, password: "dummy password") in a persistent view controller.
2. In the same app session, call Amplify.Auth.signIn(username: username, password: "dummy password") again
4. See error

Expected behavior

I would expect all signIn call attempts to succeed, instead of every odd attempt.

Amplify Framework Version

1.13.3

Amplify Categories

Auth

Dependency manager

Cocoapods

Swift version

5.5

CLI version

5.1.0

Xcode version

13.0 (13A233)

Relevant log output

No response

Is this a regression? (i.e. was this working before a version upgrade)

Unknown

Device

iPhone XS

iOS Version

iOS 15

Specific to simulators

No response

Additional context

No response

[harsh62]

@ansonallard Is this still an issue?

[harsh62]

Please re-open if this is still an issue. Closing the issue due to inactivity.

[ansonallard]

@harsh62 Unfortunately, I'm no longer working on that project, so I'm unable to access the source code to test. As of December 2021, this was still an active and unresolved issue that we had to work around.

[gurpreet-ganger]

@harsh62 i am also facing the same issue

[SwapnilDhotre]

I have a workaround for this issue. This occurs to me when Sign In API is hit but further verification of the account is not completed and the user is trying to hit sign in again. At that time I just call the sign-out method and after that sign-in again.

[royjit]

This seems to be a bug due to the way AWSMobileClient is designed, the issue happens because we check for an existing custom auth flow confirmation -

https://github.com/aws-amplify/aws-sdk-ios/blob/7987c4989e230eeba1cf13aa6a526fd3d233c3bf/AWSAuthSDK/Sources/AWSMobileClient/AWSMobileClientOperations/AWSMobileClient%2BSignIn.swift#L51

This logic is required to handle token expiration during custom auth. Like @SwapnilDhotre mentioned we could do the workaround to signOut before calling signIn again. We will update this ticket when we have a better fix.

[harsh62]

This issue has been tackled in Amplify 2.x. Can you please try to update to the latest version of Amplify and validate if its still an issue.

[daveharig]

@harsh62 @royjit @thisisabhash

2.x solves this issue but introduces new one with custom auth flow.

_ = Amplify.Auth.confirmSignIn(challengeResponse: response) keeps attempting to confirm with the same code over and over until it gets a .servce error from the define auth challenge lambda. If a user enters the wrong code, there is no way to get that feedback.

The logs show AWSCognitoIdentityProviderService.RespondToAuthChallenge as many times as your event.request.session.length