amplify-swift icon indicating copy to clipboard operation
amplify-swift copied to clipboard
verified publisher icon aws-amplify

[iOS] When trying to Merge Accounts causes "Already found an entry for username" exception

Open AdiPomelo opened this issue 3 years ago • 7 comments

Describe the bug

Description When using the following signInWithWebUI function to merge two accounts (OAuth and native cognito accounts), and allow users to use either options to signup, an exception is raised in the login flow, when the user initially creates their account. After the first sign up, the flow works as expected.

Amplify.Auth.signInWithWebUI(for: authProvider, presentationAnchor: window) { result in switch result { case .success: success?((AwsSignInRes(step: .done))) case .failure(let error): failure?(error.errorDescription, error) } } Getting this error for first time and second time automatically login without returning the error

There is issue already created in amplify flutter. https://github.com/aws-amplify/amplify-flutter/issues/1716

Exception: (AuthError: invalid_request: Already found an entry for username XXXXXXXXXXXXXXX=\nRecovery suggestion: Retry the webUi signIn\nCaused by:\nError Domain=com.amazon.cognito.AWSCognitoAuthErrorDomain Code=-3000 "(null)" UserInfo={error=invalid_request: Already found an entry for username XXXXXXXXXXXXXXXX= })

Steps To Reproduce

Trying to merge two social accounts(facebook, google) using the same email id.
1. try to SignIn with facebook using email id.
2. try to SignIn with google using the same email id.

Expected behavior

User must login to social accounts without returning the error for first time also.

Amplify Framework Version

1.28.0

Amplify Categories

Auth

Dependency manager

Cocoapods

Swift version

5.0

CLI version

9.2.1

Xcode version

13.4

Relevant log output

No response

Is this a regression?

No

Regression additional context

No response

Device

Iphone 13

iOS Version

15.5

Specific to simulators

Iphone 13 Pro Max

Additional context

No response

AdiPomelo avatar Aug 30 '22 03:08 AdiPomelo

Merging of social providers via Amplify iOS library is not supported. You might need to configure pre-signup lambda triggers and invoke AdminLinkProviderForUser.

royjit avatar Sep 02 '22 15:09 royjit

Merging of social providers via Amplify iOS library is not supported. You might need to configure pre-signup lambda triggers and invoke AdminLinkProviderForUser.

We have already implemented AdminLinkProviderForUser inside presignup trigger as per AWS documentation https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/admin-link-provider-for-user.html.

Additionally I think this is a very important functionality, if not supported by Amplify I don't think Amplify Authentication would be usable at all in production use case.

Is there any timeline on when we can expect this functionality perhaps, this is a major user experience disruption?

Seems like this issue is also prevalent on multiple platforms too:

https://github.com/aws-amplify/amplify-js/issues/9976 https://github.com/aws-amplify/amplify-flutter/issues/1716

daniel-g-pomelo avatar Sep 03 '22 11:09 daniel-g-pomelo

Hi @royjit could you help out on this issue. Facing the same issue on the android-sdk for amplify as well

rahulatpomelo avatar Sep 06 '22 11:09 rahulatpomelo

@daniel-g-pomelo I think you are in the right path, what is the error you are seeing when you invoke AdminLinkProviderForUser from the presignup lambda trigger?

royjit avatar Sep 07 '22 14:09 royjit

@royjit There is no error occurring from backend side, however the Amplify SDK itself returns AuthError: invalid_request: Already found an entry for username error message, its also worth noting that even though this error message is returned the account is merged in backend and no error is recorded in backend.

The main issue is how do we overcome the issue of users having to login again? having to show user consent screen twice and have them reenter their login credentials is not feasible for us as it affects UX.

daniel-g-pomelo avatar Sep 08 '22 03:09 daniel-g-pomelo

@royjit If possible we would like to collaborate with your team to understand this SDK limitation and come up with a solution together to resolve this issue, we are willing to dedicate some resources on working on this matter. If you can send us some contribution guides to get started will be great thanks.

daniel-g-pomelo avatar Sep 08 '22 03:09 daniel-g-pomelo

We welcome PR if you would like to update the SDK, the team will review it and merge them. But for this particular case it looks like the fix should come from Cognito, you can see detailed discussion in the Amplify Flutter repo regarding the same issue: https://github.com/aws-amplify/amplify-flutter/issues/1716#issuecomment-1197341004

royjit avatar Sep 12 '22 23:09 royjit

Cognito has recently resolved an issue with linking federated users to an existing user profile in Cognito User Pools. As a result, your Amplify application can now merge user identities from 3rd party social identity providers to a Cognito user in a user pool using the Pre sign-up Lambda trigger. You can use the AdminLinkProviderForUser API from Cognito to set up custom logic to determine how your user identities get merged. To learn more about the use of this feature, you can check out the following documentation pages.

  • API docs: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
  • Cognito guide: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html
  • Pre-sign up Lambda https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html

We will work on resources to share with you to explain how to integrate this feature into your Amplify app.

abdallahshaban557 avatar Apr 12 '23 16:04 abdallahshaban557