Showing Passoword in the place of Email

[VivekS98]

Before creating a new issue, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have tried disabling all browser extensions or using a different browser
• [X] I have tried deleting the node_modules folder and reinstalling my dependencies
• [X] I have read the guide for submitting bug reports.

On which framework/platform are you having an issue?

React

Which UI component?

Authenticator

How is your app built?

NextJS

What browsers are you seeing the problem on?

Firefox

Which region are you seeing the problem in?

India (Banglore)

Please describe your bug.

After Signin, a verification step is shown, where instead of email or username it shows password which should never happen. If we are using username for Signup, then it should use another way to verify, but not show the passoword directly.

What's the expected behaviour?

If the Auth happens via username, then in the verification step, it must ask for email or phone number for verification. Or there must be a way to disable the verification step.

Help us reproduce the bug!

Try signing up and signing in through the Amplify UI. After a successful singnin, it shows a verification step where it shows password instead of the email.

Code Snippet

import React from 'react';
import { Amplify } from 'aws-amplify';

import { Authenticator } from '@aws-amplify/ui-react';
import '@aws-amplify/ui-react/styles.css';

import awsExports from './aws-exports';
Amplify.configure(awsExports);

export default function App() {
  return (
    <Authenticator>
      {({ signOut, user }) => (
        <main>
          <h1>Hello {user.username}</h1>
          <button onClick={signOut}>Sign out</button>
        </main>
      )}
    </Authenticator>
  );
}

Console log output

Additional information and screenshots

No response

[esauerbo]

@VivekS98 I wasn't able to reproduce this with @aws-amplify/[email protected] (latest). What version are you using? Can you also provide your amplify configuration (minus any sensitive information)?

[esauerbo]

@VivekS98 are you still experiencing this issue?

[VivekS98]

@esauerbo yes. With the same configuration

[esauerbo]

Can you provide the information from my earlier comment? We haven't been able to reproduce this.

[VivekS98]

Can you please mention which configuration exactly you need?

[esauerbo]

@VivekS98 whatever you're calling Amplify.configure with, which looks like aws-exports in your case. And can you tell us what version of @aws-amplify/ui-react are you using? Your package.json may also be helpful.

[VivekS98]

Here is the aws-exports

const awsmobile: any = {
  aws_project_region: awsExports.APP_AWS_REGION,
  aws_cognito_identity_pool_id: awsExports.APP_IDENTITY_POOL_ID,
  aws_cognito_region: awsExports.APP_AWS_REGION,
  aws_user_pools_id: awsExports.APP_USER_POOL_ID,
  aws_user_pools_web_client_id: awsExports.APP_USER_POOL_WEB_CLIENT_ID,
};

export default awsmobile;

package.json

"@aws-amplify/ui-react": "^6.1.12",
"aws-amplify": "^6.3.8"

[thaddmt]

Is the string that's being returned censored? Like in the screenshot I have posted below?

I tried copying your aws-exports and your sample code and I was not able to reproduce returning a password from the sign up.

I also tried using the useAuthenticator hook to print out the unverifiedUserAttributes to print out the values, could you try doing that and let us know if password is being printed there? You can try using an app similar to my example posted below.

The following should wrap your application in an AuthenticatorProvider and will use the useAuthenticator hook so you can inspect the values as you go through the auth flow

function App() {
  const { unverifiedUserAttributes } = useAuthenticator((context) => [context.unverifiedUserAttributes]);
  console.log(JSON.stringify(unverifiedUserAttributes));
  return (
    <Authenticator>
      {({ signOut, user }) => (
        <main>
          <h1>Hello {user.username}</h1>
          <button onClick={signOut}>Sign out</button>
        </main>
      )}
    </Authenticator>
  );
}

export default function ProviderWrappedApp() {
  return (
    <Authenticator.Provider>
      <App />
    </Authenticator.Provider>
  );
}

[reesscot]

Hi @VivekS98, are you still experiencing this issue?

[VivekS98]

Yes

[VivekS98]

What happened is this: I was sent an invite which I used to sign up and create a password. It's that created password which is showing up as email.

[esauerbo]

@VivekS98 can you please respond to @thaddmt's comment? https://github.com/aws-amplify/amplify-ui/issues/5363#issuecomment-2248550565 It would be helpful to know whether your password shows up in unverifiedUserAttributes.

[cwomack]

@VivekS98, wanted to follow up on this issue and see if you're still blocked. Let us know if you're still in need of assistance on this, and please review the comment above to address the question there! Thanks.

[VivekS98]

Hey @cwomack. Thanks for your patience. We had undergone a thorough testing and found out that this was happening since we removed email from mandatry. Maybe this is a configuration issue from our end. I edited the email myself after we created a user management UI in our product. As the co-operation with required people isn't happening (I don't have access to Cognito yet), it's better to close this issue. Thanks.

[cwomack]

@VivekS98, glad to hear you're unblocked and appreciate the follow up response. We'll close out the issue then, thanks!