LambdAuth
LambdAuth copied to clipboard
danilop
User gets created in the DynamoDB table, but still says "User not created"
So I 'm very new to all this. This is exactly what I was looking for though.
After managing to set it all up. When I then surf to the bucket url and attempt to sign in it comes back with "User not created.". If I look in the DynamoDB table I can see that the user I attempted to Sign Up with is all saved in there. But if I then try to log in with it, it says Can't log in. So something is not working. I presume it's some sort of permission problem, although, not sure why it then does indeed manage to save the user record in the db.
Is there any log to read somewhere with errors?
I'm very new to AWS coming from Parse, so any guidance is much welcome.
Hi, you can look at two logs:
- the JavaScript console from the web browser
- the Lambda function log on CloudWatch Logs, from the AWS Lambda web console you have a direct link to the log of the function
Let me know if you manage to solve.
On Fri, Feb 5, 2016 at 9:06 AM, Niklas Alvaeus [email protected] wrote:
So I 'm very new to all this. This is exactly what I was looking for though.
After managing to set it all up. When I then surf to the bucket url and attempt to sign in it comes back with "User not created.". If I look in the DynamoDB table I can see that the user I attempted to Sign Up with is all saved in there. But if I then try to log in with it, it says Can't log in. So something is not working. I presume it's some sort of permission problem, although, not sure why it then does indeed manage to save the user record in the db.
Is there any log to read somewhere with errors?
I'm very new to AWS coming from Parse, so any guidance is much welcome.
— Reply to this email directly or view it on GitHub https://github.com/danilop/LambdAuth/issues/28.
Ok, many thanks. I found the Lambda logs. Error seems to be "Error in sendVerificationEmail: MessageRejected: Email address is not verified."
Although I did verify the email... Maybe it takes some time...
I also see some warning about: INSUFFICIENT_DATA User-WriteCapacityUnitsLimit-BasicAlarm
On another note, I noticed that since I was running the bash script a few times (before I had realised to set all permission for my user) that it did create a new Cognito pool with the same name every time, not sure if setting up all those Cognito pools with the same name somehow confused things. I was trying to tie this in to an existing pool I had, but the script seems to create anew pool with the same name.
Hello,
I am also experiencing this issue. Here is a copy of my log output:
START RequestId: bf5aebc2-ccb2-11e5-a275-9d8f417eeda5 Version: $LATEST
2016-02-06T09:19:40.367Z bf5aebc2-ccb2-11e5-a275-9d8f417eeda5 TypeError: Not a buffer
at pbkdf2 (crypto.js:601:20)
at Object.exports.pbkdf2 (crypto.js:587:10)
at Object.ondone (/var/task/index.js:25:11)
END RequestId: bf5aebc2-ccb2-11e5-a275-9d8f417eeda5
REPORT RequestId: bf5aebc2-ccb2-11e5-a275-9d8f417eeda5 Duration: 78.62 ms Billed Duration: 100 ms Memory Size: 128 MB Max Memory Used: 33 MB
Process exited before completing request
Looking at the crypto documentation (https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback) it seems that there may be a parameter missing in the lambda call ('sha512') - however, adding this in results in the same error.
So just to close this one off. I now got this working... I deleted all resources and set it up again. I then got the error "Email address is not verified" although I had verified the email address turns out you also need to verify the domain with a TXT record in the DNS.
I'm now able to create a user and log in.
I also deleted all resources and set up again and it works. Also, remember to ensure that your SES is out of the sandbox, otherwise emails will not send.
I want users to use gmail id's / yahoo id's in this authentication page. How to make these domains verified in SES?
Above comments about "sandbox" status are correct; early testing/pilot status limits your SES outgoing addresses (used for each new user signup verification) to a list of pre-verified addresses (to restrain abuse or runaway errors).
You can pre-verify any needed pilot user address starting with AWS console, as seen for example (Virginia region) at: https://console.aws.amazon.com/ses/home?region=us-east-1#verified-senders-email ("Verify a new email address"). This pushes a verification email to that address; when received and link inside is opened, AWS SES sandbox will consider it verified for your limited outgoing traffic.
After you demonstrate preparedness for a certain limited outgoing volume, your SES sending instance will be able to send to user addresses that have not been pre-verified.
The instructions for opening these limits are at: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html
I am able to send mails from SES but to only verified domain address. I am not able to send to emails from other domains.
Correct, as planned your SES "outgoing email addressee list" is limited for safety while your SES service remains in the sandbox nursery. That's not a domain limit, it is a user-by-user email address limit (such as [email protected]). To bypass SES pre-verification for each outgoing email address, read info and instructions in the SES developer guide, then submit the request for less-limited production access to AWS. Meanwhile, use email addresses within any domain in SES sandbox, by adding it to your sandbox with "Verify a new email address" button in AWS console.
Thanks Tom, for the information. I created a case with AWS to get SES out of sandbox.