Unclear error message content in AmplifyExceptions

[vancefunraise]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.

Language and Async Model

Kotlin, RxJava

Amplify Categories

Authentication

Gradle script dependencies

// Put output below this line
implementation 'com.amplifyframework:aws-auth-cognito:2.15.2'
implementation 'com.amplifyframework:rxbindings:2.14.11'

Environment information

# Put output below this line

Welcome to Gradle 7.5!

Here are the highlights of this release:
 - Support for Java 18
 - Support for building with Groovy 4
 - Much more responsive continuous builds
 - Improved diagnostics for dependency resolution

For more details see https://docs.gradle.org/7.5/release-notes.html


------------------------------------------------------------
Gradle 7.5
------------------------------------------------------------

Build time:   2022-07-14 12:48:15 UTC
Revision:     c7db7b958189ad2b0c1472b6fe663e6d654a5103

Kotlin:       1.6.21
Groovy:       3.0.10
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          1.8.0_391 (Oracle Corporation 25.391-b13)
OS:           Mac OS X 13.6.1 x86_64

Please include any relevant guides or documentation you're referencing

No response

Describe the bug

Android app using cognito auth

I'm unsure of what error message I can propagate from Amplify to my user upon RxAmplify onError calls.

In the above example using RxAmplify.Auth.resetPassword(username) with a known unused username, we get an exception as expected. I could be missing something simple, but what is unclear to me, is which message should be shown to the user.

1. the root exception message "User not found in the system" is unacceptable as it reveals the state of underlying data
2. the recovery suggestion "Please enter correct username." is equally revealing of underlying data as Remove local.properties from the repository #1. Also, there are recoverySuggestion fields that are not as user-friendly as this one (example below is for RxAmplify.Auth.signIn(username, password))
   
3. the exception's cause same thing

Should we expect to use any of these error messages in the exception object universally (ie my class that wraps amplify Rx calls can always expect the cause to have the error message i want to display in the UI) or should we somehow be parsing these exception types and supplying our own error copy?

Reproduction steps (if applicable)

No response

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

[vincetran]

Hi @vancefunraise, thanks for your question. Let me double check with my team and will get back to you soon.

[vincetran]

So the intention of the exception message is for you, the developer, to use it to determine what to do. You can use it to for metrics or logs but it's not best to show them to the user (for one thing, the string isn't localized!). What you ultimately show to the user is up to you if you want to obfuscate it so, as you suggested, you can parse the exception and display your own error copy.

We don't suggest displaying the raw exception message for the same reason as you suggested and, at the very least, it's not a localized string.

[vincetran]

If it would help, here are a list of the Exceptions you can expect to encounter when dealing with auth:
https://github.com/aws-amplify/amplify-android/tree/main/core/src/main/java/com/amplifyframework/auth/exceptions

https://github.com/aws-amplify/amplify-android/tree/main/aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/exceptions