Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when user not found in pool #13352

Closed
3 tasks done
saharJ95 opened this issue May 9, 2024 · 6 comments
Closed
3 tasks done

InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when user not found in pool #13352

saharJ95 opened this issue May 9, 2024 · 6 comments
Assignees
@cwomack
Labels
Auth Related to Auth components/category question General question

Comments

@saharJ95
Copy link

saharJ95 commented May 9, 2024

Before opening, please confirm:

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

None

Environment information

# Put output below this line

Production

Describe the bug

Using Cognito User Pool

Getting InvalidLambdaResponseException: Invalid lambda function output : Invalid JSON when the user doesnot exisit in pool or deleted

Expected behavior

Response should be User not Found with defined code

Reproduction steps

login with non exsisting users

Code Snippet

image

Log output

image

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response
@saharJ95 saharJ95 added the pending-triage Issue is pending triage label May 9, 2024
@cwomack cwomack self-assigned this May 9, 2024
@cwomack cwomack added the Auth Related to Auth components/category label May 9, 2024
@cwomack
Copy link
Contributor

cwomack commented May 9, 2024

Hello, @saharJ95 👋 and sorry to hear you're running into this. We may need a little more information on the steps you took to set up Auth to determine why this error is happening. Are you trying to use a custom lambda to send back a message when a user is not in the user pool? Can you share the lambda code, which of the Auth lambdas are causing this, and a little more context there? Also, if you log in with an existing user is everything working just fine?

@cwomack cwomack added question General question pending-response Issue is pending response from the issue requestor and removed pending-triage Issue is pending triage labels May 9, 2024
@saharJ95
Copy link
Author

saharJ95 commented May 9, 2024

Hi @cwomack ,
I am not using any custom code/lambda
What I am doing is..

  1. Configure aws
  2. Import signIn from aws-amplify/auth
  3. Calling with required Attributes

Existing users work fine, I am trying to catch the exceptions although if the useremail or password is incorrect I am getting the correct response from Cognito APIs
But in the UserNotFound exception, it returns InvalidLambdaResponseException
image

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue requestor label May 9, 2024
@israx
Copy link
Contributor

israx commented May 9, 2024
edited

hello @saharJ95 . Could you please provide the following information:

  1. Steps you took to configure amplify, did you use the CLI, gen2 or manually created resources ?
  2. your amplify configuration refraining from adding any sensitive values.
  3. Are you getting any errors when calling the signIn API with an existing user ?
  4. What do you see when you go to Cognito Console -> User pools -> -> User pool properties -> Lambda triggers
  5. network call request when getting this specific error.

This will help us to determine the root cause of the issue. Usually the InvalidResponseLambdaException is thrown when the userpool has a lambda trigger that is missconfigured.

@cwomack cwomack added the pending-response Issue is pending response from the issue requestor label May 9, 2024
@saharJ95
Copy link
Author

saharJ95 commented May 10, 2024
edited

Hi @israx ,

  1. Created an identity pool and imported amplify config to my existing project.

image

  1. As I mentioned, the Existing user sign works fine, wrong password exception works fine. Issue is when the email is incorrect or the user doesn't exist

image
image

image
image
image

Furthermore,
I am getting this exception after migrating to amplify v6

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue requestor label May 10, 2024
@israx
Copy link
Contributor

israx commented May 10, 2024
edited

Hello @saharJ95 . Thank you for providing all the feedback. I see you have set a pre authentication lambda trigger which can be used to perform extra validation before authenticating a user. So based on the lambda docs we have that

Note
This Lambda trigger doesn't activate when a user doesn't exist, or already has an existing session in your user pool. If the PreventUserExistenceErrors setting of a user pool app client is set to ENABLED, then the Lambda trigger will activate.

So the reason you are getting the InvalidLambdaResponseException error is because your user pool has activated the PreventUserExistenceErrors setting. This setting can be located at Cognito console -> user pools -> -> App integration -> App client list -> -> App client information -> edit -> Prevent user existence errors.

In order to solve your issue you could do the following:

  1. Disable the Prevent user existence errors setting - NOT RECOMMENDED
  2. Edit your Pre authentication lambda and throw an specific error - RECOMMENDED

I highly recommend not disabling the Prevent user existence errors setting. This will help you to prevent user enumeration errors.

@saharJ95
Copy link
Author

Hi @israx ,
Thank you for your quick response.
I fixed the pre auth lambda with the proper exception and it works fine .

Thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwomack cwomack

Labels
Auth Related to Auth components/category question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cwomack @israx @saharJ95