Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito client confirm_device is not working with MFA set to optional #4059

Open
doino-gretchenliev opened this issue Mar 21, 2024 · 1 comment
Open

Cognito client confirm_device is not working with MFA set to optional #4059

doino-gretchenliev opened this issue Mar 21, 2024 · 1 comment
Assignees
@tim-finnigan
Labels
bug This issue is a confirmed bug. cognito-idp p2 This is a standard priority issue response-requested Waiting on additional information or feedback. service-api This issue is caused by the service API, not the SDK implementation.

Comments

@doino-gretchenliev
Copy link

Describe the bug

I'm using confirm_device to enable trust device. When MFA enforcement is set to Require MFA on the user pool, the confirm_device is successful. When it's set to optional the confirm_device returns:
An error occurred (InvalidParameterException) when calling the ConfirmDevice operation: Invalid device key given.the

Expected Behavior

No matter the MFA Enforcement the function should succeed.

Current Behavior

With the same arguments - valid access key and device key from NewDeviceMetadata the confirm_device function is failing with:
An error occurred (InvalidParameterException) when calling the ConfirmDevice operation: Invalid device key given.

Reproduction Steps

  1. Set MFA Enforcment to optional on the Cognito user pool.
  2. Perform successful auth with initiate_auth or admin_initiate_auth using USER_SRP_AUTH flow.
  3. Use the auth response to execute confirm_device.

Possible Solution

No response

Additional Information/Context

No response

SDK version used

1.34.53

Environment details (OS name and version, etc.)

MacOs 14.4 (23E214)
@doino-gretchenliev doino-gretchenliev added bug This issue is a confirmed bug. needs-triage This issue or PR still needs to be triaged. labels Mar 21, 2024
@tim-finnigan tim-finnigan self-assigned this May 13, 2024
@tim-finnigan
Copy link
Contributor

Thanks for reporting this issue and your patience here. Running the confirm_device command involves a call to the underlying ConfirmDevice API. So any issues involving the API would likely need to get escalated to the Cognito service team.

The only other report I could find of that specific error was here where someone provided an answer that may be helpful. Can you confirm? Also the latest Boto3 version is 1.34.103 per the CHANGELOG, it may be worth updating to rule out any issue with older versions.

Could you provide a code snippet for reproducing the issue and debug logs (with any sensitive info redacted) by adding boto3.set_stream_info('') to your script? Once we have more info we can confirm whether or not this should be escalated to the Cognito service team.

@tim-finnigan tim-finnigan added investigating This issue is being investigated and/or work is in progress to resolve the issue. response-requested Waiting on additional information or feedback. service-api This issue is caused by the service API, not the SDK implementation. cognito-idp p2 This is a standard priority issue and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. needs-triage This issue or PR still needs to be triaged. labels May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tim-finnigan tim-finnigan

Labels
bug This issue is a confirmed bug. cognito-idp p2 This is a standard priority issue response-requested Waiting on additional information or feedback. service-api This issue is caused by the service API, not the SDK implementation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doino-gretchenliev @tim-finnigan