AWS Cognito USER_PASSWORD_AUTH "Initiate Auth method not supported."

Asked 13/2, 2018 at 0:46 Answered 8/2, 2023 at 14:20

Solved amazon-web-services amazon-cognito

I am trying to do the following:

  AWSUtil.generateSecretHash('[email protected]', ClientId).then(SECRET_HASH => {
    return AWSUtil.Cognito.adminInitiateAuth({
      AuthFlow: 'USER_PASSWORD_AUTH',
      ClientId,
      UserPoolId: process.env.COGNITO_USER_POOL_ID,
      AuthParameters: {
        USERNAME: '[email protected]',
        PASSWORD: 'lamepassword123',
        SECRET_HASH
      }
    }).promise();
  })
  .then(resp => {
    console.log(resp)
  });

It will not return anything but "Initiate Auth method not supported."

According to the docs, this should work. What gives?

Graeco answered 13/2, 2018 at 0:46 Comment(0)

Under the App Clients section, did you enable the box for your user pool that says:

[x] Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)

Freshwater answered 13/2, 2018 at 4:6 Comment(1)

I have the same problem explained in the question. And I have that box you've mentioned checked and still getting the error. Any other suggestions? – Staciestack 30/5, 2018 at 16:32

I had the same issue - resolved it by using AuthFlow ADMIN_NO_SRP_AUTH rather than USER_PASSWORD_AUTH per the example here.

Bethesda answered 9/7, 2018 at 18:55 Comment(1)

Enable sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH) – Fatback 18/11, 2018 at 7:19

Under the App Clients section, did you enable the box for your user pool that says:

[x] Enable username-password (non-SRP) flow for app-based authentication (USER_PASSWORD_AUTH)

Freshwater answered 13/2, 2018 at 4:6 Comment(1)

I have the same problem explained in the question. And I have that box you've mentioned checked and still getting the error. Any other suggestions? – Staciestack 30/5, 2018 at 16:32

In case of Serverless framework usage, the ALLOW_USER_PASSWORD_AUTH need to be added to the ExplicitAuthFlows node.

Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      # Generate a name based on the stage
      UserPoolName: ${self:provider.stage}-user-pool
      # Set email as an alias
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email

  CognitoUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      # Generate an app client name based on the stage
      ClientName: ${self:provider.stage}-user-pool-client
      UserPoolId:
        Ref: CognitoUserPool
      ExplicitAuthFlows:
        - ALLOW_ADMIN_USER_PASSWORD_AUTH # See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
        - ALLOW_USER_PASSWORD_AUTH
        - ALLOW_REFRESH_TOKEN_AUTH
        - ALLOW_USER_SRP_AUTH
      GenerateSecret: false

# Print out the Id of the User Pool that is created
Outputs:
  UserPoolId:
    Value:
      Ref: CognitoUserPool

  UserPoolClientId:
    Value:
      Ref: CognitoUserPoolClient

Eyas answered 29/8, 2020 at 13:54 Comment(0)

Go to the Cognito Service
Then, select the app client
Finally, edit the authentication workflows

Hypermeter answered 8/2, 2023 at 14:20 Comment(0)

Recommended topics

Hot tags