AWS Cognito Identity NotAuthorizedException

javascript amazon-web-services amazon-cognito

13,450

Solution 1

The solution to this is actually quite straightforward. You have to delete the app in aws and re-add it without a secret key so it can authorize.

Solution 2

When creating a web application using the Javascript SDK you cannot use a secret key as there is no where to store it. This will cause the exception you are seeing.

As you discovered, creating an app without a secret key solves the issue.

Solution 3

For JavaScript SDK, Cognito still not supports the "Client Secret". When you are creating the App Client be sure uncheck the "Generate Secret" key. This is the same issue I am facing with Java SDK as well.

But its a question to AWS Cognito team? How we will use the Client Secret which is preferred for production environment.

Time being if anyone facing the similar issues please delete your Client App and re-create the Client app without generating Client Secret. Still we are expecting from the expert developer to answer, how we will use the client secret?

13,450

Author by

user3567080

Updated on June 05, 2022

Comments

user3567080 almost 2 years

I'm using the AWS javascript sdk in order to integrate user pools with a web app that I am building. The user pool is setup and I've followed the usage example here: https://github.com/aws/amazon-cognito-identity-js

I keep getting an error that says: "NotAuthorizedException: Unable to verify secret hash for client (my app client id)"

AWS.config.region = 'us-east-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: '...' // my identity pool id here
});


AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
  IdentityPoolId: '...' // my identity pool id here
})


var poolData = {
  UserPoolId: '...', // my user pool id here
  ClientId: '...'  // client id here
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

var userData = {
    Username : 'username',
    Pool : userPool
};

      var attributeList = [];

      var dataEmail = {
          Name : 'email',
          Value : '[email protected]'
      };
      var dataPhoneNumber = {
          Name : 'phone_number',
          Value : '+15555555555'
      };
      var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
      var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);

      attributeList.push(attributeEmail);
      attributeList.push(attributePhoneNumber);

      userPool.signUp('username', 'password', attributeList, null, function(err, result){
          if (err) {
              alert(err);
              return;
          }
          cognitoUser = result.user;
          console.log('user name is ' + cognitoUser.getUsername());
      });

Any suggestions or potential issues with the code snippet above? Thanks!