AWS Cognito Identity NotAuthorizedException

2
votes

I'm using the AWS javascript sdk in order to integrate user pools with a web app that I am building. The user pool is setup and I've followed the usage example here: https://github.com/aws/amazon-cognito-identity-js

I keep getting an error that says: "NotAuthorizedException: Unable to verify secret hash for client (my app client id)"

AWS.config.region = 'us-east-1'; // Region
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
    IdentityPoolId: '...' // my identity pool id here
});


AWSCognito.config.region = 'us-east-1';
AWSCognito.config.credentials = new AWS.CognitoIdentityCredentials({
  IdentityPoolId: '...' // my identity pool id here
})


var poolData = {
  UserPoolId: '...', // my user pool id here
  ClientId: '...'  // client id here
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

var userData = {
    Username : 'username',
    Pool : userPool
};

      var attributeList = [];

      var dataEmail = {
          Name : 'email',
          Value : '[email protected]'
      };
      var dataPhoneNumber = {
          Name : 'phone_number',
          Value : '+15555555555'
      };
      var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail);
      var attributePhoneNumber = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataPhoneNumber);

      attributeList.push(attributeEmail);
      attributeList.push(attributePhoneNumber);

      userPool.signUp('username', 'password', attributeList, null, function(err, result){
          if (err) {
              alert(err);
              return;
          }
          cognitoUser = result.user;
          console.log('user name is ' + cognitoUser.getUsername());
      });

Any suggestions or potential issues with the code snippet above? Thanks!

4
javascriptamazon-web-servicesamazon-cognito
Are you missing "IdentityPoolId:" I just see "..."?error2007s
@error2007s No, in my real code I have my identity pool id, I just didn't want it publicly shown.user3567080

4 Answers

11
votes

The solution to this is actually quite straightforward. You have to delete the app in aws and re-add it without a secret key so it can authorize.

2
votes

When creating a web application using the Javascript SDK you cannot use a secret key as there is no where to store it. This will cause the exception you are seeing.

As you discovered, creating an app without a secret key solves the issue.

1
votes

For JavaScript SDK, Cognito still not supports the "Client Secret". When you are creating the App Client be sure uncheck the "Generate Secret" key. This is the same issue I am facing with Java SDK as well.

But its a question to AWS Cognito team? How we will use the Client Secret which is preferred for production environment.

Time being if anyone facing the similar issues please delete your Client App and re-create the Client app without generating Client Secret. Still we are expecting from the expert developer to answer, how we will use the client secret?

0
votes

In my case, I typed incorrectly to UserPoolId. So check your credential once again.