AWS Cognito user authentication Missing required parameter SRP_A

Bala Karthik picture Bala Karthik · Dec 13, 2016 · Viewed 15.8k times · Source

I am trying to use AWS Cognito services for user authentication through ruby SDK.

I could able to sign_up, confirm sign_up process using the methods

  resp = client.sign_up({ client_id: "ClientIdType",
                          secret_hash: "SecretHashType",
                          username: "UsernameType",
                          password: "PasswordType",
                          user_attributes: [{ name:"AttributeNameType", 
                                    value: "AttributeValueType",
                                     }],
                          validation_data: [{
                          name: "AttributeNameType",
                          value: "AttributeValueType",
                                  }]
                          })

and confirm_sign_up using

  resp = client.confirm_sign_up({client_id: "ClientIdType",
                                 secret_hash: "SecretHashType",
                                 username: "UsernameType",
                                 confirmation_code: "ConfirmationCodeType"
                                })

But while trying to sign in the user through initiate_auth I am getting an error Missing required parameter SRP_A

cog_provider.initiate_auth({client_id: "xxxxxxxxx", auth_parameters: { username: "xxx", password: "xxx"}, auth_flow: "USER_SRP_AUTH"})

What does SRP_A indicate where to find it.

I have searched for this problem and It is suggested to use the admin_initiate_auth method for signing in a user which I don't believe a best practice.

Answer

Ionut Trestian picture Ionut Trestian · Dec 15, 2016

Yes, SRP_A is a large integer as defined by the Secure Remote Password Protocol. Are you trying to do SRP or just authenticate with username and password. For username/password authentication you should use the AdminInitiateAuth operation.

In our SDKs, you can see the parameters that need to be computed and passed. Take for example the Javascript SDK:

https://github.com/aws/amazon-cognito-identity-js/blob/master/src/CognitoUser.js#L152

Or in the Android SDK:

https://github.com/aws/aws-sdk-android/blob/master/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java#L2123