Skip to content

fix(auth): Fix losing session identifier when incorrect otp code is entered during confirm sign up #3136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(auth): Fix losing session identifier when incorrect otp code is entered during confirm sign up #3136

wants to merge 1 commit into from

Conversation

mattcreaser
Copy link
Member

@mattcreaser mattcreaser commented Oct 2, 2025
edited
Loading

  • PR title and description conform to Pull Request guidelines.

Issue #, if available: #3135

Description of changes:
Fixes one of the issues identified in the linked bug. When a user entered an incorrect confirmation code during confirmSignUp we would enter an Error state. During a correct subsequent confirmSignUp call we would not pass the existing Cognito session identifier. If there are no passwordless options enabled for the user pool, this would result in Cognito throwing a SelectChallenge which would cause Amplify to hang.

This fix retains the signUpData during the error state so that the session can be continued on subsequent calls to confirmSignUp. This allows Cognito to recognize the password entered during initial sign up, allowing autoSignIn to succeed.

Fixing autoSignIn hanging on SelectChallenge is a much larger fix that will be tackled separately.

How did you test these changes?

  • Verified that autoSignIn works as expected after entering an incorrect confirmation code after creating an account.

Documentation update required?

  • No
  • Yes (Please include a PR link for the documentation update)

General Checklist

  • Added Unit Tests
  • Added Integration Tests
  • Security oriented best practices and standards are followed (e.g. using input sanitization, principle of least privilege, etc)
  • Ensure commit message has the appropriate scope (e.g fix(storage): message, feat(auth): message, chore(all): message)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@mattcreaser mattcreaser requested a review from a team as a code owner October 2, 2025 16:07
@codecov Codecov
Copy link

codecov bot commented Oct 2, 2025

Codecov Report

❌ Patch coverage is 67.64706% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 54.28%. Comparing base (288a082) to head (826f4b7).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3136      +/-   ##
==========================================
+ Coverage   54.27%   54.28%   +0.01%     
==========================================
  Files        1040     1040              
  Lines       32071    32082      +11     
  Branches     4712     4726      +14     
==========================================
+ Hits        17406    17416      +10     
+ Misses      12824    12819       -5     
- Partials     1841     1847       +6
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mattcreaser mattcreaser mentioned this pull request Oct 2, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tylerjroach tylerjroach tylerjroach approved these changes

@harsh62 harsh62 harsh62 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mattcreaser @tylerjroach @harsh62