User Attributes (Cognito Federerated Identity) breaks the Storage component #9188

iris-rcrimp · 2021-11-09T05:43:48Z

Before opening, please confirm:

I have searched for duplicate or closed issues and discussions.
I have read the guide for submitting bug reports.
I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication, Storage

Amplify Categories

auth, storage

Environment information

  System:
    OS: Linux 5.13 Manjaro Linux
    CPU: (4) x64 Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
    Memory: 1.64 GB / 15.51 GB
    Container: Yes
    Shell: 5.1.8 - /bin/bash
  Binaries:
    Node: 16.11.0 - /usr/bin/node
    npm: 8.0.0 - /usr/bin/npm
  Browsers:
    Firefox: 94.0.1
  npmPackages:
    @aws-amplify/ui-react: ^1.2.20 => 1.2.20 
    @testing-library/jest-dom: ^5.11.4 => 5.14.1 
    @testing-library/react: ^11.1.0 => 11.2.7 
    @testing-library/user-event: ^12.1.10 => 12.8.3 
    @types/jest: ^26.0.15 => 26.0.24 (27.0.2)
    @types/node: ^12.0.0 => 12.20.33 (14.14.31)
    @types/react: ^17.0.0 => 17.0.30 
    @types/react-dom: ^17.0.0 => 17.0.9 
    amazon-cognito-identity-js: ^5.2.0 => 5.2.2 
    aws-amplify: ^4.3.4 => 4.3.4 
    react: ^17.0.2 => 17.0.2 
    react-dom: ^17.0.2 => 17.0.2 
    react-scripts: 4.0.3 => 4.0.3 
    typescript: ^4.1.2 => 4.4.4 
    web-vitals: ^1.0.1 => 1.1.2 
  npmGlobalPackages:
    @aws-amplify/cli: 6.3.1
    get-graphql-schema: 2.1.2
    node-gyp: 8.2.0
    nopt: 5.0.0
    npm: 8.0.0
    semver: 7.3.5
    serve: 13.0.2

Describe the bug

Cognito's federated identity auth role provides access to S3 perfectly well.

To allow for fine grain access control (e.g. user-test can only access s3::bucket-name/user-test) the docs recommend user attributes (Principal Tag Attributes for access control).

However, the presence of user attributes breaks Storage, any request (list, get, put) returns the following (unhelpful) error:

AWSS3Provider - get signed url error TypeError: Cannot read properties of undefined (reading 'byteLength')
Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'byteLength')
    at isEmptyData (isEmptyData.ts:11)
    at Sha256.update (webCryptoSha256.ts:32)
    at Sha256.update (crossPlatformSha256.ts:23)
    at hmac (credentialDerivation.ts:69)
    at credentialDerivation.ts:39
    at step (tslib.es6.js:100)
    at Object.next (tslib.es6.js:81)
    at tslib.es6.js:74
    at new Promise (<anonymous>)
    at __awaiter (tslib.es6.js:70)
    at getSigningKey (credentialDerivation.ts:37)
    at SignatureV4.getSigningKey (SignatureV4.ts:307)
    at SignatureV4.<anonymous> (SignatureV4.ts:153)
    at step (tslib.es6.js:100)
    at Object.next (tslib.es6.js:81)
    at fulfilled (tslib.es6.js:71)

Expected behavior

I would expect 403 forbidden if the auth policy is setup wrong. Instead I get an error trying to read byteLength of undefined.

Reproduction steps

Configure Cognito resource
Configure S3 resource
add user attributes to the Cognito Federated Identity
- Edit Identity Pool > Authentication Providers > Attributes for Access Control > Use Default Mappings

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

The text was updated successfully, but these errors were encountered:

iris-rcrimp · 2021-11-09T23:20:52Z

Here are the AuthData objects retrieved by onAuthUIStateChange().

The only difference I can see are the order of the fields.

User Attributes disabled (default). Working as expected.

{
    "username":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
    "pool":{
       "userPoolId":"ap-southeast-2_4hZXXXXXX",
       "clientId":"3910XXXXXXXXXXXXXXXXXXXXXX",
       "client":{
          "endpoint":"https://cognito-idp.ap-southeast-2.amazonaws.com/",
          "fetchOptions":{
             
          }
       },
       "advancedSecurityDataCollectionFlag":true,
       "storage":{
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
          "amplify-signin-with-hostedUI":"false",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"phone_number_verified\",\"Value\":\"false\"},{\"Name\":\"phone_number\",\"Value\":\"+6401234567890\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"21",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"18",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX"
       }
    },
    "Session":null,
    "client":{
       "endpoint":"https://cognito-idp.ap-southeast-2.amazonaws.com/",
       "fetchOptions":{
          
       }
    },
    "signInUserSession":{
       "idToken":{
          "jwtToken":"XXX",
          "payload":{
             "sub":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
             "email_verified":true,
             "iss":"https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_4hZXXXXXX",
             "cognito:username":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
             "origin_jti":"c729096c-0c81-42b7-89c8-28439132561d",
             "aud":"3910XXXXXXXXXXXXXXXXXXXXXX",
             "event_id":"72cd048d-d596-41e0-8589-c0276f0a913b",
             "token_use":"id",
             "auth_time":1636497962,
             "exp":1636501562,
             "iat":1636497962,
             "jti":"9d67ec22-7396-4d62-bee3-53a9e042e253",
             "email":"email@gmail.com"
          }
       },
       "refreshToken":{
          "token":"XXX"
       },
       "accessToken":{
          "jwtToken":"XXX",
          "payload":{
             "origin_jti":"c729096c-0c81-42b7-89c8-28439132561d",
             "sub":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
             "event_id":"72cd048d-d596-41e0-8589-c0276f0a913b",
             "token_use":"access",
             "scope":"aws.cognito.signin.user.admin",
             "auth_time":1636497962,
             "iss":"https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_4hZXXXXXX",
             "exp":1636501562,
             "iat":1636497962,
             "jti":"d76a9521-1653-4b4d-af15-ab9b227b1ec0",
             "client_id":"3910XXXXXXXXXXXXXXXXXXXXXX",
             "username":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
          }
       },
       "clockDrift":21
    },
    "authenticationFlowType":"USER_SRP_AUTH",
    "storage":{
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
       "amplify-signin-with-hostedUI":"false",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"phone_number_verified\",\"Value\":\"false\"},{\"Name\":\"phone_number\",\"Value\":\"+6401234567890\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"21",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"18",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX"
    },
    "keyPrefix":"CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX",
    "userDataKey":"CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData",
    "attributes":{
       "sub":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
       "email_verified":true,
       "email":"email@gmail.com"
    },
    "preferredMFA":"NOMFA"
 }

With User Attributes enabled. Breaks the Storage object.

{
    "username":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
    "pool":{
       "userPoolId":"ap-southeast-2_4hZXXXXXX",
       "clientId":"3910XXXXXXXXXXXXXXXXXXXXXX",
       "client":{
          "endpoint":"https://cognito-idp.ap-southeast-2.amazonaws.com/",
          "fetchOptions":{
             
          }
       },
       "advancedSecurityDataCollectionFlag":true,
       "storage":{
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"20",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
          "amplify-signin-with-hostedUI":"false",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"phone_number_verified\",\"Value\":\"false\"},{\"Name\":\"phone_number\",\"Value\":\"+6401234567890\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
          "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"18",
          "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX"
       }
    },
    "Session":null,
    "client":{
       "endpoint":"https://cognito-idp.ap-southeast-2.amazonaws.com/",
       "fetchOptions":{
          
       }
    },
    "signInUserSession":{
       "idToken":{
          "jwtToken":"XXX",
          "payload":{
             "sub":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
             "email_verified":true,
             "iss":"https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_4hZXXXXXX",
             "cognito:username":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
             "origin_jti":"e0d2c40a-66d3-4364-a53d-97f41265bf87",
             "aud":"3910XXXXXXXXXXXXXXXXXXXXXX",
             "event_id":"e782854d-b3f2-44a7-ba25-6f0cbe0dc026",
             "token_use":"id",
             "auth_time":1636497842,
             "exp":1636501442,
             "iat":1636497842,
             "jti":"56d1c459-c41f-425a-9bb2-af9c85c76afa",
             "email":"email@gmail.com"
          }
       },
       "refreshToken":{
          "token":"XXX"
       },
       "accessToken":{
          "jwtToken":"XXX",
          "payload":{
             "origin_jti":"e0d2c40a-66d3-4364-a53d-97f41265bf87",
             "sub":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
             "event_id":"e782854d-b3f2-44a7-ba25-6f0cbe0dc026",
             "token_use":"access",
             "scope":"aws.cognito.signin.user.admin",
             "auth_time":1636497842,
             "iss":"https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_4hZXXXXXX",
             "exp":1636501442,
             "iat":1636497842,
             "jti":"68166a1f-1e91-4a48-95c5-1aad0981b8c3",
             "client_id":"3910XXXXXXXXXXXXXXXXXXXXXX",
             "username":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
          }
       },
       "clockDrift":20
    },
    "authenticationFlowType":"USER_SRP_AUTH",
    "storage":{
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"20",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.LastAuthUser":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
       "amplify-signin-with-hostedUI":"false",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData":"{\"UserAttributes\":[{\"Name\":\"sub\",\"Value\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"},{\"Name\":\"email_verified\",\"Value\":\"true\"},{\"Name\":\"phone_number_verified\",\"Value\":\"false\"},{\"Name\":\"phone_number\",\"Value\":\"+6401234567890\"},{\"Name\":\"email\",\"Value\":\"email@gmail.com\"}],\"Username\":\"dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\"}",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.refreshToken":"XXX",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.idToken":"XXX",
       "CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.clockDrift":"18",
       "CognitoIdentityServiceProvider.5jdkXXXXXXXXXXXXXXXXXXXXXX.dfe1XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.accessToken":"XXX"
    },
    "keyPrefix":"CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX",
    "userDataKey":"CognitoIdentityServiceProvider.3910XXXXXXXXXXXXXXXXXXXXXX.2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX.userData",
    "attributes":{
       "sub":"2b75cfde-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
       "email_verified":true,
       "email":"email@gmail.com"
    },
    "preferredMFA":"NOMFA"
 }

ashika01 · 2021-11-12T18:27:22Z

@iris-rcrimp can you provide a code snippet for your storage calls? just to see what params are passed in these calls.

dorontal · 2021-12-14T00:36:46Z

I'm having a similar issue, that may be the same issue as the one reported here. I believe these issues are at least possibly related.

To reproduce, in my case:

Configure Cognito (for email + password sign-up/sign-in, with email verification code)
Precisely go through the steps 1-4 in this issue to set up "attributes for access control" and change the policies accordingly in the cloudformation file, to use cognitoId instead of sub in the S3 paths.
Put a file (<filename>) in <your S3 bucket>/protected/<sub>/<filename> where sub is the user's sub
Call this code

        console.log(Amplify.configure({
            // eslint-disable-next-line
            aws_appsync_authenticationType: 'AWS_IAM'
        }));

        this.imgSrc = await Storage.get(
            USER_DEFAULTS.s3ProfileImageFileName,
            {
                download: false,
                level: 'protected',
                identityId: sub
            }

and the error shows up every time - for months now, unable to get the file.

Here's the error you see in the browser's dev console (same as reported in this issue above) in response to the above call to Storage.get():

Error: Uncaught (in promise): TypeError: Cannot read property 'byteLength' of undefined
TypeError: Cannot read property 'byteLength' of undefined
    at isEmptyData (isEmptyData.js:10)
    at Sha256.update (webCryptoSha256.js:20)
    at Sha256.update (crossPlatformSha256.js:23)
    at hmac (credentialDerivation.js:86)
    at credentialDerivation.js:33
    at step (tslib?b908:100)
    at Object.next (tslib?b908:81)
    at tslib?b908:74
    at new ZoneAwarePromise (zone.js:1340)
    at __awaiter (tslib?b908:70)
    at resolvePromise (zone.js:1255)
    at new ZoneAwarePromise (zone.js:1343)
    at __awaiter (tslib?b908:70)
    at getSigningKey (credentialDerivation.js:28)
    at SignatureV4.getSigningKey (SignatureV4.js:257)
    at SignatureV4.<anonymous> (SignatureV4.js:63)
    at step (tslib?b908:100)
    at Object.next (tslib?b908:81)
    at fulfilled (tslib?b908:71)
    at ZoneDelegate.invoke (zone.js:400)

cwomack · 2024-10-24T20:50:35Z

For anyone following this issue or coming across it, this should now be resolved in the latest version of v5 as well as the most recent major version of v6. Please comment back if that's not the case, but we'll close this issue as it is no longer reproducible on the latest supported versions of Amplify.

chrisbonifacio self-assigned this Nov 9, 2021

chrisbonifacio added Storage Related to Storage components/category pending-triage Issue is pending triage labels Nov 9, 2021

dorontal mentioned this issue Dec 14, 2021

How to find the bidirectional map between Cognito identity ID and Cognito user information? #54

Open

stocaaro added the pending-response label Jun 1, 2022

abdallahshaban557 added this to the Storage Enhancements milestone Jun 2, 2022

stocaaro removed the pending-response label Sep 27, 2022

nadetastic self-assigned this Oct 3, 2022

nadetastic added feature-request Request a new feature and removed investigating This issue is being investigated pending-triage Issue is pending triage labels Oct 28, 2022

tannerabread unassigned chrisbonifacio Dec 21, 2022

stocaaro added bug Something isn't working and removed feature-request Request a new feature labels Jan 19, 2023

nadetastic removed their assignment Mar 11, 2023

stocaaro added feature-request Request a new feature bug Something isn't working and removed bug Something isn't working feature-request Request a new feature labels Mar 23, 2023

cwomack closed this as completed Oct 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

User Attributes (Cognito Federerated Identity) breaks the Storage component #9188

User Attributes (Cognito Federerated Identity) breaks the Storage component #9188

iris-rcrimp commented Nov 9, 2021 •

edited

Loading

iris-rcrimp commented Nov 9, 2021 •

edited

Loading

ashika01 commented Nov 12, 2021

dorontal commented Dec 14, 2021 •

edited

Loading

cwomack commented Oct 24, 2024

User Attributes (Cognito Federerated Identity) breaks the Storage component #9188

User Attributes (Cognito Federerated Identity) breaks the Storage component #9188

Comments

iris-rcrimp commented Nov 9, 2021 • edited Loading

Before opening, please confirm:

JavaScript Framework

Amplify APIs

Amplify Categories

Environment information

Describe the bug

Expected behavior

Reproduction steps

Code Snippet

Log output

aws-exports.js

Manual configuration

Additional configuration

Mobile Device

Mobile Operating System

Mobile Browser

Mobile Browser Version

Additional information and screenshots

iris-rcrimp commented Nov 9, 2021 • edited Loading

ashika01 commented Nov 12, 2021

dorontal commented Dec 14, 2021 • edited Loading

cwomack commented Oct 24, 2024

iris-rcrimp commented Nov 9, 2021 •

edited

Loading

iris-rcrimp commented Nov 9, 2021 •

edited

Loading

dorontal commented Dec 14, 2021 •

edited

Loading