Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refreshAuthentication.php example gives "Unable to verify secret hash for client" #42

Open
BenKennish opened this issue Apr 20, 2020 · 4 comments

Comments

@BenKennish
Copy link

I can get all the other example scripts working as expected but refreshAuthentication.php doesn't seem to work for me....

>php login.php
array(5) {
  'AccessToken' =>
  string(1002) "eyJraWQiO<snip>nG_z1g"
  'ExpiresIn' =>
  int(3600)
  'TokenType' =>
  string(6) "Bearer"
  'RefreshToken' =>
  string(1785) "eyJjdHki<snip>K70c4aQ"
  'IdToken' =>
  string(958) "eyJraWQiOiJOd1B<snip>OUAKuyODEPuw"
}

I then edit refreshAuthentication.php and put in the same value for $username as I used in login.php and with $refreshToken set to the RefreshToken I received above (starting eyJjd and ending 4aQ) and I get...

>php refreshAuthentication.php

Fatal error: Uncaught exception 'Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException' with message 'Error executing "AdminInitiateAuth" on "https://cognito-i
dp.eu-west-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 2od40<snip>rf9crnnej"}
 NotAuthorizedException (client): Unable to verify secret hash for client 2od40<snip>rf9crnnej - {"__type":"NotAuthorizedException","message":"Unable to verify secret has
h for client 2od40<snip>rf9crnnej"}'

GuzzleHttp\Exception\ClientException: Client error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 2od40<snip>rf9crnnej"}
 in C:\Users\Ben Kennish\Documents\aws-cognito\vendor\aws\aws-sdk-php\src\WrappedHttpHandler.php on line 195

Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException: Error executing "AdminInitiateAuth" on "https://cognito-idp.eu-west-2.amazonaws.com"; AWS HTTP error: Cl
ient error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 2od40<snip>rf9crnnej"}
 NotAuthorizedException (client): Unable to verify secret hash for client 2od40<snip>rf9crnnej - {"__type":"NotAuthorizedException","message":"Unable to verify secret has
h for client 2od40<snip>rf9crnnej"} in C:\Users\Ben Kennish\Documents\aws-cognito\vendor\aws\aws-sdk-php\src\WrappedHttpHandler.php on line 195

Call Stack:
    0.0005     398744   1. {main}() C:\Users\Ben Kennish\Documents\aws-cognito\examples\refreshAuthentication.php:0
    0.0808    6515504   2. pmill\AwsCognito\CognitoClient->refreshAuthentication() C:\Users\Ben Kennish\Documents\aws-cognito\examples\refreshAuthentication.php:8

This is the same exception message that login.php generates if the 'app_client_secret' in config.php is incorrect but it IS currently correct as login.php is working as expected.

Anyone know what I'm doing wrong?
Cheers, Ben

@BenKennish
Copy link
Author

Oh btw I obtained aws-cognito using Composer and it retrieved version 0.2.11 which seems to be the latest version

@ivy-liu09
Copy link

Hi @BenKennish

$username must be the value of Username returned by the getUser method, not an email.

Ivy

@BenKennish
Copy link
Author

Thanks @ivy-liu09. Could this be considered a bug in aws-cognito? All the other example scripts accept the email 'username' and also the error message "Unable to verify secret hash for client" seems inappropriate.

@hygison
Copy link

hygison commented Apr 24, 2022

I am getting a fatal error when the password is wrong:

Fatal error: Uncaught exception 'Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException' with message 'Error executing "AdminInitiateAuth" on "https://cognito-idp.us-east-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.us-east-1.amazonaws.com` resulted in a `400 Bad Request` response: {"__type":"NotAuthorizedException","message":"Incorrect username or password."} NotAuthorizedException (client): Incorrect username or password. - {"__type":"NotAuthorizedException","message":"Incorrect username or password."}' GuzzleHttp\Exception\ClientException: Client error: `POST https://cognito-idp.us-east-1.amazonaws.com` resulted in a `400 Bad Request` response: {"__type":"NotAuthorizedException","message":"Incorrect username or password."} in /Applications/MAMP/htdocs/app/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113 Stack trace: #0

Shouldn't I get an object saying that was bad request instead of a fatal error? In that way it would be possible to return to the user such information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants