Description
Before opening, please confirm:
- I have searched for duplicate or closed issues and discussions.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React
Amplify APIs
Authentication, REST API
Amplify Categories
auth
Environment information
NA
Describe the bug
No clear response from Cognito for temporary password expiration vs invalid username/password. Currently when a user tries to login with a temporary password that is no longer valid the response is NotAuthorizedException. This is the same response for invalid email / password. If we are to set any conditional logic for actions to be taken in either scenario or custom messages to be displayed to the user there needs to be some sort of error code or difference for the developer to use.
We have tried setting pre and post authorization hooks within lamda functions, but that will not work as the pre auth is not yet aware the temp password has expired and post auth will never be called because the auth is unsuccessful. Im aware that there is an issue #1182 however this does not fully resolve the problem.
Expected behavior
When a user attempts to login with an expired temporary password I expect a unique error response
Reproduction steps
- create user with adminCreateUser
- new user attempts to login with temporary password that has expired
Code Snippet
// Put your code below this line.Log output
// Put your logs below this line
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response