Every time that I run the composer, I'm getting this message:

Deprecation Notice: Class pmill\AwsCognito\Tests\Unit\CognitoClientTest located in ./vendor/pmill/aws-cognito/tests/unit/CognitoClientTest.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v2.0. in phar:///usr/local/bin/composer/src/Composer/Autoload/ClassMapGenerator.php:201

I'm trying to retrieve custom attributes. How can i do that?

I was using builtin login page. When using response_type=token i don't get refresh token.
When using response_type=code I don't see a way to utilize this class.

So with first approach, after some time, following exception is trigerred (marked with "HERE"):

           try
            {
                $this->client->verifyAccessToken($access_token);
            }
            catch(\pmill\AwsCognito\Exception\TokenExpiryException $e)
            {
// HERE
            }

What would be the best approach to handle this case?

Thank you for this class :)

The AWS SDK, in addition to CognitoIdentityProviderException seems to also throw GuzzleHttp\Exception\ClientException.

public function registerUser() for example throws this for {"__type":"UsernameExistsException","message":"User already exists"}
(See error snippet below).

This doesn't get caught and mapped to the pmill\AwsCognito\Exception's.
Making the error handling significantly harder for the caller method.

(Related #20?)

Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: `POST https://cognito-idp.us-east-1.amazonaws.com` resulted in a `400 Bad Request` response: {"__type":"UsernameExistsException","message":"User already exists"} in /app/public/.../vendor/pmill/aws-cognito/src/Exception/CognitoResponseException.php on line 28

Why not get_called_class() ?
with get_class() result is always CognitoResponseException

Hello @pmill,

I have installed your api via composer two days before and I am wondered that handleAuthenticateResponse() is not in CognitoClient class ?

I get a timeout when trying to get jwks.json. I think its because of file_get_contents. With curl_exec it does work. Could it be the problem, that I am behind a proxy? Maybe we should than give the possibility to define a proxy maybe via config.php and use it in file_get_contents.

I can get all the other example scripts working as expected but refreshAuthentication.php doesn't seem to work for me....

>php login.php
array(5) {
  'AccessToken' =>
  string(1002) "eyJraWQiO<snip>nG_z1g"
  'ExpiresIn' =>
  int(3600)
  'TokenType' =>
  string(6) "Bearer"
  'RefreshToken' =>
  string(1785) "eyJjdHki<snip>K70c4aQ"
  'IdToken' =>
  string(958) "eyJraWQiOiJOd1B<snip>OUAKuyODEPuw"
}

I then edit refreshAuthentication.php and put in the same value for $username as I used in login.php and with $refreshToken set to the RefreshToken I received above (starting eyJjd and ending 4aQ) and I get...

>php refreshAuthentication.php

Fatal error: Uncaught exception 'Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException' with message 'Error executing "AdminInitiateAuth" on "https://cognito-i
dp.eu-west-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 2od40<snip>rf9crnnej"}
 NotAuthorizedException (client): Unable to verify secret hash for client 2od40<snip>rf9crnnej - {"__type":"NotAuthorizedException","message":"Unable to verify secret has
h for client 2od40<snip>rf9crnnej"}'

GuzzleHttp\Exception\ClientException: Client error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 2od40<snip>rf9crnnej"}
 in C:\Users\Ben Kennish\Documents\aws-cognito\vendor\aws\aws-sdk-php\src\WrappedHttpHandler.php on line 195

Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException: Error executing "AdminInitiateAuth" on "https://cognito-idp.eu-west-2.amazonaws.com"; AWS HTTP error: Cl
ient error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"NotAuthorizedException","message":"Unable to verify secret hash for client 2od40<snip>rf9crnnej"}
 NotAuthorizedException (client): Unable to verify secret hash for client 2od40<snip>rf9crnnej - {"__type":"NotAuthorizedException","message":"Unable to verify secret has
h for client 2od40<snip>rf9crnnej"} in C:\Users\Ben Kennish\Documents\aws-cognito\vendor\aws\aws-sdk-php\src\WrappedHttpHandler.php on line 195

Call Stack:
    0.0005     398744   1. {main}() C:\Users\Ben Kennish\Documents\aws-cognito\examples\refreshAuthentication.php:0
    0.0808    6515504   2. pmill\AwsCognito\CognitoClient->refreshAuthentication() C:\Users\Ben Kennish\Documents\aws-cognito\examples\refreshAuthentication.php:8

This is the same exception message that login.php generates if the 'app_client_secret' in config.php is incorrect but it IS currently correct as login.php is working as expected.

Anyone know what I'm doing wrong?
Cheers, Ben

.......(transfer 0xc279a10) * Expire in 9 ms for 1 (transfer 0xc279a10) * Trying 13.235.230.89... * TCP_NODELAY set * Expire in 74986 ms for 3 (transfer 0xc279a10) * Expire in 200 ms for 4 (transfer 0xc279a10) * connect to 13.235.230.89 port 80 failed: Timed out * Trying 13.234.154.127... * TCP_NODELAY set * Expire in 64386 ms for 3 (transfer 0xc279a10) * connect to 13.234.154.127 port 80 failed: Timed out * Failed to connect to cognito-idp.ap-south-1.amazonaws.com port 80: Timed out * Closing connection 0 <- Leaving step sign, name 'signer' ----------------------------------- error was set to

this type of error generate while signUp new user

When I run composer require pmill/aws-cognito, there is no example folder in the project. Can u help?

Hi all!

I'm developing an application with the Filemaker API.
Authentication tokens are required and Filemaker Cloud uses Cognito to fetch the correct tokens.

A javascript howto : https://help.claris.com/en/customer-console-help/content/create-fmid-token.html

I've tested this and the javascript example is working.

But I can't get this to work with the aws-cognito implementation, AWS credentials are needed.

Anyone who knows where I should start looking? I've tested the authenticate of the CognitoClient.
But I get an unauthenticated result (403). It seems that the PHP SDK isn't working without credentials provided (as in the javascript example).

Thanks!

Library should handle Cognito challenge responses for things like 'NEW_PASSWORD_REQUIRED', 'SMS_MFA', etc. The 'authenticate' method currently only deals with a positive authentication response, but masks any requests from Cognito for additional information making it look like the authentication failed.

Details for response types is here: http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html#API_AdminInitiateAuth_ResponseSyntax

I produced the first case by adding a user to my new user pool from the Cognito user pool dashboard and setting a temporary password for the user.

Here is what the response looked like for that case:

Hi,
When Cognito is set to 'Only allow administrators to create users', and running the registerUser.php script I get this error:
PHP Fatal error: Uncaught exception 'Aws\\CognitoIdentityProvider\\Exception\\CognitoIdentityProviderException' with message 'Error executing "SignUp" on "https://cognito-idp.eu-west-2.amazonaws.com"; AWS HTTP error: Client error: POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a 400 Bad Request response:\n{"__type":"NotAuthorizedException","message":"SignUp is not permitted for this user pool"}\n NotAuthorizedException (client): SignUp is not permitted for this user pool - {"__type":"NotAuthorizedException","message":"SignUp is not permitted for this user pool"}'\n\nGuzzleHttp\Exception\ClientException: Client error: POST https://cognito-idp.eu-west-2.amazonaws.com resulted in a 400 Bad Request response:\n{"__type":"NotAuthorizedException","message":"SignUp is not permitted for this user pool"}\n in /home/ubuntu/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113\nStack trace:\n#0 /home/ubuntu/vendor/guzzlehttp/guzzle/src/Middleware.php(65): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHtt in /home/ubuntu/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php on line 192`

When running with Allow users to sign up it works fine and user is added.

I don't want users to signup themselves, only myself, but the process is automated using this script to complete the process, as they have to be verified first as a client already in out system.

Thanks for any help on this.

Hi,

Is there a way to update this for php8? Php 8 gives a lot of trouble. Hope someone can help me out with this

Hello,

How can I implement Logout function? and isAuthenticated function?

regards,

Signup request throws a serialization exception when ints are passed as user variables. (class com.amazon.coral.value.json.numbers.TruncatingBigNumber can not be converted to an String). Even when the user variable is defined as an int in the Cognito user pool.

Casting (string) before passing to your registerUser function fixes the issue. Perhaps your variables loop can just cast each variable to string? Or is that a bad idea?

Hello,
Is there a possibility to create public key string .PEM from JWK. I used before Jose\KeyConverter\RSAKey but I deleted this library because of conflict.?

Any suggestion?

thanks

got this when doing registerUser

(Uncaught GuzzleHttp\Exception\ClientException: Client error: `POST https://cognito-idp.eu-west-2.amazonaws.com` resulted in a `400 Bad Request` response: {"__type":"InvalidPasswordException","message":"Password did not conform with policy: Password must have lowercase chara (truncated...) )
in ...vendor\pmill\aws-cognito\src\Exception\CognitoResponseException.php on line 28

How to get "message":"Password did not conform with policy: Password must have.... message ?

Hi!
I don't know what I'm doing wrong, but I always obtain Always obtain NotAuthorizedException - Invalid usernarme or password when I run login.php
I can create an user and confirm it, but when I try to login, I always obtain this error.
Please help me!
Thanks!!!!

For Login API getting below error :

Uncaught exception 'Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException' with message 'Error executing "AdminInitiateAuth" on "https://cognito-idp.us-east-1.amazonaws.com"; AWS HTTP error: Client error: POST https://cognito-idp.us-east-1.amazonaws.com resulted in a 400 Bad Request response: {"__type":"UnrecognizedClientException","message":"The security token included in the request is invalid."} UnrecognizedClientException (client): The security token included in the request is invalid. - {"__type":"UnrecognizedClientException","message":"The security token included in the request is invalid."}' GuzzleHttp\Exception\ClientException: Client error: POST https://cognito-idp.us-east-1.amazonaws.com resulted in a 400 Bad Request response: {"__type":"UnrecognizedClientException","message":"The security token included in the request is invalid."}

I believe my config setting is correct.

Hi, After Days of researching this is the only example i found AWS cognito in PHP.I don't have very broad knowledge of PHP.but still i don't understand how to create the client Object and how can i give my credentials ( not Clear what to provide). can you please help me with that please..?

Hello,
after updating the composer, and by calling verifyAccessToken I got the following error:

Attempted to call function "gmp_init" from namespace "Jose\Component\Core\Util".



CRITICAL14:01:47 | php | Call to undefined function Jose\Component\Core\Util\gmp_init()
-- | -- | --
CRITICAL14:01:47 | request | Uncaught PHP Exception Symfony\Component\Debug\Exception\UndefinedFunctionException: "Attempted to call function "gmp_init" from namespace "Jose\Component\Core\Util"." at /home/vagrant/myProject/vendor/web-token/jwt-core/Util/BigInteger.php line 54

do you know why is such error comes?

regards,

HI,

While trying
$response = $this->client->adminInitiateAuth([]);
the code hangs after this.
Not returning any error also.

@pmill is there a possibility to login a user using the FB, google account and automatically generate a user account in UserPool?

I have struggled to find such solution in AWS JS but I could not find any concreted implementation.

regards,

Although updates for Spomky-Labs/jose is guaranteed to end 2018. It is perhaps best to upgrade now that migration shouldn't be difficult.

Migration guide:
https://web-token.spomky-labs.com/migration/spomky-labs-jose/

Is a plan to update web-token/jwt-signature": "^1.0" to version ^2 ?
This affects other packages which are used with this.

Hello @pmill ;

I want to suggest the following improvements :

1. improve verifyAccessToken(): to return the payload completely not only the payload[username], this will help in getting more details about the logged in user like email address ...

2. improve downloadJwtWebKeys(): to return jwtWebKeys. that helps in storing the keys once locally or in our web server and re-use it (instead of caching). And new setter/getter functions for jwtWebKeys may be required for that.

Regards.

Since AWS credentials key and secret are optional, these fields could be marked as optional and dropped since they otherwise present a security risk being exposed around? Also, the javascript AWS amplify versions of cognito don't have them. So, do we actually need them here?

<?php
return [
     'credentials' =**> [
        'key' => '',
        'secret' => '',
    ],



'region' => '',
'version' => '',
'app_client_id' => '',
'app_client_secret' => '',
'user_pool_id' => '',
];
?>

I get InvalidParameterException: Invalid attributes given, name and adress is missing error when calling respondToNewPasswordRequiredChallenge function