Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cognito auth flow fails with "Already found an entry for username Facebook_10155611263153532"

The goal is to implement a social provider auth flow as described in User Pools App Integration and Federation.

One important thing that I want to satisfy, is to merge user pool accounts that have the same email address.

I am accomplishing that by calling adminLinkProviderForUser within the PreSignUp_ExternalProvider cognito lambda trigger.

So with this, everything works. The new social provided user is being registered and linked with the already existing Cognito (user+pass) user.

However, the authentication flow, from user's perspective doesn't complete. It fails at the last step where the callback uri (defined in cognito user pool) is being called:

error: invalid_request

error_description: Already found an entry for username Facebook_10155611263152353

But then, if the user retries the social auth flow, everything works, and would get session tokens that represent the original Cognito User Pool user (the one that already had that email).

Note that I'm testing the auth flow on an empty User Pool, zero user accounts.

like image 989
Daniel Birowsky Popeski Avatar asked Dec 14 '17 14:12

Daniel Birowsky Popeski


1 Answers

For all the poor souls fighting with this issue still in 2020 the same way I did:

  • I have eventually fixed the issue by catching the "Already found an entry for username" in my client application and repeating the entire auth flow once more.
  • Luckily the error only gets fired on the initial external provider signup but not in the subsequent signins of the same user (cause it happens during signup trigger, duh). I'm taking a wild guess, but here is what I think is happening:
    • In my case, the facebook provider was getting succesfully linked with the pre-existing cognito email/password user. new Facebook userpool entry linking to the email/password user was succesfully created.
    • Still, it seems like cognito tried to register the fully isolated Facebook_id user during the internal signup process (even though a link user entry with the same username was already created in the previous step). Since the "link user" with the username Facebook_id was already existing, cognito threw an "Already found an entry for username Facebook_id error" internal error.
    • This error has been repeatedly voiced over to the AWS developers since 2017 and there are even some responses of them working on it, but in 2020, it's still not fixed.
like image 183
furyozo Avatar answered Oct 04 '22 07:10

furyozo