I have manually added an AWS Cognito user to my application's user pool via the AWS management console. The required user pool credentials have been confirmed for this user. I am setting up an auth guard to control access to the routes. Whenever I use the Auth.signIn() function, the promise resolves successfully, however, when calling Auth.currentAuthenticatedUser() after signing in, the promise within the canActivate() function returns an error message "not authenticated". I have read GitHub issues on cookieStorage causing issues with this, but do not have this configured.
sign-in.component.ts
signIn(username, password) {
return new Promise(() => {
Auth
.signIn(username, password)
.then(() => {
this.router.navigate(['main/dashboard']); // navigates to main/dashboard as expected
})
.catch(err => {
this.authenticationError = err.message;
})
});
}
auth.guard.ts
canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {
return Auth
.currentAuthenticatedUser()
.then(() => {
return true;
})
.catch((err) => {
this.router.navigate(['signin']);
console.log(err) // "not authenticated"
return false;
});
}
Users created via the AWS management console are not considered authenticated unless the status field for that user is CONFIRMED. The status field in my case was FORCE_CHANGE_PASSWORD. AWS expects that users created via the console change their password after the first sign in or verify their account using an email or mobile verification. In the case of my app, I did not want to use either email or mobile verification. To resolve this I used the following aws-cli command for that user.
aws cognito-idp admin-set-user-password --user-pool-id your_user_pool_id --username username --password password --permanent