Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verification codes expiration date #3127

Closed
Elza-Hoff opened this issue Aug 8, 2023 · 3 comments
Closed

Verification codes expiration date #3127

Elza-Hoff opened this issue Aug 8, 2023 · 3 comments
Assignees
@harsh62
Labels
auth Issues related to the Auth category question General question

Comments

@Elza-Hoff
Copy link

Describe the bug

Hey!
In our app we use Amplify for the sign in flow and password reset. We have some bug in logic compares to Android sdk, which works as expected.
User receives verification code #1 and then request another code #2. We expect that only newest verification code will be valid, but in fact all received verification codes are valid.
Android sdk accept only newest verification code.
This function is used for password reset.
Screenshot 2023-08-02 at 12 09 00

Steps To Reproduce

Steps to reproduce the behavior:
1. Got to reset password
2. Click on 'Resend code' and have 2 codes in your mail.
3. Use old one 
4. This old one code is accepted as valid

Expected behavior

Only newest verification code accepted

Amplify Framework Version

2.8.1

Amplify Categories

Auth

Dependency manager

Swift PM

Swift version

5

CLI version

Xcode version

14.3

Relevant log output

No response

Is this a regression?

Yes

Regression additional context

No response

Platforms

No response

OS Version

15.0

Device

iPhone 13 Pro max

Specific to simulators

no

Additional context

No response
@harsh62 harsh62 self-assigned this Aug 8, 2023
@harsh62 harsh62 added auth Issues related to the Auth category question General question labels Aug 8, 2023
@harsh62
Copy link
Member

harsh62 commented Aug 8, 2023

@Elza-Hoff I tested on Amplify Swift and can see that older codes are not accepted. Amplify Swift simply passes on the code to Cognito and doesn't have any client side logic.

Would you be able to share testing steps that you are performing for this use case? Is there anything different compared to iOS and Android implementation?

@harsh62 harsh62 added the pending-community-response Issue is pending response from the issue requestor label Aug 8, 2023
@Elza-Hoff
Copy link
Author

@Elza-Hoff I tested on Amplify Swift and can see that older codes are not accepted. Amplify Swift simply passes on the code to Cognito and doesn't have any client side logic.

Would you be able to share testing steps that you are performing for this use case? Is there anything different compared to iOS and Android implementation?

Firstly I use this function
image
And then I use this function for password reset and it still validate all verification codes
image

@harsh62
Copy link
Member

harsh62 commented Aug 9, 2023

@Elza-Hoff

I am still not super clear what the use case is.. You have shared with me 2 very different API's. One API is for sign up whereas the other one is for reset password.

Would you be able to share the code snippet that is causing you this problem?

@harsh62 harsh62 added the closing soon This issue will be closed in 7 days unless further comments are made. label Aug 14, 2023
@ruisebas ruisebas closed this as not planned Won't fix, can't repro, duplicate, stale Aug 25, 2023
@github-actions github-actions bot removed pending-community-response Issue is pending response from the issue requestor closing soon This issue will be closed in 7 days unless further comments are made. labels Aug 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@harsh62 harsh62

Labels
auth Issues related to the Auth category question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@harsh62 @Elza-Hoff @ruisebas