I am trying to call Confirm Device API but getting this error: Negate value passed for salt and Password verifier and as this both are optional so after removing these params from confirm device API I am getting error of "Invalid device key given"
First I am calling below API
new InitiateAuthCommand({
AuthFlow: "USER_SRP_AUTH",
ClientId: clientId,
AuthParameters: {
USERNAME: email,
SRP_A: A,
},
})
second:
const respondToChallengeResponse = await cognitoClient.send(
new RespondToAuthChallengeCommand({
ClientId: clientId,
ChallengeName: "PASSWORD_VERIFIER",
ChallengeResponses: {
PASSWORD_CLAIM_SIGNATURE: signatureString,
PASSWORD_CLAIM_SECRET_BLOCK: SECRET_BLOCK,
TIMESTAMP: dateNow,
USERNAME: USER_ID_FOR_SRP,
},
})
);
third for Verify MFA Code and getting access token
new RespondToAuthChallengeCommand({
ChallengeName: "SOFTWARE_TOKEN_MFA",
ClientId: clientId,
ChallengeResponses: {
USERNAME: email,
SOFTWARE_TOKEN_MFA_CODE: mfaCode,
},
Session: session,
UserContextData: {
IpAddress: "192.168.1.168",
},
});
after this API I am calling::
const confirmDeviceCommand = await cognitoClient.send(
new ConfirmDeviceCommand({
AccessToken: accessToken,
DeviceKey: devicekey,
DeviceName: "AndroidA",
DeviceSecretVerifierConfig: {
PasswordVerifier: passwordResult,
Salt: salt
},
})
);
for Salt generation, I am using
const salt = crypto.randomBytes(16);
for password verifier:
function derivePasswordVerifier(devicekey, salt) {
const iterations = 10000;
const keylen = 64;
const hashAlgorithm = "sha256";
return crypto.pbkdf2Sync(devicekey, salt, iterations, keylen, hashAlgorithm).toString("base64");
}
Please guide me what wrong with this process.
AWS OFFICIALUpdated a year ago
