fix(auth): Remove static deviceMetaData in auth flow (#2694)

Author: royjit

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/DeviceSRPAuth/InitiateAuthDeviceSRP.swift

@@ -39,7 +39,6 @@ struct InitiateAuthDeviceSRP: Action {
                 NHexValue: nHexValue,
                 gHexValue: gHexValue,
                 srpKeyPair: srpKeyPair,
-                deviceMetadata: deviceMetadata,
                 clientTimestamp: Date())
 
             let request = RespondToAuthChallengeInput.deviceSRP(

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/DeviceSRPAuth/VerifyDevicePasswordSRP.swift

@@ -33,12 +33,15 @@ struct VerifyDevicePasswordSRP: Action {
             let secretBlock = try secretBlock(secretBlockString)
             let serverPublicB = try serverPublic(parameters)
 
-            guard case .metadata(let deviceData) = stateData.deviceMetadata else {
+            let deviceMetadata = await DeviceMetadataHelper.getDeviceMetadata(
+                for: username,
+                with: environment)
+            guard
+                case .metadata(let deviceData) = deviceMetadata
+            else {
                 let authError = SignInError.service(error: SRPError.calculation)
                 logVerbose("\(#fileID) DevciceSRPSignInError \(authError)", environment: environment)
-                let event = SignInEvent(
-                    eventType: .throwPasswordVerifierError(authError)
-                )
+                let event = SignInEvent(eventType: .throwPasswordVerifierError(authError))
                 await dispatcher.send(event)
                 return
             }
@@ -58,6 +61,7 @@ struct VerifyDevicePasswordSRP: Action {
                 session: authResponse.session,
                 secretBlock: secretBlockString,
                 signature: signature,
+                deviceMetadata: deviceMetadata,
                 environment: userPoolEnv)
 
             let responseEvent = try await UserPoolSignInHelper.sendRespondToAuth(

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/SRPAuth/InitiateAuthSRP.swift

@@ -50,7 +50,6 @@ struct InitiateAuthSRP: Action {
                 NHexValue: nHexValue,
                 gHexValue: gHexValue,
                 srpKeyPair: srpKeyPair,
-                deviceMetadata: deviceMetadata,
                 clientTimestamp: Date())
 
             let asfDeviceId = try await CognitoUserPoolASF.asfDeviceID(

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/SRPAuth/VerifyPasswordSRP.swift

@@ -41,6 +41,9 @@ struct VerifyPasswordSRP: Action {
             let secretBlock = try secretBlock(secretBlockString)
             let serverPublicB = try serverPublic(parameters)
 
+            let deviceMetadata = await DeviceMetadataHelper.getDeviceMetadata(
+                for: username,
+                with: environment)
             let signature = try signature(userIdForSRP: userIdForSRP,
                                           saltHex: saltHex,
                                           secretBlock: secretBlock,
@@ -53,6 +56,7 @@ struct VerifyPasswordSRP: Action {
                 session: authResponse.session,
                 secretBlock: secretBlockString,
                 signature: signature,
+                deviceMetadata: deviceMetadata,
                 environment: userPoolEnv)
             let responseEvent = try await UserPoolSignInHelper.sendRespondToAuth(
                 request: request,

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/StateMachine/CodeGen/Data/SRPStateData.swift

@@ -13,7 +13,6 @@ struct SRPStateData {
     let NHexValue: String
     let gHexValue: String
     let srpKeyPair: SRPKeys
-    let deviceMetadata: DeviceMetadata
     let clientTimestamp: Date
 
     init(
@@ -22,15 +21,13 @@ struct SRPStateData {
         NHexValue: String,
         gHexValue: String,
         srpKeyPair: SRPKeys,
-        deviceMetadata: DeviceMetadata,
         clientTimestamp: Date
     ) {
         self.username = username
         self.password = password
         self.NHexValue = NHexValue
         self.gHexValue = gHexValue
         self.srpKeyPair = srpKeyPair
-        self.deviceMetadata = deviceMetadata
         self.clientTimestamp = clientTimestamp
     }
 
@@ -47,13 +44,12 @@ extension SRPStateData: CustomDebugDictionaryConvertible {
         [
             "username": username.masked(),
             "password": password.redacted(),
-            "NHexValue": NHexValue,
-            "gHexValue": gHexValue,
+            "NHexValue": NHexValue.masked(),
+            "gHexValue": gHexValue.masked(),
             "srpKeyPair": """
-                <privateKey \(srpKeyPair.privateKeyHexValue)>, \
-                <publicKey \(srpKeyPair.publicKeyHexValue)>
+                <privateKey \(srpKeyPair.privateKeyHexValue.masked())>, \
+                <publicKey \(srpKeyPair.publicKeyHexValue.masked())>
                 """,
-            "deviceMetadata": deviceMetadata,
             "clientTimestamp": clientTimestamp
         ]
     }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Support/Utils/RespondToAuthChallengeInput+Amplify.swift

@@ -15,6 +15,7 @@ extension RespondToAuthChallengeInput {
                                  session: String?,
                                  secretBlock: String,
                                  signature: String,
+                                 deviceMetadata: DeviceMetadata,
                                  environment: UserPoolEnvironment) -> RespondToAuthChallengeInput {
         let dateStr = stateData.clientTimestamp.utcString
         let challengeResponses = [
@@ -28,7 +29,7 @@ extension RespondToAuthChallengeInput {
             challengeResponses: challengeResponses,
             session: session,
             clientMetadata: [:],
-            deviceMetadata: stateData.deviceMetadata,
+            deviceMetadata: deviceMetadata,
             environment: environment)
     }
 
@@ -56,6 +57,7 @@ extension RespondToAuthChallengeInput {
                                        session: String?,
                                        secretBlock: String,
                                        signature: String,
+                                       deviceMetadata: DeviceMetadata,
                                        environment: UserPoolEnvironment)
     -> RespondToAuthChallengeInput {
         let dateStr = stateData.clientTimestamp.utcString
@@ -70,7 +72,7 @@ extension RespondToAuthChallengeInput {
             challengeResponses: challengeResponses,
             session: session,
             clientMetadata: [:],
-            deviceMetadata: stateData.deviceMetadata,
+            deviceMetadata: deviceMetadata,
             environment: environment)
     }
 

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/ResolverTests/SRPSignInState/SRPTestData.swift

@@ -19,7 +19,6 @@ extension SRPStateData {
         NHexValue: "",
         gHexValue: "",
         srpKeyPair: SRPKeys(publicKeyHexValue: "", privateKeyHexValue: ""),
-        deviceMetadata: .noData,
         clientTimestamp: Date()
     )
 }
@@ -171,7 +170,6 @@ extension SRPStateData {
                 "98bab9079c01ab6acd0e75518d0cda640b9a1f011c9a7cefab68b6ddce666c874659" +
                 "8a502c0e6adef0722bac",
             privateKeyHexValue: "c142c2d2471fd53bca99c2fdec84e522adec8ee2dcda0d9fff9dbea52ac4a65f"),
-        deviceMetadata: .noData,
         clientTimestamp: Date(timeIntervalSinceReferenceDate: 656_187_908.969623)
     )
 }