Amplify passwordless create auth challenge triggers twice (send two emails with login code)

[ChloeH88]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

REST API

Amplify Categories

No response

Environment information

System:
    OS: macOS 13.2.1
    CPU: (8) x64 Intel(R) Core(TM) i5-1030NG7 CPU @ 1.10GHz
    Memory: 30.94 MB / 8.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 20.1.0 - /usr/local/bin/node
    npm: 9.6.4 - /usr/local/bin/npm
  Browsers:
    Chrome: 120.0.6099.71
    Safari: 16.3
  npmPackages:
    @aws-amplify/ui-react: ^5.3.1 => 5.3.1 
    @aws-amplify/ui-react-internal:  undefined ()
    @emotion/react: ^11.11.1 => 11.11.1 
    @mantine/core: ^6.0.17 => 6.0.17 
    @mantine/hooks: ^6.0.17 => 6.0.17 
    @tabler/icons-react: ^2.29.0 => 2.29.0 
    @types/react: ^18.2.14 => 18.2.15 
    @types/react-dom: ^18.2.6 => 18.2.7 
    @vitejs/plugin-react: ^4.0.1 => 4.0.3 
    apexcharts: ^3.44.0 => 3.44.0 
    aws-amplify: ^5.3.11 => 5.3.11 
    axios: ^1.4.0 => 1.4.0 (0.26.0)
    chance: ^1.1.11 => 1.1.11 
    cors: ^2.8.5 => 2.8.5 
    decimal.js: ^10.4.3 => 10.4.3 
    dotenv: ^16.3.1 => 16.3.1 
    eslint: ^8.44.0 => 8.45.0 
    eslint-plugin-react: ^7.32.2 => 7.32.2 
    eslint-plugin-react-hooks: ^4.6.0 => 4.6.0 
    eslint-plugin-react-refresh: ^0.4.1 => 0.4.3 
    knex: ^3.0.1 => 3.0.1 
    react: ^18.2.0 => 18.2.0 
    react-apexcharts: ^1.4.1 => 1.4.1 
    react-dom: ^18.2.0 => 18.2.0 
    react-router-dom: ^6.14.2 => 6.14.2 
    react-spinners: ^0.13.8 => 0.13.8 
    reactjs-popup: ^2.0.6 => 2.0.6 
    sass: ^1.64.1 => 1.64.1 
    vite: ^4.4.0 => 4.4.4 
  npmGlobalPackages:
    @angular/cli: 16.0.0
    @aws-amplify/cli: 12.7.0
    corepack: 0.17.2
    libgen-downloader: 1.3.8
    n: 9.1.0
    npm: 9.6.4

Describe the bug

I followed the createAuthChallenge code here: https://github.com/theburningmonk/passwordless-otp-cognito-demo/blob/main/functions/create-auth-challenge.js to set up my custom login flow with sending login code to user email. This is pretty much the same as this aws documentation .

Upon amplify signIn, most users got only one email when login. But one user, no matter code or warm start, got two emails with different codes, meaning createAuthChallenge was triggered twice. All other users with same email domain have no such issues.

I checked previous closed issue #4805 , but since my issue happens no matter cold or warm start, and it's specific to one user, I decided to open a new issue.

Expected behavior

Upon clicking amplify signIn, each user receives one email/code.

Reproduction steps

Call Auth.signup() with link to the code. But since this issue is specific to one email address, it's hard to reproduce.

First lambda instance:

It triggers another lambda instance:

Code Snippet

const AWS = require('aws-sdk');
const _ = require('lodash')
const Chance = require('chance')
const chance = new Chance()
const MAX_ATTEMPTS = process.env.MAX_ATTEMPTS

module.exports.handler = async (event) => {
...
}

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[israx]

Hello @ChloeH88. Sorry to hear you are experiencing issues. Can you share what is the network request after calling to Auth.signIn ? If you can see there is only one request to InitiateAuth, it means the issue is related with the lambda configuration.

[ChloeH88]

Thanks @israx . The user checked, there were 2 requests to InitiateAuth. This explains the two emails, but what could be the source of this issue? User was using safari but safari works fine when we were testing.

[israx]

Is this happening to one end-user that is using Safari ? Are you able to reproduce this in different browsers ? Wondering if different Safari versions would behave different.

[cwomack]

@ChloeH88, are you still experiencing this issue? If so, is this reproducible in different browsers?

[cwomack]

Closing this issue as we have not heard back from you. If you are still experiencing this, please feel free to reply back and provide any information previously requested and we'd be happy to re-open the issue.

Thank you!

[ChloeH88]

Apologize for the late reply. I was on a vacation.

This only happens to one user using Safari, but we didn't get any response from that user for trying other browsers. So anayways, I'll reach out if the issue happens again.