[Auth] Amplify cancels sign in if user inputs an incorrect password when using USER_AUTH #3139
Description
Before opening, please confirm:
- I have searched for duplicate or closed issues and discussions.
Language and Async Model
Not applicable
Amplify Categories
Authentication
Gradle script dependencies
Amplify 2.30.0
Environment information
n/a
Please include any relevant guides or documentation you're referencing
No response
Describe the bug
If the application is configured to use the USER_AUTH authentication flow, when user inputs an incorrect password the state machine cancels the sign in. This results in a subsequent attempt to correct the password failing with an InvalidStateException, and instead the application must go back to the start of the process to resubmit the username.
This makes sense in a classic Srp sign in where inputting the password is the first thing that happens, but not in a USER_AUTH sign in where the password entry comes midway through the flow.
If the user has multiple auth factors available this requires either a very bad user experience or a messy workaround on the part of the application developer to somehow repeat the same steps in the background.
Amplify should instead keep the sign in alive so that user can attempt to correct the password and continue with the flow.
Reproduction steps (if applicable)
No response
Code Snippet
// Put your code below this line.
Log output
// Put your logs below this line
Configuration File
No response
GraphQL Schema
// Put your schema below this line
Additional information and screenshots
No response