Auth: Native crypto module could not be used to get secure random number.

[vicenteconejerosdelacruz]

I'm getting
Native crypto module could not be used to get secure random number.

call
Auth.signIn

sample code
let user = await Auth.signIn({username:email, password:password})

Expected behavior
cognitoUser should be returned

Callstack
Native crypto module could not be used to get secure random number.

• node_modules\crypto-js\core.js:45:25 in secureRandom
• node_modules\crypto-js\core.js:337:41 in random
• node_modules\amazon-cognito-identity-js\src\AuthenticationHelper.js:25:50 in randomBytes
• node_modules\amazon-cognito-identity-js\src\AuthenticationHelper.js:104:32 in generateRandomSmallA
• node_modules\amazon-cognito-identity-js\src\AuthenticationHelper.js:64:21 in AuthenticationHelper
• node_modules\amazon-cognito-identity-js\src\CognitoUser.js:405:3 in authenticateUserPlainUsernamePassword
• node_modules\amazon-cognito-identity-js\src\CognitoUser.js:211:53 in authenticateUser
• node_modules@aws-amplify\auth\lib\Auth.js:490:34 in
• node_modules\promise\setimmediate\core.js:45:7 in tryCallTwo
• node_modules\promise\setimmediate\core.js:200:23 in doResolve
• node_modules\promise\setimmediate\core.js:66:12 in Promise
• node_modules@aws-amplify\auth\lib\Auth.js:489:27 in signInWithPassword

• screens\auth\Authentication.js:279:39 in _callee8$
  ...

• Device: Android Emulator

[ts-23]

Also getting this error when calling signIn api inside jest:

    const user = await Auth.signIn(username, pass);

win10

reverted to v1 as a temporary workaround

"@aws-amplify/auth": "^1.3.1",
"@aws-amplify/core": "^1.1.2",

[pouchyRT10]

I'm getting
Native crypto module could not be used to get secure random number.

call
Auth.signIn

sample code
let user = await Auth.signIn({username:email, password:password})

Expected behavior
cognitoUser should be returned

Callstack
Native crypto module could not be used to get secure random number.

• node_modules\crypto-js\core.js:45:25 in secureRandom

• node_modules\crypto-js\core.js:337:41 in random

• node_modules\amazon-cognito-identity-js\src\AuthenticationHelper.js:25:50 in randomBytes

• node_modules\amazon-cognito-identity-js\src\AuthenticationHelper.js:104:32 in generateRandomSmallA

• node_modules\amazon-cognito-identity-js\src\AuthenticationHelper.js:64:21 in AuthenticationHelper

• node_modules\amazon-cognito-identity-js\src\CognitoUser.js:405:3 in authenticateUserPlainUsernamePassword

• node_modules\amazon-cognito-identity-js\src\CognitoUser.js:211:53 in authenticateUser

• node_modules@aws-amplify\auth\lib\Auth.js:490:34 in

• node_modules\promise\setimmediate\core.js:45:7 in tryCallTwo

• node_modules\promise\setimmediate\core.js:200:23 in doResolve

• node_modules\promise\setimmediate\core.js:66:12 in Promise

• node_modules@aws-amplify\auth\lib\Auth.js:489:27 in signInWithPassword

• screens\auth\Authentication.js:279:39 in _callee8$
  ...

• Device: Android Emulator

Getting same error

Also getting this error when calling signIn api inside jest:

    const user = await Auth.signIn(username, pass);

win10

reverted to v1 as a temporary workaround

"@aws-amplify/auth": "^1.3.1",
"@aws-amplify/core": "^1.1.2",

@tommy-dev Thanks for sharing your workaround

[vicenteconejerosdelacruz]

this is due to crypto-js/core.js doing this
30:var crypto = global.crypto;
33:return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3));
I replaced 33 for
return 0.4
and it works. it seems global.crypto is not defined

@tommy-dev
which aws-amplify version you are using? or you are just using auth and core modules?

[ts-23]

@vichoconejeros should be the latest auth and core modules, since I installed them in a fresh project today

    "@aws-amplify/auth":"^2.1.5",
    "@aws-amplify/core": "^2.2.4",

[bkrypt]

I am getting this same error using the CognitoUser.authenticateUser method in the amazon-cognito-identity-js package (v3.2.4).

[CodeforChao]

Get the same error when use CognitoUser.authenticateUser method in the amazon-cognito-identity-js package (v3.2.4)

And I cannot signin and get cognito token any more, is there any work around?

Error: Native crypto module could not be used to get secure random number.
at secureRandom (/srv/node_modules/crypto-js/core.js:45:16)
at Object.random (/srv/node_modules/crypto-js/core.js:337:30)
at randomBytes (/srv/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:48:59)
at AuthenticationHelper.generateRandomSmallA (/srv/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:117:21)
at new AuthenticationHelper (/srv/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:69:29)
at CognitoUser.authenticateUserDefaultAuth (/srv/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:295:32)
at CognitoUser.authenticateUser (/srv/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:268:19)

[bkrypt]

So as @vichoconejeros pointed out. This is a [email protected] issue. A simple workaround for now is to go into your node_modules/amazon-cognito-identity-js/ and yarn add or npm install the fixed version of [email protected].

There is an open issue at crypto-js brix/crypto-js#256

[CharanRoot]

Another easy solution is Add resolution in your package.json remove node module and run npm install

 "resolutions": {
    "crypto-js": "3.1.9-1"
  }

[gyl9196]

Just a reminder. A new crypto-js version 3.2.1. has been released just 2 hours ago. All working on my side.

[mikedizon]

You may need to clear your cache before running install again!

[mdshaner]

Just for others who chance across this, it does appear that the fix with 3.2.1 makes it so that crypto-js isn't usage with ReactNative, however the resolutions solution appear to work at this time.

The error you get when trying to use 3.2.1 with RN/expo

The package at "node_modules/crypto-js/core.js" attempted to import the Node standard library module "crypto". It failed because React Native does not include the Node standard library. Read more at https://docs.expo.io/versions/latest/introduction/faq/#can-i-use-nodejs-packages-with-expo
Failed building JavaScript bundle.

[vicenteconejerosdelacruz]

Another easy solution is Add resolution in your package.json remove node module and run npm install

 "resolutions": {
    "crypto-js": "3.1.9-1"
  }

it works!

[ptrobert]

@mdshaner you are right,"resolutions": {
"crypto-js": "3.1.9-1"
}, is causing

The package at "node_modules/crypto-js/core.js" attempted to import the Node standard library module "crypto". It failed because React Native does not include the Node standard library. Read more at https://docs.expo.io/versions/latest/introduction/faq/#can-i-use-nodejs-packages-with-expo

whats is the solution

[akkisagiraju]

@ptrobert I'm getting the exact same error. Because of it, I'm unable to use Amplify in my expo project.

[zeritte]

crypto-js released 3.3.0 which solves Native crypto module could not be used to get secure random number. and node_modules/crypto-js/core.js" attempted to import the Node standard library module "crypto-js". Please delete node_modules and run npm install again to fix related issues

[ptrobert]

@mdshaner you are right,"resolutions": {
"crypto-js": "3.1.9-1"
}, is causing

The package at "node_modules/crypto-js/core.js" attempted to import the Node standard library module "crypto". It failed because React Native does not include the Node standard library. Read more at https://docs.expo.io/versions/latest/introduction/faq/#can-i-use-nodejs-packages-with-expo

whats is the solution

use this resolution for react native, expo

"resolutions": {
"crypto-js": "3.1.9-1",
"**/crypto-js": "3.1.9-1"
},

[hendrixroa]

Another easy solution is Add resolution in your package.json remove node module and run npm install

 "resolutions": {
    "crypto-js": "3.1.9-1"
  }

This is the solution. you can close this issue

[ericclemmons]

There have been several issues with crypto-js introducing regressions. In fact, 3.3.0 is the same as 3.1.9-1 because of bugs with 3.2.0:

https://github.com/brix/crypto-js#330

3.4.0 is out, but we're only upgrading as required because of stability issues such as these.

Closing since upgrading to the latest versions of Amplify or specifying resolutions unblocks the original bug:

#4886 (comment)

[tqhoughton]

I'm seeing this error again in the latest release of "@aws-amplify/auth": "^3.4.9"

Adding

  "resolutions": {
    "crypto-js": "3.2.1"
  }

to my package.json and removing node_modules and reinstalling doesn't help.

EDIT: forgot I was using NPM instead of Yarn. But it sounds like based on a comment below that this would still happen if I used yarn.

[bidva]

I'm seeing this error again in the latest release of "@aws-amplify/auth": "^3.4.9"

Adding

  "resolutions": {
    "crypto-js": "3.2.1"
  }

to my package.json and removing node_modules and reinstalling doesn't help.

Yeah I was playing around with [email protected] and got this error today. I searched the error and finally got here. I tried resolutions with yarn and even with npm-force-resolutions as npm doesn't support resolutions. it's very frustrating.

[tqhoughton]

Yeah I was playing around with [email protected] and got this error today. I searched the error and finally got here. I tried resolutions with yarn and even with npm-force-resolutions as npm doesn't support resolutions. it's very frustrating.

Dang, I was just about to try changing my package manager to yarn. :(

If it's any help, I'm running a typescript file using ts-node ./createUser.ts and it's throwing this error when signing in a user.

[bidva]

@tqhoughton I just downgraded to 4.5.1 and seems start working again

[tqhoughton]

@bidva do you know what version of @aws-amplify/auth that would correlate to?

[bidva]

@tqhoughton no, sorry but you can try to test decrementally

[tqhoughton]

Downgraded to @aws-amplify/auth version 3.1.0, which reintroduced a global fetch is not defined error, but installing node-fetch seems to have fixed that issue.

[jpignata]

Can you share the call stack of the error you're receiving? And can you also share details of your operating environment? Sounds like @tqhoughton you're running under node - what version?

[amhinson]

@tqhoughton @bidva we just merged a fix that should address the issue you're having in Node. Can you try installing all Amplify packages you are using again with the unstable tag (i.e. yarn add aws-amplify@unstable) for testing? We are planning to do a release early next week to latest that will contain this fix.

You will also need to set the crypto module with: global.crypto = require('crypto'). Be sure to set that before requiring any Amplify library in your code.

[Benzer1406]

I'm running "amazon-cognito-identity-js": "^4.5.2" which uses "crypto-js": "^3.3.0" and get the same error. None of the solutions proposed have worked for me. Even downgrading amazon-cognito-identity-jsto version 4.5.1did not work. Any idea how to resolve the issue?

[amhinson]

@Benzer1406 could you try using the unstable tag with amazon-cognito-identity-js? Also, could you share more about your app? Is it Node? If so, see my comment above regarding setting the crypto module to global.

[Benzer1406]

@amhinson I just tried using the unstable tag with npm install amazon-cognito-identity-js@unstable unfortunately it keeps throwing the same error.

I'm using a serverless.com framework app, that uses the aws-nodejs-typescript template. So it is basically implementing the authentication in a nodejs app that I want to deploy in a serverless architecture (API Gateway, Lambda, ...).

I'm not sure if it's helpful, but I run into the error when invoking the lambda function locally, I haven't deployed the app to AWS yet, but I guess that shouldn't make a difference.

Trying to set crypto to global results in the following error:

[Benzer1406]

@amhinson Thanks for your help. Indeed, I had to install the unstable tag on the project root and the service root folder. And as you pointed out, I had not put that line at the very top of the files that imported amazon-cognito-identity-js. Thank you. Please keep me posted as soon as the final release is out.

[amhinson]

@Benzer1406 ok great! We should be getting a release out in the next day or two.

[tqhoughton]

@tqhoughton @bidva we just merged a fix that should address the issue you're having in Node. Can you try installing all Amplify packages you are using again with the unstable tag (i.e. yarn add aws-amplify@unstable) for testing? We are planning to do a release early next week to latest that will contain this fix.

You will also need to set the crypto module with: global.crypto = require('crypto'). Be sure to set that before requiring any Amplify library in your code.

I tried doing this, and I'm still getting the same error. This is my call stack:

Error: Native crypto module could not be used to get secure random number.
    at cryptoSecureRandomInt (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/utils/cryptoSecureRandomInt.js:43:9)
    at WordArray.random (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/utils/WordArray.js:50:56)
    at randomBytes (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:40:58)
    at AuthenticationHelper.generateRandomSmallA (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:101:21)
    at new AuthenticationHelper (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/AuthenticationHelper.js:56:29)
    at CognitoUser.authenticateUserDefaultAuth (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:264:32)
    at CognitoUser.authenticateUser (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/amazon-cognito-identity-js/lib/CognitoUser.js:237:19)
    at /mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/@aws-amplify/auth/src/Auth.ts:571:9
    at new Promise (<anonymous>)
    at AuthClass.signInWithPassword (/mnt/c/Users/tqhou/OneDrive/Documents/Projects/Century/aws/node_modules/aws-amplify/node_modules/@aws-amplify/auth/src/Auth.ts:570:10)

I'm using node 12.13.1, running on an Ubuntu distribution accessed via bash.exe on my Windows 10 PC.

[amhinson]

@tqhoughton Do you have global.crypto = require('crypto') at the top of your file before any imports?

[tqhoughton]

@tqhoughton Do you have global.crypto = require('crypto') at the top of your file before any imports?

🤦 I did not have that. Looks like it's working now with the unstable build.

Here is my file for those who want to see what I had to add:

// needed to fix amplify signin
global.crypto = require('crypto');
import Auth from '@aws-amplify/auth';
import yargs from 'yargs';
import fs from 'fs';
import path from 'path';

const argv = yargs
  .option('userPoolId', {
    alias: 'u',
    type: 'string',
    description: 'Cognito User Pool Id'
  })
  .option('appClientId', {
    alias: 'a',
    type: 'string',
    description: 'Cognito Web App Client Id'
  })
  .option('email', {
    alias: 'e',
    type: 'string',
    description: 'email address of the user to create'
  })
  .option('password', {
    alias: 'p',
    type: 'string',
    description: 'password of the user to create'
  })
  .option('region', {
    alias: 'r',
    type: 'string',
    description: 'AWS Region to create the user in'
  })
  .option('output', {
    alias: 'o',
    type: 'string',
    default: 'idToken',
    description: 'Where to write the token output to'
  }).argv;

const { userPoolId, appClientId, email, password, region, output } = argv;

Auth.configure({
  userPoolId: userPoolId,
  userPoolWebClientId: appClientId,
  region
});

(async () => {
  const user = await Auth.signIn({ username: email, password: password });
  const idToken = user.signInUserSession.idToken.jwtToken;
  console.log(idToken);
  fs.writeFileSync(path.resolve(__dirname, `../${output}.token`), idToken);
})()
  .catch(error => console.error(error));

[amhinson]

Ok great! Here is an open issue you can track to see when it gets released to latest: #7098

[Zulfin-Skyward]

"amazon-cognito-identity-js": "^4.4.0",
"aws-amplify": "^3.3.7",
"crypto-js": "^3.2.1"

and adding global.crypto = require('crypto') on top of my main.ts worked for me

[arunmishra152]

I was facing this issue when I was working with amazon cognito in nodejs. After so many hit and trial i found the solution, just change the amazon-cognito-identity-js version to :

"amazon-cognito-identity-js": "^4.5.4-unstable.6"

and now it is working for me, hope it will save your time and will work for you all who is facing this issue.

[amhinson]

Update: latest is now up to date with the fix so global.crypto = require('crypto') is not required anymore 👍

[lukas-bunat]

My Auth.SignIn() works fine in my react app however when I want to test it with react-testing-library and Jest, using Auth.SignIn() in the test I am still getting Native crypto module could not be used to get secure random number. error. Does anyone experience the same? What is the solution for this? Thanks!

[StephenA1]

Seem to be having a similar issue when attempting to use amplify from AWS. It keeps failing on the "import { API, graphqlOperation } from "aws-amplify";" line with error "The package at "node_modules/@aws-amplify/auth/node_modules/crypto-js/core.js" attempted to import the Node standard library module "crypto"". I know that the crypto module is deprecated, but I';m not sure why AWS amplify is trying to access it. Any ideas?

[mogarick]

@StephenA1 use the solution proposed by @ptrobert above:
#4886 (comment)
If your are using npm the you need to add this line to your package.json file scripts section in order to make the resolutions work:

"scripts": {
  "preinstall": "npx npm-force-resolutions",
}

[LeJ84]

As @bunatl, signin works well in my react app but when i try to call it in a test file I get this error. Is there some news about it ?

[brockcor]

Using "@aws-sdk/client-cognito-identity-provider": "3.43.0" and "aws-amplify": "4.1.3" and was facing the error: Native crypto module could not be used to get secure random number.

Finally got passed this by adding this to my package.json and then running yarn install:

	"resolutions": {
		"crypto-js": "3.1.9-1",
		"amazon-cognito-identity-js": "4.5.4-unstable.6"
	},