search

aws-amplify / amplify-android

The fastest and easiest way to use AWS from your Android app.
https://docs.amplify.aws/lib/q/platform/android/
Apache License 2.0
247 stars 117 forks source link

Timed out sign-out redirect response while trying to log out #1990

Closed PineapplePie closed 1 year ago

PineapplePie commented 2 years ago

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

```groovy // Put output below this line implementation 'com.amplifyframework:aws-auth-cognito:1.31.2' ```

Environment information

``` # Put output below this line ------------------------------------------------------------ Gradle 7.4.2 ------------------------------------------------------------ Build time: 2022-03-31 15:25:29 UTC Revision: 540473b8118064efcc264694cbcaa4b677f61041 Kotlin: 1.5.31 Groovy: 3.0.9 Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021 JVM: 15.0.1 (Oracle Corporation 15.0.1+9-18) OS: Mac OS X 10.16 x86_64 ```

Please include any relevant guides or documentation you're referencing

No response

Describe the bug

Hey! We've been facing an issue with a timed out redirect response quite a long time (and it's present not only in this version). We've got Hosted UI for the social sign in, and when we're trying to log out from the app, we're getting this error:

AuthException{message=Failed to sign out, cause=com.amazonaws.mobileconnectors.cognitoauth.exceptions.AuthServiceException: Timed out while waiting for sign-out redirect response., recoverySuggestion=See attached exception for more details}
                                                                                                        at com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin$21.onError(AWSCognitoAuthPlugin.java:1158)
                                                                                                        at com.amazonaws.mobile.client.internal.ReturningRunnable$1.run(ReturningRunnable.java:47)
                                                                                                        at java.lang.Thread.run(Thread.java:1012)
                                                                                                    Caused by: com.amazonaws.mobileconnectors.cognitoauth.exceptions.AuthServiceException: Timed out while waiting for sign-out redirect response.
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.AuthClient.endSession(AuthClient.java:358)
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.AuthClient.signOut(AuthClient.java:333)
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.AuthClient.signOut(AuthClient.java:317)
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.Auth.signOut(Auth.java:718)

It applies to 30-50% of all sessions, and we're getting an annoying blink of a browser. Recently we started developing a logging out functionality for the blocked users and it occurs all the time for all sessions, so it became more crucial. So we're getting Unathorized:

NotAuthorizedException{message=Failed since user is not authorized., cause=com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException: User is disabled.

Then it seems like Cognito tries to open CustomTabsManagerActivity:

START u0 {flg=0x50000000 cmp=com.xxxx/com.amazonaws.mobileconnectors.cognitoauth.activities.CustomTabsManagerActivity (has extras)} from uid 10161

And after 10 seconds it just fails with the exception:

AuthException{message=Failed to sign out, cause=com.amazonaws.mobileconnectors.cognitoauth.exceptions.AuthServiceException: Timed out while waiting for sign-out redirect response.

What I've tried so far: 1) Remove a part with <activity android:name="com.amplifyframework.auth.cognito.activities.HostedUIRedirectActivity" android:exported="true">. Everything works great in terms of log out, no issues or timeouts, but SSO redirects obviously don't work at all also, so it's not a suitable option :D 2) Change 'Allowed sign-out URLs' in console to "[name_of_my_app]://signout" and assign it to a separate activity as it described here - https://docs.amplify.aws/lib/auth/social/q/platform/android/#update-androidmanifestxml. Currently we have the same URL for Allowed callback URLs and Allowed sign-out URLs in the console, so I thought that maybe creating a new one and assigning to a separate, not CustomTabsManagerActivity, activity would work. Nothing changed, timeouts are still with us.

It seems like it log outs normally, so it's rather the issue with the redirect. But there is no problem with the redirect from SSO, while they have the same URL... Console is configured, Amplify configuration file is present and it has the same links as in the console, so I'm pretty sure that I didn't miss something.

So what can I do with it?

Reproduction steps (if applicable)

No response

Code Snippet

Manifest file:

<queries>
        <intent>
            <action android:name=
                "android.support.customtabs.action.CustomTabsService" />
        </intent>
    </queries>

<activity
            android:name="com.amplifyframework.auth.cognito.activities.HostedUIRedirectActivity"
            android:exported="true">
            <intent-filter>
                <action android:name="android.intent.action.VIEW" />
                <category android:name="android.intent.category.DEFAULT" />
                <category android:name="android.intent.category.BROWSABLE" />
                <data android:scheme="@string/app_callback_scheme" />
            </intent-filter>
        </activity>

Log output

``` // Put your logs below this line ```

amplifyconfiguration.json

No response

GraphQL Schema

```graphql // Put your schema below this line ```

Additional information and screenshots

No response

zeroarst commented 2 years ago

I am having the same issue... is there any workdaround to sign out user for now?

PineapplePie commented 2 years ago

@zeroarst not from my side...

Any updates on this?

zeroarst commented 2 years ago

My issue is I didn't setup the Activity to handle the callback. https://docs.amplify.aws/lib/auth/signin_web_ui/q/platform/android/#update-androidmanifestxml

If you look at the source code of HostedUIRedirectActivity. It just calles Amplify.Auth.handleWebUISignInResponse(getIntent()). Which means you could setup deep link or android link to your activity and in onNewintent, just call the same method.

PineapplePie commented 2 years ago

@zeroarst hmm, I mentioned that in the second part of this bug report:

  1. Change 'Allowed sign-out URLs' in console to "[name_of_my_app]://signout" and assign it to a separate activity as it described here - https://docs.amplify.aws/lib/auth/social/q/platform/android/#update-androidmanifestxml. Currently we have the same URL for Allowed callback URLs and Allowed sign-out URLs in the console, so I thought that maybe creating a new one and assigning to a separate, not CustomTabsManagerActivity, activity would work. Nothing changed, timeouts are still with us.

It didn't help me with the time out. The timeout was still there with a blink of a webview and annoying exception in the logcat :(

gpanshu commented 2 years ago

Hi @PineapplePie thank you for posting this issue. I will be in touch once I have been to reproduce this. Thank you.

tylerjroach commented 2 years ago

Hi @PineapplePie.

@zeroarst is correct, that Amplify.Auth.handleWebUISignInResponse(getIntent()) needs to be called inside the custom sign out redirect activity to inform Amplify of the successful redirect. This is a documentation miss that we will update. If the handleWebUISignInResponse is not fired within 10 seconds, it will cause the time out.

As far as seeing the CustomTab "flash" (quick open and close of the CustomTab), this is expected. Part of the hosted ui sign out is to to clear Cognito cookie session on the browser. The only way to clear the session is to launch the CustomTab. Once the request is complete in the CustomTab, the redirect brings the user back into the application. The handleWebUISignInResponse tells Amplify to continue with the sign out process, which will involve revoking the refreshToken and clearing credentials from the device.

PineapplePie commented 2 years ago

@tylerjroach hi, a huge thanks for the update! Let me confirm my next steps then to be sure I haven't missed something. I need to add this part from the documentation and set there my own activity:

<activity android:name=".LogoutActivity" android:exported="true">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="myapp" android:host="signout" />
    </intent-filter>
</activity>

Then I should fire theAmplify.Auth.signOut()call from any place in the app, it will proceed with the deeplink to my logout activity and inside the activity I should put Amplify.Auth.handleWebUISignInResponse(intent) in onNewIntent() or/and onCreate() and it will resolve the whole time out issue (except for the flash bc it's an intended one)?

tylerjroach commented 2 years ago

Hi @PineapplePie,

I would go a step further and say it would be best to use our built in HostedUIRedirectActivity to handle the entire sign-in and sign-out flow. It is build to encapsulate the whole process, so that you only have to handle the onSuccess/onError callbacks. HostedUIRedirectActivity is completely transparent to the user.

After discussions with the team, we will be removing the section suggesting a custom redirect activity (ex: LogoutActivity).

PineapplePie commented 2 years ago

@tylerjroach then I'm definitely missing something :c What's wrong with my implementation? I was trying to use the default SDK activity as it's intended, but ended up with time outs. Should be there something else besides the mentioned activity in the manifest file and handling callbacks from the Amplify.Auth.signOut() call that I'm not aware of?

tylerjroach commented 1 year ago

When you are seeing the timeouts, are you seeing the CustomTab flash open and close? I would only expect a timeout in that scenario if the CustomTab was hanging and not successfully redirecting? Could you post another log?

PineapplePie commented 1 year ago

@tylerjroach the flash/blink appears only after 10 seconds timeout. So I'm calling signOut(), assuming that everything else will be processed by HostedRedirect activity with my app's scheme, but actually I'm stuck at my activity with seeing it for 10 seconds. Then I see the blink, exception in the logs and I can proceed to sign in again.

2022-11-09 17:21:16.500 15729-16239 AWSMobileClient         com.my.package             D  hasFederatedToken: false provider: ...
2022-11-09 17:21:16.504 15729-16242 cognito                 com.my.package            V  CognitoMobileClient - isSignedIn=true
2022-11-09 17:21:16.521   591-2230  ActivityTaskManager     system_process                       I  START u0 {flg=0x50000000 cmp=com.my.package/com.amazonaws.mobileconnectors.cognitoauth.activities.CustomTabsManagerActivity (has extras)} from uid 10162
2022-11-09 17:21:26.547 15729-16243 cognito                 com.my.package             W  AuthException{message=Failed to sign out, cause=com.amazonaws.mobileconnectors.cognitoauth.exceptions.AuthServiceException: Timed out while waiting for sign-out redirect response., recoverySuggestion=See attached exception for more details}
                                                                                                        at com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin$21.onError(AWSCognitoAuthPlugin.java:1158)
                                                                                                        at com.amazonaws.mobile.client.internal.ReturningRunnable$1.run(ReturningRunnable.java:47)
                                                                                                        at java.lang.Thread.run(Thread.java:1012)
                                                                                                    Caused by: com.amazonaws.mobileconnectors.cognitoauth.exceptions.AuthServiceException: Timed out while waiting for sign-out redirect response.
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.AuthClient.endSession(AuthClient.java:358)
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.AuthClient.signOut(AuthClient.java:333)
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.AuthClient.signOut(AuthClient.java:317)
                                                                                                        at com.amazonaws.mobileconnectors.cognitoauth.Auth.signOut(Auth.java:718)
                                                                                                        at com.amazonaws.mobile.client.AWSMobileClient$9.run(AWSMobileClient.java:1641)
                                                                                                        at com.amazonaws.mobile.client.AWSMobileClient$9.run(AWSMobileClient.java:1624)
                                                                                                        at com.amazonaws.mobile.client.internal.ReturningRunnable$1.run(ReturningRunnable.java:44)
                                                                                                        at java.lang.Thread.run(Thread.java:1012) 
2022-11-09 17:21:26.614   591-2340  ActivityTaskManager     system_process                       I  START u0 {act=android.intent.action.VIEW dat=https://dev-....auth.us-east-1.amazoncognito.com/... pkg=com.android.chrome cmp=com.android.chrome/com.google.android.apps.chrome.IntentDispatcher (has extras)} from uid 10162
2022-11-09 17:21:26.614   591-2340  ActivityTaskManager     system_process                       W  startActivity called from finishing ActivityRecord{5963e2a u0 com.my.package/com.amazonaws.mobileconnectors.cognitoauth.activities.CustomTabsManagerActivity} t211 f}}; forcing Intent.FLAG_ACTIVITY_NEW_TASK for: Intent { act=android.intent.action.VIEW dat=https://dev-....auth.us-east-1.amazoncognito.com/... flg=0x800000 pkg=com.android.chrome cmp=com.android.chrome/com.google.android.apps.chrome.IntentDispatcher (has extras) }
2022-11-09 17:21:26.625   591-2341  CoreBackPreview         system_process                       D  Window{15545cd u0 com.my.package/com.amazonaws.mobileconnectors.cognitoauth.activities.CustomTabsManagerActivity}: Setting back callback OnBackInvokedCallbackInfo{mCallback=android.window.IOnBackInvokedCallback$Stub$Proxy@18d0993, mPriority=0}
2022-11-09 17:21:26.674   591-2338  ActivityTaskManager     system_process                       I  START u0 {act=android.intent.action.VIEW dat=https://dev-....auth.us-east-1.amazoncognito.com/... flg=0x18080000 pkg=com.android.chrome cmp=com.android.chrome/org.chromium.chrome.browser.customtabs.CustomTabActivity (has extras)} from uid 10119
2022-11-09 17:21:26.748 15729-15729 cognito-social          com.my.package             I  BaseSsoActivity - on create
tylerjroach commented 1 year ago

@PineapplePie Can you describe the flash/blink you are seeing?

What I describe as a flash on the screen is a rapid creation and destruction of the CustomTab immediately after initiating the signOutcall. This indicates the sign out successfully completed on the browser, and redirected back into the activity to continue the rest of the sign out flow.

We have a similar report where signOut timeouts were occurring due to the CustomTab not automatically closing. I've verified this as a potential bug with Firefox and will continue to look into this.

However, we just released v2 of Amplify Library for Android. Web authentication has been rewritten with significant changes, and I do not see the buggy behavior with our updated library. If upgrading is an option for you, please let me know if the issue is resolved with v2.0.0.

PineapplePie commented 1 year ago

@tylerjroach, hey!

What I describe as a flash on the screen is a rapid creation and destruction of the CustomTab immediately after initiating the signOutcall. This indicates the sign out successfully completed on the browser, and redirected back into the activity to continue the rest of the sign out flow.

Yes, I'm talking about the same thing.

However, we just released v2 of Amplify Library for Android. Web authentication has been rewritten with significant changes, and I do not see the buggy behavior with our updated library. If upgrading is an option for you, please let me know if the issue is resolved with v2.0.0.

Thanks for the update and answers! Let me try to use it and I'll be back with the results on this particular issue once I migrate the library version.

PineapplePie commented 1 year ago

@tylerjroach hey! I've migrated the project to v2 and now it works awesome! 🥇 No timeouts for usual sign outs and for blocked/removed users as well, so I can confirm your words about not buggy behaviour! Thank you so much for the updates and support in this issue :)

github-actions[bot] commented 1 year ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.