search

aws-amplify / amplify-android

The fastest and easiest way to use AWS from your Android app.
https://docs.amplify.aws/lib/q/platform/android/
Apache License 2.0
237 stars 111 forks source link

Changing Amplify version from 1.x-2.x breaks the existing token #2672

Closed RolandMostoha closed 4 months ago

RolandMostoha commented 6 months ago

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

Authentication, Storage

Gradle script dependencies

```groovy def awsVersion = '2.14.5' implementation "com.amplifyframework:core:$awsVersion" implementation "com.amplifyframework:aws-storage-s3:$awsVersion" implementation "com.amplifyframework:aws-auth-cognito:$awsVersion" coreLibraryDesugaring 'com.android.tools:desugar_jdk_libs:2.0.4' ```

Environment information

``` ------------------------------------------------------------ Gradle 8.0 ------------------------------------------------------------ Build time: 2023-02-13 13:15:21 UTC Revision: 62ab9b7c7f884426cf79fbedcf07658b2dbe9e97 Kotlin: 1.8.10 Groovy: 3.0.13 Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021 JVM: 17.0.6 (JetBrains s.r.o. 17.0.6+0-17.0.6b829.9-10027231) OS: Mac OS X 14.1.1 aarch64 ```

Please include any relevant guides or documentation you're referencing

When I refer to guest mode, i mean the Cognito guest/unauth/anonymous method without user/password. https://docs.aws.amazon.com/location/latest/developerguide/authenticating-using-cognito.html

Describe the bug

Upgrading my app from 1.x Amplify version to 2.x, the originally stored token expires and cannot be used afterwards. Only clear cache solves the issue.

  1. Have an Android app using 1.x Amplify library version (mine is 1.37.6)
  2. Use guest mode authentication with Cognito + S3
  3. Have a valid guest user session so the app stores the auth data - session, token
  4. Upgrade to 2.x Amplify dependency version (mine is 2.14.5)
  5. Try download any file from S3 -- I expect an auto token refresh if expired at this point

Result: S3Exception: The provided token has expired.

I'm hopeless in this situation, because the S3 download request does not refresh the token automatically and I cannot force refresh it with guest auth, because sign out->in is not possible in guest mode. I don't understand how the app is stuck in this state, I assumed token management is happening in the background automatically, especially for guest mode where we cannot control authentication.

The only thing which works if I clear app data and init Amplify from scratch. My app is in production so it is very unfortunate that I have to ask people to clear cache/reinstall the app to fix this issue.

Any help would be appreciated how can I initiate re-login in guest auth, force refresh or reset session token.

Reproduction steps (if applicable)

  1. Have an Android app using 1.x Amplify library version (mine is 1.37.6)
  2. Use guest mode authentication with Cognito + S3
  3. Have a valid guest user session so the app stores the auth data - session, token
  4. Upgrade to 2.x Amplify version (mine is 2.14.5)
  5. Try download a file from S3
  6. S3Exception: The provided token has expired.

Code Snippet

Amplify.addPlugin(AndroidLoggingPlugin(LogLevel.DEBUG))
Amplify.addPlugin(AWSCognitoAuthPlugin())
Amplify.addPlugin(AWSS3StoragePlugin())
Amplify.configure(applicationContext)

Amplify.Auth.fetchAuthSession(
           AuthFetchSessionOptions.defaults(),
           { result -> // User is in guest mode },
           { error -> }
)

Amplify.Storage.downloadFile("KEY", ..., ...)

The auth sessions result:

AuthSessionResult{
    value=AWSTemporaryCredentials(
    accessKeyId=KEY_ID,
    secretAccessKey=KEY,
    sessionToken=TOKEN,
    expiration=+55715-12-10T22:40:00Z),
    error=null,
    type=SUCCESS
}

Log output

``` // Put your logs below this line ```

amplifyconfiguration.json

No response

GraphQL Schema

```graphql // Put your schema below this line ```

Additional information and screenshots

No response

gpanshu commented 6 months ago

" because sign out->in is not possible in guest mode" You can absolutely sign out in guest mode which will clear out all tokens. Please try that and try again.

RolandMostoha commented 6 months ago

Thanks, I could force refresh the token by:

Amplify.Auth.fetchAuthSession(
            AuthFetchSessionOptions.builder()
                .forceRefresh(true)
                .build(),
            {},
            {},
)

Do you have any idea why the token expiration is happening on migration?

ankpshah commented 5 months ago

Hello @RolandMostoha, can you post your aws dependencies you are using in the app?

tylerjroach commented 4 months ago

@RolandMostoha, if you are still having issues, please provide the answer to @ankpshah's question. Our suspicion is that an AWS Android SDK library still may be in use. Amplify v2 and the AWS Android SDK are not compatible with each other and will cause token clearing issues.

RolandMostoha commented 4 months ago

Thanks, I could force refresh the token by:

Amplify.Auth.fetchAuthSession(
            AuthFetchSessionOptions.builder()
                .forceRefresh(true)
                .build(),
            {},
            {},
)

Do you have any idea why the token expiration is happening on migration?

This solved my issue, but I still think this is a workaround and the migration from 1.x -> 2.x broke the token and SDK got into a state where no matter what you do, the provided token expires error occurring for every SDK api call. From my side the issue can be closed.

github-actions[bot] commented 4 months ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.