search

aws-amplify / amplify-flutter

A declarative library with an easy-to-use interface for building Flutter applications on AWS.
https://docs.amplify.aws
Apache License 2.0
1.32k stars 247 forks source link

The user is Logged out before the token expired #1828

Closed JakubWijata closed 2 years ago

JakubWijata commented 2 years ago

Description

We using amplify_auth_cognito on the flutter mobile app for authorized users. We configured the token for 1h and refreshToken for 30 days. Recently, we received several reports from users who were logged out before the 30 days expired. We also didn't receive any logs or crashes from these situations. Is there any reason that case occurs? It is important for us that the user is not logged out before 30 days.

Categories

Steps to Reproduce

N/A

Screenshots

N/A

Platforms

Android Device/Emulator API Level

No response

Environment

✓] Flutter (Channel stable, 3.0.1, on macOS 12.3.1 21E258 darwin-x64, locale en-PL)
[✓] Android toolchain - develop for Android devices (Android SDK version 31.0.0-rc3)
[✓] Xcode - develop for iOS and macOS (Xcode 13.4.1)
[✓] Chrome - develop for the web
[✓] Android Studio (version 4.2)
[✓] IntelliJ IDEA Ultimate Edition (version 2021.2)
[✓] VS Code (version 1.67.2)
[✓] Connected device (3 available)
[✓] HTTP Host Availability

Dependencies

Dart SDK 2.17.1
Flutter SDK 3.0.1

dependencies:
- amplify_analytics_pinpoint 0.5.0 [amplify_analytics_pinpoint_android amplify_analytics_pinpoint_ios amplify_analytics_plugin_interface amplify_core flutter plugin_platform_interface]
- amplify_auth_cognito 0.5.0 [amplify_auth_cognito_android amplify_auth_cognito_ios amplify_auth_plugin_interface amplify_core collection flutter plugin_platform_interface]
- amplify_flutter 0.5.0 [amplify_analytics_plugin_interface amplify_api_plugin_interface amplify_auth_plugin_interface amplify_core amplify_datastore_plugin_interface amplify_flutter_android amplify_flutter_ios amplify_storage_plugin_interface collection flutter json_annotation meta plugin_platform_interface]
- amplify_storage_s3 0.5.0 [flutter amplify_storage_plugin_interface plugin_platform_interface amplify_storage_s3_android amplify_storage_s3_ios amplify_core]
- app_settings 4.1.6 [flutter]
- archive 3.1.11 [crypto path]
- async 2.8.2 [collection meta]
- auto_size_text 3.0.0 [flutter]
- bloc_concurrency 0.2.0 [bloc stream_transform]
- cached_network_image 3.2.1 [flutter flutter_cache_manager octo_image cached_network_image_platform_interface cached_network_image_web]
- charts 0.0.1 [json_annotation dotted_line flutter fl_chart freezed_annotation style flutter_utils provider equatable]
- cognitive_tasks 0.2.0 [json_annotation controlled flutter flutter_localizations style rive flutter_svg humanizer auto_size_text]
- collection 1.16.0
- controlled 1.0.0 [provider flutter flutter_localizations]
- cron_parser 0.3.1
- device_info 2.0.3 [flutter device_info_platform_interface]
- dio 4.0.6 [http_parser path]
- dio_cache_interceptor 3.2.7 [dio uuid string_scanner]
- dio_smart_retry 1.2.0 [dio]
- dotted_border 2.0.0+2 [flutter path_drawing]
- equatable 2.0.3 [collection meta]
- event_bus 2.0.0
- firebase_analytics 9.1.8 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter]
- firebase_core 1.17.0 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_crashlytics 2.8.0 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace]
- firebase_messaging 11.4.0 [firebase_core firebase_core_platform_interface firebase_messaging_platform_interface firebase_messaging_web flutter meta]
- firebase_performance 0.8.0+12 [firebase_core firebase_core_platform_interface firebase_performance_platform_interface firebase_performance_web flutter]
- fk_user_agent 2.1.0 [flutter]
- fl_chart 0.45.0 [flutter equatable]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_bloc 8.0.1 [flutter bloc provider]
- flutter_email_sender 5.1.0 [flutter]
- flutter_i18n 0.32.2 [flutter flutter_localizations flutter_web_plugins intl yaml xml2json path toml logging http]
- flutter_inappwebview 5.4.3+7 [flutter]
- flutter_local_notifications 9.5.3+1 [clock flutter flutter_local_notifications_linux flutter_local_notifications_platform_interface timezone]
- flutter_localizations 0.0.0 [flutter intl characters clock collection material_color_utilities meta path vector_math]
- flutter_markdown 0.6.10+1 [flutter markdown meta path]
- flutter_native_timezone 2.0.0 [flutter_web_plugins flutter js]
- flutter_svg 1.0.3 [flutter meta path_drawing vector_math xml]
- flutter_utils 0.1.0 [flutter]
- freezed_annotation 1.1.0 [collection json_annotation meta]
- gauge_indicator 0.2.0 [flutter equatable collection]
- geolocator 8.2.1 [flutter geolocator_platform_interface geolocator_android geolocator_apple geolocator_web geolocator_windows]
- health_kit_reporter 2.0.4 [flutter]
- indicators 0.0.1 [json_annotation flutter freezed_annotation style gauge_indicator provider flutter_svg flutter_utils equatable]
- intl 0.17.0 [clock path]
- json_annotation 4.5.0 [meta]
- jwt_decode 0.3.1
- light 2.1.0 [flutter]
- logger 1.1.0
- objectbox 1.5.0 [collection flat_buffers ffi meta path]
- objectbox_flutter_libs 1.5.0 [objectbox path_provider]
- package_info_plus 1.4.2 [flutter package_info_plus_platform_interface package_info_plus_linux package_info_plus_macos package_info_plus_windows package_info_plus_web]
- path_provider 2.0.10 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows]
- permission_handler 9.2.0 [flutter meta permission_handler_android permission_handler_apple permission_handler_windows permission_handler_platform_interface]
- pin_code_fields 7.4.0 [flutter]
- provider 6.0.3 [collection flutter nested]
- rive 0.9.0 [collection flutter graphs http meta]
- rxdart 0.27.3
- sensors_plus 1.3.2 [flutter sensors_plus_web sensors_plus_platform_interface]
- shake 2.1.0 [sensors_plus flutter]
- sliver_tools 0.2.6 [flutter]
- stack_trace 1.10.0 [path]
- store_redirect 2.0.1 [flutter]
- style 1.0.0 [flutter flutter_localizations charts indicators]
- sync_storage 0.4.6 [flutter hive hive_flutter rxdart objectid]
- tab_indicator_styler 2.0.0 [flutter]
- uni_links 0.5.1 [flutter uni_links_platform_interface uni_links_web]
- url_launcher 6.1.2 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]
- uuid 3.0.6 [crypto]
- validators 3.0.0
- webview_flutter 3.0.4 [flutter webview_flutter_android webview_flutter_platform_interface webview_flutter_wkwebview]
- widgets_library 0.5.0 [flutter]

transitive dependencies:
- amplify_analytics_pinpoint_android 0.5.0 [flutter]
- amplify_analytics_pinpoint_ios 0.5.0 [flutter]
- amplify_analytics_plugin_interface 0.5.0 [amplify_core flutter meta]
- amplify_api_plugin_interface 0.5.0 [amplify_core collection flutter json_annotation meta]
- amplify_auth_cognito_android 0.5.0 [flutter]
- amplify_auth_cognito_ios 0.5.0 [amplify_core flutter]
- amplify_auth_plugin_interface 0.5.0 [amplify_core flutter meta]
- amplify_core 0.5.0 [collection date_time_format flutter meta plugin_platform_interface uuid]
- amplify_datastore_plugin_interface 0.5.0 [flutter meta collection amplify_core]
- amplify_flutter_android 0.5.0 [flutter]
- amplify_flutter_ios 0.5.0 [amplify_core flutter]
- amplify_storage_plugin_interface 0.5.0 [flutter meta amplify_core]
- amplify_storage_s3_android 0.5.0 [flutter]
- amplify_storage_s3_ios 0.5.0 [flutter]
- args 2.3.1
- bloc 8.0.3 [meta]
- cached_network_image_platform_interface 1.0.0 [flutter flutter_cache_manager]
- cached_network_image_web 1.0.1 [flutter flutter_cache_manager cached_network_image_platform_interface]
- characters 1.2.0
- charcode 1.3.1
- clock 1.1.0
- crypto 3.0.1 [collection typed_data]
- date_time_format 2.0.1
- dbus 0.7.3 [args ffi meta xml]
- decimal 1.5.0 [rational]
- device_info_platform_interface 2.0.1 [flutter meta plugin_platform_interface]
- dotted_line 3.1.0 [flutter]
- ffi 1.2.1
- file 6.1.2 [meta path]
- firebase 9.0.3 [http http_parser js]
- firebase_analytics_platform_interface 3.1.6 [firebase_core flutter meta plugin_platform_interface]
- firebase_analytics_web 0.4.0+13 [firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js]
- firebase_core_platform_interface 4.4.0 [collection flutter meta plugin_platform_interface]
- firebase_core_web 1.6.4 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
- firebase_crashlytics_platform_interface 3.2.6 [collection firebase_core flutter meta plugin_platform_interface]
- firebase_messaging_platform_interface 3.5.0 [firebase_core flutter meta plugin_platform_interface]
- firebase_messaging_web 2.4.0 [firebase_core firebase_core_web firebase_messaging_platform_interface flutter flutter_web_plugins js meta]
- firebase_performance_platform_interface 0.1.1+6 [firebase_core flutter plugin_platform_interface]
- firebase_performance_web 0.1.0+12 [firebase firebase_core firebase_core_web firebase_performance_platform_interface flutter flutter_web_plugins js]
- flat_buffers 2.0.5
- flutter_blurhash 0.7.0 [flutter]
- flutter_cache_manager 3.3.0 [clock collection file flutter http path path_provider pedantic rxdart sqflite uuid]
- flutter_local_notifications_linux 0.4.2 [flutter flutter_local_notifications_platform_interface dbus path xdg_directories]
- flutter_local_notifications_platform_interface 5.0.0 [flutter plugin_platform_interface]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- geolocator_android 3.1.8 [flutter geolocator_platform_interface]
- geolocator_apple 2.1.4 [flutter geolocator_platform_interface]
- geolocator_platform_interface 4.0.5 [flutter plugin_platform_interface vector_math meta]
- geolocator_web 2.1.5 [flutter flutter_web_plugins geolocator_platform_interface]
- geolocator_windows 0.1.1 [flutter geolocator_platform_interface]
- graphs 2.1.0 [collection]
- hive 2.2.1 [meta crypto]
- hive_flutter 1.1.0 [flutter hive path_provider path]
- http 0.13.4 [async http_parser meta path]
- http_parser 4.0.1 [collection source_span string_scanner typed_data]
- humanizer 0.0.2 [collection decimal intl meta]
- js 0.6.4
- logging 1.0.2
- markdown 5.0.0 [args charcode meta]
- matcher 0.12.11 [stack_trace]
- material_color_utilities 0.1.4
- meta 1.7.0
- nested 1.0.0 [flutter]
- objectid 2.1.0
- octo_image 1.0.2 [flutter flutter_blurhash]
- package_info_plus_linux 1.0.5 [package_info_plus_platform_interface flutter path]
- package_info_plus_macos 1.3.0 [flutter]
- package_info_plus_platform_interface 1.0.2 [flutter meta plugin_platform_interface]
- package_info_plus_web 1.0.5 [flutter flutter_web_plugins http meta package_info_plus_platform_interface]
- package_info_plus_windows 1.0.5 [package_info_plus_platform_interface ffi flutter win32]
- path 1.8.1
- path_drawing 1.0.0 [vector_math meta path_parsing flutter]
- path_parsing 1.0.0 [vector_math meta]
- path_provider_android 2.0.14 [flutter path_provider_platform_interface]
- path_provider_ios 2.0.9 [flutter path_provider_platform_interface]
- path_provider_linux 2.1.6 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_macos 2.0.6 [flutter path_provider_platform_interface]
- path_provider_platform_interface 2.0.4 [flutter platform plugin_platform_interface]
- path_provider_windows 2.0.6 [ffi flutter path path_provider_platform_interface win32]
- pedantic 1.11.1
- permission_handler_android 9.0.2+1 [flutter permission_handler_platform_interface]
- permission_handler_apple 9.0.4 [flutter permission_handler_platform_interface]
- permission_handler_platform_interface 3.7.0 [flutter meta plugin_platform_interface]
- permission_handler_windows 0.1.0 [flutter permission_handler_platform_interface]
- petitparser 4.4.0 [meta]
- platform 3.1.0
- plugin_platform_interface 2.1.2 [meta]
- process 4.2.4 [file path platform]
- quiver 3.1.0 [matcher]
- rational 1.2.1
- sensors_plus_platform_interface 1.1.0 [flutter meta plugin_platform_interface]
- sensors_plus_web 1.1.0 [flutter sensors_plus_platform_interface flutter_web_plugins]
- sky_engine 0.0.99
- source_span 1.8.2 [collection path term_glyph]
- sqflite 2.0.2+1 [flutter sqflite_common path]
- sqflite_common 2.2.1+1 [synchronized path meta]
- stream_transform 2.0.0
- string_scanner 1.1.0 [charcode source_span]
- synchronized 3.0.0+2
- term_glyph 1.2.0
- timezone 0.8.0 [path]
- toml 0.12.0 [meta petitparser quiver]
- typed_data 1.3.0 [collection]
- uni_links_platform_interface 1.0.0 [flutter plugin_platform_interface]
- uni_links_web 0.1.0 [flutter flutter_web_plugins uni_links_platform_interface]
- url_launcher_android 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_ios 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_linux 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_macos 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_platform_interface 2.0.5 [flutter plugin_platform_interface]
- url_launcher_web 2.0.11 [flutter flutter_web_plugins url_launcher_platform_interface]
- url_launcher_windows 3.0.1 [flutter url_launcher_platform_interface]
- vector_math 2.1.2
- webview_flutter_android 2.8.8 [flutter webview_flutter_platform_interface]
- webview_flutter_platform_interface 1.9.0 [flutter meta plugin_platform_interface]
- webview_flutter_wkwebview 2.7.5 [flutter path webview_flutter_platform_interface]
- win32 2.6.1 [ffi]
- xdg_directories 0.2.0+1 [meta path process]
- xml 5.3.1 [collection meta petitparser]
- xml2json 5.3.2 [xml]
- yaml 3.1.1 [collection source_span string_scanner]

Device

iPhone9, Iphone 9

OS

Version 15.5 (Build 19F77), Version 15.2(Build 19C56)

CLI Version

N/A

Additional Context

No response

haverchuck commented 2 years ago

@JakubWijata

  1. Are you using Cognito Hosted UI, or logging users in via the Amplify.Auth.signIn API?
  2. Do you know if any of your users may have cleared their keychains?
JakubWijata commented 2 years ago

@JakubWijata

  1. Are you using Cognito Hosted UI, or logging users in via the Amplify.Auth.signIn API?
  2. Do you know if any of your users may have cleared their keychains? @haverchuck
  1. Amplify.Auth.signIn
  2. It is unlikely. One user reported that situations a few days a row
JakubWijata commented 2 years ago

@haverchuck Do you have any information or potential causes?

dnys1 commented 2 years ago

Hi @JakubWijata - unfortunately, without logs or reproduction code, it's gonna be very difficult to say for sure. With that being said, I thought of a couple more questions which could help narrow down the issue:

  1. Is this being experienced only by iPhone users because your app is only deployed to iPhones or is it also running on Android devices?
  2. Do you have any of Cognito's advanced security features enabled?
JakubWijata commented 2 years ago

Hi @JakubWijata - unfortunately, without logs or reproduction code, it's gonna be very difficult to say for sure. With that being said, I thought of a couple more questions which could help narrow down the issue:

  1. Is this being experienced only by iPhone users because your app is only deployed to iPhones or is it also running on Android devices?
  2. Do you have any of Cognito's advanced security features enabled?
  1. Also working on Android but I didn't get any report connected with Android (It's not mean problems doesn't exist. That means no android user has submitted a report to my email).
  2. No
dnys1 commented 2 years ago

Thanks for the extra info, @JakubWijata. I will stress again that without logs or reproduction code, it's going to be very difficult to track down a root cause. I'm not aware of any reason why your customers would be experiencing this issue and looking through the iOS and Android GitHub issues provides no additional insights.

That being said, I will try to reproduce the issue with a short refresh token, using the version of Amplify you reported (0.5.0), and let you know what I find.

JakubWijata commented 2 years ago

Thanks for the extra info, @JakubWijata. I will stress again that without logs or reproduction code, it's going to be very difficult to track down a root cause. I'm not aware of any reason why your customers would be experiencing this issue and looking through the iOS and Android GitHub issues provides no additional insights.

That being said, I will try to reproduce the issue with a short refresh token, using the version of Amplify you reported (0.5.0), and let you know what I find.

Do you have any new information?

dnys1 commented 2 years ago

Sorry for the delay. I don't have any updates at the moment. How soon before 30 days are your users being logged out?

JakubWijata commented 2 years ago

Sorry for the delay. I don't have any updates at the moment. How soon before 30 days are your users being logged out?

it was a few days in a row the same situation. So probably the same day as log-in action.

JakubWijata commented 2 years ago

I also find a user submission from the Android platform so it is platform independent.

Jordan-Nelson commented 2 years ago

Hello @JakubWijata - This issue looks similar to https://github.com/aws-amplify/amplify-flutter/issues/1271 and https://github.com/aws-amplify/amplify-flutter/issues/1438. In both cases production logs indicate that sessions were expiring before the expiration time. Would you be able to take a look at those issues and let me know if you believe the issue that you are experiencing is different than these? If you are experiencing the same issue, I would like to close this out and continue to track this in those issues.

Unfortunately we have been unable to reproduce this behavior. We believe it could be the result of a race condition in Amplify-iOS/Amplify-Android, but without the ability to reproduce it is hard to say for sure. That being said, we are actively working on re-writing the Auth library in Dart. The main goal of this re-write is to enable support for Web & Desktop, but we are also implementing a new design using state machines that is intended to solve issues such as race conditions. We think it is likely that this will resolve these issues. The auth re-write is currently in developer preview. You can read more about the developer preview release in the blog post and docs.