Upload unauthorized error

[filippomenchini]

Description

Hi! I'm experiencing some problems while uploading files to my bucket.

My users usually login the first time they open the app, then I use

Amplify.Auth.fetchAuthSession();

to autologin them everytime they open the app.

The problem arises when a user that has been logged in for more than 30 days tries to upload an object to S3. To be able to upload the object, the user has to logout and login again.

Looking at the errors that I receive, It seems like the user after 30 days loses the permission to upload objects to the bucket.

Am I handling the autologin feature wrong? Is there an error with the Amplify library?

Thanks for your time!

Categories

• [ ] Analytics
• [ ] API (REST)
• [ ] API (GraphQL)
• [X] Auth
• [ ] Authenticator
• [ ] DataStore
• [X] Storage

Steps to Reproduce

1. Fetch auth session after 30 days.
2. Upload a file.
3. Get the Unauthorized error.

Screenshots

No response

Platforms

• [X] iOS
• [X] Android

Android Device/Emulator API Level

API 32+

Environment

[✓] Flutter (Channel stable, 3.0.4, on macOS 12.4 21F79 darwin-arm, locale it-IT)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0-rc2)
[✓] Xcode - develop for iOS and macOS (Xcode 13.4.1)
[✓] Android Studio (version 2021.1)
[✓] VS Code (version 1.68.1)
[✓] Connected device (1 available)
[✓] HTTP Host Availability

Dependencies

Dart SDK 2.17.5
Flutter SDK 3.0.4
intales 0.0.2+47

dependencies:
- amplify_analytics_pinpoint 0.6.1 [amplify_analytics_pinpoint_android amplify_analytics_pinpoint_ios amplify_core aws_common flutter meta]
- amplify_api 0.6.1 [amplify_api_android amplify_api_ios amplify_core amplify_flutter aws_common collection flutter meta plugin_platform_interface]
- amplify_auth_cognito 0.6.1 [amplify_auth_cognito_android amplify_auth_cognito_ios amplify_core aws_common collection flutter meta plugin_platform_interface]
- amplify_datastore 0.6.1 [flutter amplify_datastore_plugin_interface amplify_core plugin_platform_interface meta collection async]
- amplify_flutter 0.6.1 [amplify_core amplify_datastore_plugin_interface amplify_flutter_android amplify_flutter_ios aws_common collection flutter meta plugin_platform_interface]
- amplify_storage_s3 0.6.1 [amplify_storage_s3_android amplify_storage_s3_ios amplify_core aws_common flutter meta plugin_platform_interface]
- auto_route 4.2.0 [flutter path collection meta universal_html]
- camera 0.9.8+1 [camera_android camera_avfoundation camera_platform_interface camera_web flutter flutter_plugin_android_lifecycle quiver]
- collection 1.16.0
- connectivity_plus 2.3.5 [flutter connectivity_plus_platform_interface connectivity_plus_linux connectivity_plus_macos connectivity_plus_web connectivity_plus_windows]
- cupertino_icons 1.0.5
- dartz 0.10.1
- dots_indicator 2.1.0 [flutter]
- equatable 2.0.3 [collection meta]
- extended_image 6.2.1 [extended_image_library flutter meta]
- firebase 9.0.3 [http http_parser js]
- firebase_core 1.18.0 [firebase_core_platform_interface firebase_core_web flutter meta]
- firebase_messaging 11.4.2 [firebase_core firebase_core_platform_interface firebase_messaging_platform_interface firebase_messaging_web flutter meta]
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_bloc 8.0.1 [flutter bloc provider]
- flutter_image_compress 1.1.0 [flutter]
- flutter_local_notifications 9.6.1 [clock flutter flutter_local_notifications_linux flutter_local_notifications_platform_interface timezone]
- flutter_localizations 0.0.0 [flutter intl characters clock collection material_color_utilities meta path vector_math]
- get_it 7.2.0 [async collection]
- image_picker 0.8.5+3 [flutter image_picker_android image_picker_for_web image_picker_ios image_picker_platform_interface]
- infinite_widgets 2.0.1 [flutter]
- intl 0.17.0 [clock path]
- mocktail 0.3.0 [collection matcher test]
- preload_page_view 0.1.6 [flutter]
- shared_preferences 2.0.15 [flutter shared_preferences_android shared_preferences_ios shared_preferences_linux shared_preferences_macos shared_preferences_platform_interface shared_preferences_web shared_preferences_windows]
- syncfusion_flutter_pdfviewer 20.2.36-beta [flutter vector_math async http uuid intl syncfusion_pdfviewer_platform_interface syncfusion_pdfviewer_web syncfusion_pdfviewer_macos syncfusion_pdfviewer_windows syncfusion_flutter_core syncfusion_flutter_pdf url_launcher]
- url_launcher 6.1.4 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]
- very_good_infinite_list 0.4.1 [flutter]
- video_compress 3.1.1 [flutter]
- video_player 2.4.5 [flutter html video_player_android video_player_avfoundation video_player_platform_interface video_player_web]
- visibility_detector 0.3.3 [flutter]

transitive dependencies:
- _fe_analyzer_shared 41.0.0 [meta]
- amplify_analytics_pinpoint_android 0.6.1 [flutter]
- amplify_analytics_pinpoint_ios 0.6.1 [flutter]
- amplify_api_android 0.6.1 [flutter]
- amplify_api_ios 0.6.1 [amplify_core flutter]
- amplify_auth_cognito_android 0.6.1 [flutter]
- amplify_auth_cognito_ios 0.6.1 [amplify_core flutter]
- amplify_core 0.6.1 [aws_common collection flutter intl json_annotation meta plugin_platform_interface uuid]
- amplify_datastore_plugin_interface 0.6.1 [amplify_core collection flutter meta]
- amplify_flutter_android 0.6.1 [flutter]
- amplify_flutter_ios 0.6.1 [amplify_core flutter]
- amplify_storage_s3_android 0.6.1 [flutter]
- amplify_storage_s3_ios 0.6.1 [flutter]
- analyzer 4.2.0 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml]
- args 2.3.1
- async 2.8.2 [collection meta]
- aws_common 0.1.1 [async collection http meta stream_transform uuid]
- bloc 8.0.3 [meta]
- boolean_selector 2.1.0 [source_span string_scanner]
- camera_android 0.9.8+3 [camera_platform_interface flutter flutter_plugin_android_lifecycle stream_transform]
- camera_avfoundation 0.9.8+2 [camera_platform_interface flutter stream_transform]
- camera_platform_interface 2.2.0 [cross_file flutter plugin_platform_interface stream_transform]
- camera_web 0.2.1+6 [camera_platform_interface flutter flutter_web_plugins stream_transform]
- characters 1.2.0
- charcode 1.3.1
- clock 1.1.0
- connectivity_plus_linux 1.3.1 [flutter connectivity_plus_platform_interface meta nm]
- connectivity_plus_macos 1.2.4 [connectivity_plus_platform_interface flutter]
- connectivity_plus_platform_interface 1.2.1 [flutter meta plugin_platform_interface]
- connectivity_plus_web 1.2.2 [connectivity_plus_platform_interface flutter_web_plugins flutter]
- connectivity_plus_windows 1.2.2 [connectivity_plus_platform_interface flutter]
- convert 3.0.2 [typed_data]
- coverage 1.3.2 [args logging package_config path source_maps stack_trace vm_service]
- cross_file 0.3.3+1 [js meta]
- crypto 3.0.2 [typed_data]
- csslib 0.17.2 [source_span]
- dbus 0.7.6 [args ffi meta xml]
- extended_image_library 3.3.0 [crypto flutter http_client_helper path path_provider]
- ffi 2.0.1
- file 6.1.2 [meta path]
- firebase_core_platform_interface 4.4.1 [collection flutter meta plugin_platform_interface]
- firebase_core_web 1.6.5 [firebase_core_platform_interface flutter flutter_web_plugins js meta]
- firebase_messaging_platform_interface 3.5.2 [firebase_core flutter meta plugin_platform_interface]
- firebase_messaging_web 2.4.2 [firebase_core firebase_core_web firebase_messaging_platform_interface flutter flutter_web_plugins js meta]
- flutter_local_notifications_linux 0.5.0+1 [flutter flutter_local_notifications_platform_interface dbus path xdg_directories]
- flutter_local_notifications_platform_interface 5.0.0 [flutter plugin_platform_interface]
- flutter_plugin_android_lifecycle 2.0.6 [flutter]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- frontend_server_client 2.1.3 [async path]
- glob 2.1.0 [async collection file path string_scanner]
- html 0.15.0 [csslib source_span]
- http 0.13.4 [async http_parser meta path]
- http_client_helper 2.0.2 [http]
- http_multi_server 3.2.1 [async]
- http_parser 4.0.1 [collection source_span string_scanner typed_data]
- image_picker_android 0.8.5+1 [flutter flutter_plugin_android_lifecycle image_picker_platform_interface]
- image_picker_for_web 2.1.8 [flutter flutter_web_plugins image_picker_platform_interface]
- image_picker_ios 0.8.5+5 [flutter image_picker_platform_interface]
- image_picker_platform_interface 2.5.0 [cross_file flutter http plugin_platform_interface]
- io 1.0.3 [meta path string_scanner]
- js 0.6.4
- json_annotation 4.5.0 [meta]
- logging 1.0.2
- matcher 0.12.11 [stack_trace]
- material_color_utilities 0.1.4
- meta 1.7.0
- mime 1.0.2
- nested 1.0.0 [flutter]
- nm 0.5.0 [dbus]
- node_preamble 2.0.1
- package_config 2.1.0 [path]
- path 1.8.1
- path_provider 2.0.11 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows]
- path_provider_android 2.0.16 [flutter path_provider_platform_interface]
- path_provider_ios 2.0.10 [flutter path_provider_platform_interface]
- path_provider_linux 2.1.7 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_macos 2.0.6 [flutter path_provider_platform_interface]
- path_provider_platform_interface 2.0.4 [flutter platform plugin_platform_interface]
- path_provider_windows 2.1.0 [ffi flutter path path_provider_platform_interface win32]
- petitparser 5.0.0 [meta]
- platform 3.1.0
- plugin_platform_interface 2.1.2 [meta]
- pool 1.5.1 [async stack_trace]
- process 4.2.4 [file path platform]
- provider 6.0.3 [collection flutter nested]
- pub_semver 2.1.1 [collection meta]
- quiver 3.1.0 [matcher]
- shared_preferences_android 2.0.12 [flutter shared_preferences_platform_interface]
- shared_preferences_ios 2.1.1 [flutter shared_preferences_platform_interface]
- shared_preferences_linux 2.1.1 [file flutter path path_provider_linux path_provider_platform_interface shared_preferences_platform_interface]
- shared_preferences_macos 2.0.4 [flutter shared_preferences_platform_interface]
- shared_preferences_platform_interface 2.0.0 [flutter]
- shared_preferences_web 2.0.4 [flutter flutter_web_plugins shared_preferences_platform_interface]
- shared_preferences_windows 2.1.1 [file flutter path path_provider_platform_interface path_provider_windows shared_preferences_platform_interface]
- shelf 1.3.1 [async collection http_parser path stack_trace stream_channel]
- shelf_packages_handler 3.0.1 [path shelf shelf_static]
- shelf_static 1.1.1 [convert http_parser mime path shelf]
- shelf_web_socket 1.0.2 [shelf stream_channel web_socket_channel]
- sky_engine 0.0.99
- source_map_stack_trace 2.1.0 [path stack_trace source_maps]
- source_maps 0.10.10 [source_span]
- source_span 1.8.2 [collection path term_glyph]
- stack_trace 1.10.0 [path]
- stream_channel 2.1.0 [async]
- stream_transform 2.0.0
- string_scanner 1.1.0 [charcode source_span]
- syncfusion_flutter_core 20.2.36 [vector_math flutter]
- syncfusion_flutter_pdf 20.2.36 [flutter intl xml syncfusion_flutter_core crypto convert]
- syncfusion_pdfviewer_macos 20.2.36-beta [flutter syncfusion_pdfviewer_platform_interface]
- syncfusion_pdfviewer_platform_interface 20.2.36-beta [flutter plugin_platform_interface]
- syncfusion_pdfviewer_web 20.2.36-beta [flutter flutter_web_plugins js meta syncfusion_pdfviewer_platform_interface]
- syncfusion_pdfviewer_windows 20.2.36-beta [flutter]
- term_glyph 1.2.0
- test 1.21.1 [analyzer async boolean_selector collection coverage http_multi_server io js node_preamble package_config path pool shelf shelf_packages_handler shelf_static shelf_web_socket source_span stack_trace stream_channel typed_data web_socket_channel webkit_inspection_protocol yaml test_api test_core]
- test_api 0.4.9 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher]
- test_core 0.4.13 [analyzer async args boolean_selector collection coverage frontend_server_client glob io meta package_config path pool source_map_stack_trace source_maps source_span stack_trace stream_channel vm_service yaml matcher test_api]
- timezone 0.8.0 [path]
- typed_data 1.3.1 [collection]
- universal_html 2.0.8 [async csslib charcode collection html meta source_span typed_data universal_io]
- universal_io 2.0.4 [collection crypto meta typed_data]
- url_launcher_android 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_ios 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_linux 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_macos 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_platform_interface 2.1.0 [flutter plugin_platform_interface]
- url_launcher_web 2.0.12 [flutter flutter_web_plugins url_launcher_platform_interface]
- url_launcher_windows 3.0.1 [flutter url_launcher_platform_interface]
- uuid 3.0.6 [crypto]
- vector_math 2.1.2
- video_player_android 2.3.6 [flutter video_player_platform_interface]
- video_player_avfoundation 2.3.5 [flutter video_player_platform_interface]
- video_player_platform_interface 5.1.3 [flutter plugin_platform_interface]
- video_player_web 2.0.10 [flutter flutter_web_plugins video_player_platform_interface]
- vm_service 8.3.0
- watcher 1.0.1 [async path]
- web_socket_channel 2.2.0 [async crypto stream_channel]
- webkit_inspection_protocol 1.1.0 [logging]
- win32 2.7.0 [ffi]
- xdg_directories 0.2.0+1 [meta path process]
- xml 6.1.0 [collection meta petitparser]
- yaml 3.1.1 [collection source_span string_scanner]

Device

N/A

OS

N/A

CLI Version

9.1.0

Additional Context

No response

[Jordan-Nelson]

Hello @filippomenchini - What is the refresh token expiration time set to in Cognito? By default it is 30 days, but can be changed to anything between 60 minutes and 10 years.

Once the refresh token expires, fetchAuthSession should throw an exception. The user will have to log back in with their username and password once it has expired.

[filippomenchini]

Hi @Jordan-Nelson , thank you for your answer! I'll try with changing the refresh token expiration time.

I didn't get any exception from fetchAuthSession unfortunately. I'll try to play with that to see if I'm, handling the exception in a wrong way.

Thanks again!

[Jordan-Nelson]

I didn't get any exception from fetchAuthSession unfortunately.

Okay. You should get an exception. If we can get some reproducible steps then we can create a bug. If you can share the code in which you are calling this function and catching the exception I can see if I can reproduce that.

[filippomenchini]

Hi @Jordan-Nelson sorry for the delay. Here's the code:

Future<Either<AuthFailure, String>> autoLogin() async {
    try {
      final session = await Amplify.Auth.fetchAuthSession();
      if (!session.isSignedIn)
        return Left(AuthFailure("User session has expired"));
      final user = await Amplify.Auth.getCurrentUser();
      return Right(user.userId);
    } on AuthException catch (e) {
      return Left(AuthFailure(e.message));
    }
  }

Let me know if there's something wrong with it, thank you! :)

[dnys1]

@filippomenchini did updating the refresh token lifetime resolve your issue? To me, that sounds like the root of this problem.

[filippomenchini]

Hi @dnys1 ! I've updated the refresh token lifetime. I think it's ok now, thanks!

Anyway, do you think that Amplify.Auth.fetchAuthSession() is working correctly?

[dnys1]

I'm glad to hear it :) Please let me know if you experience any more issues.