search

aws-amplify / amplify-flutter

A declarative library with an easy-to-use interface for building Flutter applications on AWS.
https://docs.amplify.aws
Apache License 2.0
1.31k stars 243 forks source link

Cognito with Cloudfront proxy can't fetch auth session w/ credentials #2358

Closed adam-fpc closed 1 year ago

adam-fpc commented 1 year ago

Description

With a Cloudfront proxy in front of Cognito calling Amplify.Auth.fetchAuthSession(options: const CognitoSessionOptions(getAWSCredentials: true)) after successfully authenticating throws an error ERROR | FetchAuthSessionStateMachine | Emitted error: InvalidAccountTypeException(message: No identity pool registered for this account, recoverySuggestion: Register an identity pool using the CLI or set getAWSCredentials to false, underlyingException: null)

A subsequent call to updateUserAttributes causes an app crash.

Categories

Steps to Reproduce

  1. With Cloudfront proxy in front of Cognito, sign in with username and password
  2. After successfully authenticating, call fetchAuthSession with getAWSCredentials to true
  3. Observe error

Screenshots

No response

Platforms

Android Device/Emulator API Level

API 32+

Environment

[✓] Flutter (Channel stable, 3.3.7, on macOS 12.5.1 21G83 darwin-arm, locale en-US)
[✓] Android toolchain - develop for Android devices (Android SDK version 33.0.0)
[✓] Xcode - develop for iOS and macOS (Xcode 14.1)
[✓] Chrome - develop for the web
[✓] Android Studio (version 2021.2)
[✓] Connected device (5 available)
[✓] HTTP Host Availability

Dependencies

Dart SDK 2.18.4
Flutter SDK 3.3.7

dependencies:
- amplify_auth_cognito 1.0.0-next.0+7 [amplify_auth_cognito_android amplify_auth_cognito_dart amplify_auth_cognito_ios amplify_core amplify_flutter amplify_secure_storage async flutter flutter_web_plugins meta path plugin_platform_interface]
- amplify_flutter 1.0.0-next.0+5 [amplify_core amplify_datastore_plugin_interface amplify_flutter_android amplify_flutter_ios amplify_secure_storage aws_common collection flutter meta plugin_platform_interface]
- confetti 0.7.0 [flutter vector_math]
- connectivity_plus 2.3.9 [flutter connectivity_plus_platform_interface connectivity_plus_linux connectivity_plus_macos connectivity_plus_web connectivity_plus_windows]
- cupertino_icons 1.0.5
- device_info_plus 8.0.0 [device_info_plus_platform_interface ffi file flutter flutter_web_plugins meta win32]
- email_validator 2.1.17
- flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine]
- flutter_launcher_icons 0.10.0 [args checked_yaml cli_util image json_annotation path yaml]
- flutter_multi_formatter 2.8.2 [flutter collection base58check bech32]
- flutter_native_splash 2.2.11 [args flutter flutter_web_plugins html image js meta path universal_io xml yaml]
- flutter_riverpod 1.0.4 [collection flutter meta riverpod state_notifier]
- flutter_secure_storage 6.0.0 [flutter flutter_secure_storage_linux flutter_secure_storage_macos flutter_secure_storage_platform_interface flutter_secure_storage_web flutter_secure_storage_windows meta]
- flutter_svg 1.1.5 [flutter meta path_drawing vector_math xml]
- flutter_switch 0.3.2 [flutter]
- freezed_annotation 2.2.0 [collection json_annotation meta]
- gif 2.2.0 [flutter]
- google_fonts 3.0.1 [flutter http path_provider crypto]
- http 0.13.5 [async http_parser meta path]
- json_annotation 4.7.0 [meta]
- local_auth 2.1.2 [flutter intl local_auth_android local_auth_ios local_auth_platform_interface local_auth_windows]
- local_session_timeout 2.1.1 [flutter]
- logger 1.1.0
- mockito 5.3.2 [analyzer build code_builder collection dart_style matcher meta path source_gen test_api]
- package_info_plus 1.4.3+1 [flutter package_info_plus_platform_interface package_info_plus_linux package_info_plus_macos package_info_plus_windows package_info_plus_web]
- pinput 2.2.16 [flutter smart_auth]
- quiver 3.1.0 [matcher]
- scroll_to_index 3.0.1 [flutter]
- smooth_page_indicator 1.0.0+2 [flutter]
- url_launcher 6.1.6 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows]
- uuid 3.0.6 [crypto]
- webview_flutter 3.0.4 [flutter webview_flutter_android webview_flutter_platform_interface webview_flutter_wkwebview]

transitive dependencies:
- _fe_analyzer_shared 49.0.0 [meta]
- amplify_auth_cognito_android 1.0.0-next.0+3 [flutter]
- amplify_auth_cognito_dart 0.2.2 [amplify_core amplify_secure_storage_dart async aws_common aws_signature_v4 built_collection built_value collection convert crypto fixnum http intl js json_annotation meta oauth2 path smithy smithy_aws stream_transform uuid worker_bee]
- amplify_auth_cognito_ios 1.0.0-next.0+4 [amplify_core flutter]
- amplify_core 1.0.0-next.0+3 [async aws_common aws_signature_v4 collection intl json_annotation logging meta uuid]
- amplify_datastore_plugin_interface 1.0.0-next.0+2 [amplify_core collection flutter meta]
- amplify_flutter_android 1.0.0-next.0 [flutter]
- amplify_flutter_ios 1.0.0-next.0+2 [amplify_core flutter]
- amplify_secure_storage 0.1.3 [amplify_secure_storage_dart async file flutter meta path path_provider]
- amplify_secure_storage_dart 0.1.3 [async aws_common built_collection built_value ffi file js meta path win32 worker_bee]
- analyzer 5.1.0 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml]
- archive 3.3.2 [crypto path]
- args 2.3.1
- async 2.9.0 [collection meta]
- aws_common 0.3.0 [async built_collection built_value collection http2 js json_annotation logging meta os_detect path stream_transform uuid]
- aws_signature_v4 0.3.0 [async aws_common collection convert crypto json_annotation meta path]
- base58check 2.0.0 [crypto collection]
- bech32 0.2.1 [convert]
- boolean_selector 2.1.0 [source_span string_scanner]
- build 2.3.1 [analyzer async convert crypto glob logging meta path]
- built_collection 5.1.1
- built_value 8.4.1 [built_collection collection fixnum meta]
- characters 1.2.1
- checked_yaml 2.0.1 [json_annotation source_span yaml]
- cli_util 0.3.5 [meta path]
- clock 1.1.1
- code_builder 4.3.0 [built_collection built_value collection matcher meta]
- collection 1.16.0
- connectivity_plus_linux 1.3.1 [flutter connectivity_plus_platform_interface meta nm]
- connectivity_plus_macos 1.2.6 [connectivity_plus_platform_interface flutter]
- connectivity_plus_platform_interface 1.2.3 [flutter meta plugin_platform_interface]
- connectivity_plus_web 1.2.5 [connectivity_plus_platform_interface flutter_web_plugins flutter js]
- connectivity_plus_windows 1.2.2 [connectivity_plus_platform_interface flutter]
- convert 3.0.2 [typed_data]
- crclib 3.0.0 [meta tuple]
- crypto 3.0.2 [typed_data]
- csslib 0.17.2 [source_span]
- dart_style 2.2.4 [analyzer args path pub_semver source_span]
- dbus 0.7.8 [args ffi meta xml]
- device_info_plus_platform_interface 7.0.0 [flutter meta plugin_platform_interface]
- ffi 2.0.1
- file 6.1.4 [meta path]
- fixnum 1.0.1
- flutter_plugin_android_lifecycle 2.0.7 [flutter]
- flutter_secure_storage_linux 1.1.1 [flutter flutter_secure_storage_platform_interface]
- flutter_secure_storage_macos 1.1.1 [flutter flutter_secure_storage_platform_interface]
- flutter_secure_storage_platform_interface 1.0.0 [flutter plugin_platform_interface]
- flutter_secure_storage_web 1.0.2 [flutter flutter_web_plugins flutter_secure_storage_platform_interface js]
- flutter_secure_storage_windows 1.1.2 [flutter flutter_secure_storage_platform_interface]
- flutter_web_plugins 0.0.0 [flutter js characters collection material_color_utilities meta vector_math]
- glob 2.1.0 [async collection file path string_scanner]
- html 0.15.1 [csslib source_span]
- http2 2.0.1
- http_parser 4.0.2 [collection source_span string_scanner typed_data]
- image 3.2.2 [archive meta xml]
- intl 0.17.0 [clock path]
- js 0.6.4
- local_auth_android 1.0.13 [flutter flutter_plugin_android_lifecycle intl local_auth_platform_interface]
- local_auth_ios 1.0.10 [flutter intl local_auth_platform_interface]
- local_auth_platform_interface 1.0.5 [flutter intl plugin_platform_interface]
- local_auth_windows 1.0.4 [flutter local_auth_platform_interface]
- logging 1.1.0
- matcher 0.12.12 [stack_trace]
- material_color_utilities 0.1.5
- meta 1.8.0
- nm 0.5.0 [dbus]
- oauth2 2.0.1 [collection crypto http http_parser]
- os_detect 2.0.1
- package_config 2.1.0 [path]
- package_info_plus_linux 1.0.5 [package_info_plus_platform_interface flutter path]
- package_info_plus_macos 1.3.0 [flutter]
- package_info_plus_platform_interface 1.0.2 [flutter meta plugin_platform_interface]
- package_info_plus_web 1.0.6 [flutter flutter_web_plugins http meta package_info_plus_platform_interface]
- package_info_plus_windows 2.1.0 [package_info_plus_platform_interface ffi flutter win32]
- path 1.8.2
- path_drawing 1.0.1 [vector_math meta path_parsing flutter]
- path_parsing 1.0.1 [vector_math meta]
- path_provider 2.0.11 [flutter path_provider_android path_provider_ios path_provider_linux path_provider_macos path_provider_platform_interface path_provider_windows]
- path_provider_android 2.0.20 [flutter path_provider_platform_interface]
- path_provider_ios 2.0.11 [flutter path_provider_platform_interface]
- path_provider_linux 2.1.7 [ffi flutter path path_provider_platform_interface xdg_directories]
- path_provider_macos 2.0.6 [flutter path_provider_platform_interface]
- path_provider_platform_interface 2.0.5 [flutter platform plugin_platform_interface]
- path_provider_windows 2.1.3 [ffi flutter path path_provider_platform_interface win32]
- petitparser 5.0.0 [meta]
- platform 3.1.0
- plugin_platform_interface 2.1.3 [meta]
- process 4.2.4 [file path platform]
- pub_semver 2.1.2 [collection meta]
- retry 3.1.0
- riverpod 1.0.3 [collection meta state_notifier]
- shelf 1.4.0 [async collection http_parser path stack_trace stream_channel]
- sky_engine 0.0.99
- smart_auth 1.0.6 [flutter flutter_web_plugins]
- smithy 0.3.0 [async aws_common built_collection built_value collection convert crypto fixnum http_parser intl json_annotation meta path retry shelf typed_data xml]
- smithy_aws 0.3.0 [aws_common aws_signature_v4 built_collection built_value collection convert crclib crypto intl json_annotation meta path smithy xml]
- source_gen 1.2.6 [analyzer async build dart_style glob meta path source_span yaml]
- source_span 1.9.0 [collection path term_glyph]
- stack_trace 1.10.0 [path]
- state_notifier 0.7.2+1 [meta]
- stream_channel 2.1.0 [async]
- stream_transform 2.0.1
- string_scanner 1.1.1 [source_span]
- term_glyph 1.2.1
- test_api 0.4.12 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph matcher]
- tuple 2.0.1
- typed_data 1.3.1 [collection]
- universal_io 2.0.4 [collection crypto meta typed_data]
- url_launcher_android 6.0.19 [flutter url_launcher_platform_interface]
- url_launcher_ios 6.0.17 [flutter url_launcher_platform_interface]
- url_launcher_linux 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_macos 3.0.1 [flutter url_launcher_platform_interface]
- url_launcher_platform_interface 2.1.1 [flutter plugin_platform_interface]
- url_launcher_web 2.0.13 [flutter flutter_web_plugins url_launcher_platform_interface]
- url_launcher_windows 3.0.1 [flutter url_launcher_platform_interface]
- vector_math 2.1.2
- watcher 1.0.2 [async path]
- webview_flutter_android 2.10.4 [flutter webview_flutter_platform_interface]
- webview_flutter_platform_interface 1.9.5 [flutter meta plugin_platform_interface]
- webview_flutter_wkwebview 2.9.5 [flutter path webview_flutter_platform_interface]
- win32 3.0.1 [ffi]
- worker_bee 0.1.2 [async aws_common built_collection built_value collection js meta path stack_trace stream_channel stream_transform]
- xdg_directories 0.2.0+2 [meta path process]
- xml 6.1.0 [collection meta petitparser]
- yaml 3.1.1 [collection source_span string_scanner]

Device

physical iPhone XR, iPhone 14 Simulator, Pixel 5 Simulator

OS

iOS 14.1, iOS 16.1, Android 12, Android 13

Deployment Method

Custom Pipeline

CLI Version

10.0.0

Additional Context

No response

Amplify Config

{ "UserAgent": "aws-amplify-cli/2.0", "Version": "1.0", "auth": { "plugins": { "awsCognitoAuthPlugin": { "UserAgent": "aws-amplify-cli/0.1.0", "Version": "0.1.0", "IdentityManager": { "Default": {} }, "CognitoUserPool": { "Default": { "PoolId": "our poolId", "AppClientId": "our appClientId", "Endpoint": "proxy endpoint goes here", "Region": "our region" } }, "Auth": { "Default": { "authenticationFlowType": "USER_SRP_AUTH", "socialProviders": [], "usernameAttributes": [], "signupAttributes": [ "EMAIL" ], "passwordProtectionSettings": { "passwordPolicyMinLength": 8, "passwordPolicyCharacters": [ "REQUIRES_LOWERCASE", "REQUIRES_UPPERCASE", "REQUIRES_NUMBERS", "REQUIRES_SYMBOLS" ] }, "mfaConfiguration": "OPTIONAL", "mfaTypes": [ "SMS", "TOTP" ], "verificationMechanisms": [ "EMAIL" ] } } } } } }

dnys1 commented 1 year ago

Hi @adam-fpc, in order to call fetchAuthSession with getAwsCredentials = true, you must have an identity pool associated with your account. Since it appears you only have a user pool, can you try calling with getAwsCredentials = false or omitting the parameter entirely?

This is a divergence from Amplify 0.x behavior in vNext, so apologies for any confusion there.

adam-fpc commented 1 year ago

Hey @dnys1, thanks for clarifying. So in this scenario can a user no longer get the accessToken, idToken and refreshToken?

dnys1 commented 1 year ago

They can. Here's how you would do that:

final session = await Amplify.Auth.fetchAuthSession() as CognitoAuthSession;
final tokens = session.userPoolTokens!;
final accessToken = tokens.accessToken;
final refreshToken = tokens.refreshToken;
final idToken = tokens.idToken;

Passing getAwsCredentials = true is only necessary if you would like to retrieve temporary AWS credentials as well, which happens via an identity pool.

adam-fpc commented 1 year ago

Got it! That makes sense now. Many thanks - will close this out.