Anonymous Auth doesn't work with npx ampx pipeline-deploy

[verygoodstefan]

Description

I have an Amplify project that uses amplify_auth_cognito_dart and fetches guest authentication data via fetchAuthSession. When I deploy the AWS resources for this project using npx ampx sandbox, I am able to consistently fetch the same identityPool ID on multiple calls to fetchAuthSession. When I deploy the project using npx ampx pipeline-deploy, however, calls to fetchAuthSession return brand new identity pool IDs every time.

Is there a reason that multiple calls to fetchAuthSession fetch a consistent identityPool ID in sandbox, but not in pipeline deploy?

Repo is here. It's a private repo, so if you want to look into the code, let me know and I will invite you.

Categories

• [ ] Analytics
• [ ] API (REST)
• [ ] API (GraphQL)
• [X] Auth
• [ ] Authenticator
• [ ] DataStore
• [ ] Notifications (Push)
• [ ] Storage

Steps to Reproduce

1. Setup auth via AmplifyAuthCognitoDart.
2. Deploy resources via npx ampx pipeline-deploy
3. Call fetchAuthSession multiple times, and inspect the identityId result.

Screenshots

No response

Platforms

• [ ] iOS
• [ ] Android
• [ ] Web
• [ ] macOS
• [ ] Windows
• [X] Linux

Flutter Version

3.22.1

Amplify Flutter Version

0.11.3 (Amplify Auth Cognito Dart)

Deployment Method

Custom Pipeline

Schema

No response

[tyllark]

Hi @verygoodstefan, thank you for submitting this issue. We will take a look at this issue and get back to you when we have any updates or questions.

[Equartey]

Hi @verygoodstefan. To clarify, are you saying fetchAuthSession is returning a different identity pool ID than in sandbox, or is the ID truly different each time the function is called?

[verygoodstefan]

@Equartey both: the ID is different in production than sandbox (which is expected), but also, every time the fetchAuthSession is called, even if it has only been a second between calls, the ID is new.

[khatruong2009]

Hi @verygoodstefan, I followed the reproduction steps but was unable to reproduce this issue. I deployed resources via npx ampx pipeline-deploy and called fetchAuthSession with guest credentials but got the same identity pool ID each time. Can you give us more details on your app configuration that would help us reproduce this?

[verygoodstefan]

@khatruong2009 the repo is here, if you want to see the configuration I have set up.

[Equartey]

Hey @verygoodstefan, just noticed you reported the platform as Linux, have you seen this issue on other platforms?

[verygoodstefan]

@Equartey I have not--my Amplify app is running on an AWS App Runner instance that uses a Linux server, so that's why I selected Linux.

[NikaHsn]

thanks for confirming. We were not able to reproduce this issue using Amplify Gen 2. Would you please provide a code snippet of your auth definition with any sensitive info removed.

[verygoodstefan]

@NikaHsn here is the auth resource in code:

export const auth = defineAuth({
  loginWith: {
    email: true,
  },
});

And here is what it generates in amplifyConfig (sensitive data removed):

  "auth": {
    "user_pool_id": "us-east-1_***",
    "aws_region": "us-east-1",
    "user_pool_client_id": "***",
    "identity_pool_id": "us-east-1:***",
    "mfa_methods": [],
    "standard_required_attributes": [
      "email"
    ],
    "username_attributes": [
      "email"
    ],
    "user_verification_types": [
      "email"
    ],
    "mfa_configuration": "NONE",
    "password_policy": {
      "min_length": 8,
      "require_lowercase": true,
      "require_numbers": true,
      "require_symbols": true,
      "require_uppercase": true
    },
    "unauthenticated_identities_enabled": true
  },

[NikaHsn]

thanks for providing these info.

re: my Amplify app is running on an AWS App Runner instance that uses a Linux server, so that's why I selected Linux.

would you please confirm if you are running a web app on Linux server (AWS App Runner instance) or if you are running a Linux app on a Linux server?

[verygoodstefan]

It's a Linux app (Dart Frog, built in a Docker container) on a Linux server (AWS App Runner instance).

[NikaHsn]

thanks for confirming. we will look into this and provide update as we have them.