Unable to authenticate between apps with the same domain

[dcp3450]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Angular

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

``` # Put output below this line System: OS: Windows 10 10.0.22621 CPU: (12) x64 11th Gen Intel(R) Core(TM) i5-11400H @ 2.70GHz Memory: 1.74 GB / 31.73 GB Binaries: Node: 18.12.1 - C:\Program Files\nodejs\node.EXE npm: 8.19.2 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Chromium (118.0.2088.76) Internet Explorer: 11.0.22621.1 npmPackages: @angular-builders/custom-webpack: ^16.0.1 => 16.0.1 @angular-builders/jest: ^16.0.1 => 16.0.1 @angular-devkit/build-angular: ^16.2.5 => 16.2.7 @angular/animations: ^16.2.10 => 16.2.10 @angular/cli: ^16.2.5 => 16.2.7 @angular/common: ^16.2.10 => 16.2.10 @angular/compiler: 16.2.10 => 16.2.10 @angular/compiler-cli: ^16.2.10 => 16.2.10 @angular/core: 16.2.10 => 16.2.10 @angular/forms: 16.2.10 => 16.2.10 @angular/material: 16.2.7 => 16.2.7 @angular/material-moment-adapter: 16.2.7 => 16.2.7 @angular/platform-browser: 16.2.10 => 16.2.10 @angular/platform-browser-dynamic: 16.2.10 => 16.2.10 @angular/router: 16.2.10 => 16.2.10 @aws-amplify/ui-angular: ^4.0.1 => 4.0.9 @faker-js/faker: ^7.3.0 => 7.6.0 @ngneat/spectator: ^14.0.0 => 14.0.0 @types/faker: ^5.5.3 => 5.5.9 @types/jasmine: ~3.10.0 => 3.10.15 @types/jasminewd2: ~2.0.3 => 2.0.12 @types/jest: ^29.5.2 => 29.5.6 @types/luxon: ^2.4.0 => 2.4.0 @types/node: ^18.16.18 => 18.18.6 @typescript-eslint/eslint-plugin: ^6.7.4 => 6.9.0 @typescript-eslint/parser: ^6.7.4 => 6.9.0 aws-amplify: ^5.3.3 => 5.3.11 commit-and-tag-version: ^11.3.0 => 11.3.0 core-js: ^3.31.0 => 3.33.1 echarts: ^5.4.3 => 5.4.3 eslint: ^8.43.0 => 8.52.0 (2.13.1) eslint-config-angular: ^0.5.0 => 0.5.0 eslint-config-prettier: ^8.10.0 => 8.10.0 eslint-plugin-angular: ^4.0.1 => 4.1.0 eslint-plugin-html: ^7.1.0 => 7.1.0 eslint-plugin-prettier: ^4.2.1 => 4.2.1 filepond: ^4.30.4 => 4.30.4 filepond-plugin-file-validate-type: ^1.2.8 => 1.2.8 jasmine-core: ~4.0.0 => 4.0.1 jest: ^29.5.0 => 29.7.0 jest-junit: ^16.0.0 => 16.0.0 jest-preset-angular: ^13.1.1 => 13.1.2 (13.1.1) lodash: ^4.17.21 => 4.17.21 luxon: ^3.4.3 => 3.4.3 moment: ^2.29.4 => 2.29.4 ng-mocks: ^14.11.0 => 14.11.0 ngx-echarts: ^16.0.0 => 16.1.1 prettier: 3.0.3 => 3.0.3 pretty-quick: ^3.1.3 => 3.1.3 rxjs: ~7.5.0 => 7.5.7 (7.8.1) rxjs/ajax: undefined () rxjs/fetch: undefined () rxjs/operators: undefined () rxjs/testing: undefined () rxjs/webSocket: undefined () sass-lint: ^1.12.1 => 1.13.1 tslib: ^2.3.0 => 2.6.2 (2.6.1, 1.14.1, 2.3.1, 2.4.1, 2.3.0) tslint-jasmine-rules: ^1.6.1 => 1.6.1 typescript: ~4.9.5 => 4.9.5 zone.js: ~0.13.0 => 0.13.3 npmGlobalPackages: @angular/cli: 15.0.1 @aws-amplify/cli: 10.5.1 aws-cdk: 2.100.0 ```

Describe the bug

I have multiple applications that use Cognito to authenticate to login. All applications use the exact same subdomain/domain setup. They are separated by a route such as:

company.myapp.com/app1 company.myapp.com/app2

A user accesses a portal to their applications by going to the base subdomain/domain (company.myapp.com).

Right now when a user logs into one application they still have to log into all the others even though the cognito userpool, identity pool, and the domains are all the same. I've verified logging into one sets the local storage and cookies available to the other applications.

To verify login:

...
import Auth from '@aws-amplify/auth';
...
  canActivate(...): Promise<boolean> {
    return Auth.currentAuthenticatedUser()
      .then(user => {
        ...
        return true;
      })
      .catch(() => {
        console.error('Must be signed in');
        ...
        return false;
      });
  }
...

This works fine at the same route: company.myapp.com/app1 company.myapp.com/app1/library company.myapp.com/app1/library?book=abc123

but if they try to access the other app company.myapp.com/app2 it says they aren't authenticated.

Expected behavior

If a user logs into a login at one location with the same domain it should authenticate at the same domain even if it's a different application.

Reproduction steps

Setup server with two or more applications that have the same domains but different routes to set them apart.

Use Auth.currentAuthenticatedUser

User is only authenticated at one location

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[dcp3450]

All the apps had the same user pool and identity pool IDs but they had different web client IDs. I gave them the same web client ID and login works as expected.

[nadetastic]

Hi @dcp3450 glad you were able to get this sorted out, and thank you for sharing what the issue and fix was!