search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.12k forks source link

Auth.currentSession() returns "Not Authorized" after Serverless Lambda resources get deallocated #7202

Closed RoniFinTech closed 3 years ago

RoniFinTech commented 3 years ago

Describe the bug The bug is that if I Aut.signIn() and then hit Auth.currentSession() right away, it works fine. However, if I hit Auth.currentSession() again in 10 mins (my Serverless Lambda have gone cold by then), I will get "Not Authorized". All my communication with aws-amplify is done through my back-end code and not front-end.

To Reproduce I have my own Serverless Lambda GraphQL backend and if I do Auth.SignIn(). And, then I try to hit a secured mutation/query (it will first check Auth.currentSession()), it will go through and everything is fine. Now, the issue starts when the lambda resources get deallocated (the lambda goes cold). If I try to hit the secured mutation/query, I will get an error saying "Not Authenticated" (an error that is coming from Auth.currentSession().

Expected behavior I would expect currentSession() to work fine even after my lambda goes cold (resources get deallocated).

Code Snippet All my aws-amplify communication is done through my backend GrapQL serverless.

import  {Auth} from "@aws-amplify/auth";
await Auth.currentSession();

What is Configured?

config = {
    identityPoolId: CONSTS.identityPoolId,
    region: CONSTS.region,
    userPoolId: CONSTS.userPoolId,
    userPoolWebClientId: CONSTS.clientId
}

My only guess is that when the lambda recoursed get deallocated, all the session data also disappears with it. Is there no good way to overcome this? I don't want to make all these auth related calls from the Front-End.

Thanks!

sammartinez commented 3 years ago

@RoniFinTech can you provide your package.json along with your environment settings?

Please use the follow command: 

npx envinfo --system --binaries --browsers --npmPackages --npmGlobalPackages

Thanks ahead of time!

harrysolovay commented 3 years ago

All my communication with aws-amplify is done through my back-end code and not front-end.

^ this is the issue. amplify-js is a front-end library that takes care of tasks such as persisting refresh tokens and device IDs as to re-establish authentication. After all, tokens expire every 5 minutes or so.

This is not a use case that we support as of right now. If you're not using the front-end auth flow features of @aws-amplify/auth nor SRP auth in the underlaying amazon-cognito-identity-js package, I'd recommend that you utilize @aws-sdk/client-cognito-identity directly.

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.