search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.12k forks source link

I can't get the Sub and other attributes of a user registered with oauth #8195

Closed DeniferSantiago closed 3 years ago

DeniferSantiago commented 3 years ago

Before opening, please confirm:

JavaScript Framework

React Native

Amplify APIs

Authentication, GraphQL API, Storage

Amplify Categories

auth, storage, api

Environment information

``` System: OS: Windows 10 10.0.19041 CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Memory: 7.17 GB / 15.88 GB Binaries: Node: 14.1.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.10 - ~\AppData\Roaming\npm\yarn.CMD npm: 6.14.4 - C:\Program Files\nodejs\npm.CMD Watchman: 20210110.135312.0 - c:\Users\denif\AppData\Local\watchman\watchman.EXE Browsers: Chrome: 90.0.4430.93 Edge: Spartan (44.19041.906.0), Chromium (90.0.818.49) Internet Explorer: 11.0.19041.1 npmPackages: @babel/core: ^7.12.9 => 7.13.16 @babel/runtime: ^7.12.5 => 7.13.17 @gorhom/bottom-sheet: ^2 => 2.3.0 @react-native-community/async-storage: ^1.11.0 => 1.12.1 @react-native-community/datetimepicker: ^3.0.2 => 3.4.7 @react-native-community/eslint-config: ^2.0.0 => 2.0.0 @react-native-community/masked-view: ^0.1.10 => 0.1.11 @react-native-community/netinfo: ^6.0.0 => 6.0.0 @react-navigation/bottom-tabs: ^5.11.10 => 5.11.10 @react-navigation/native: ^5.9.4 => 5.9.4 @react-navigation/stack: ^5.14.4 => 5.14.4 HelloWorld: 0.0.1 amazon-cognito-identity-js: ^4.6.0 => 4.6.0 aws-amplify: ^3.3.26 => 3.3.27 aws-amplify-react-native: ^4.3.2 => 4.3.2 babel-jest: ^26.6.3 => 26.6.3 eslint: 7.14.0 => 7.14.0 hermes-inspector-msggen: 1.0.0 jest: ^26.6.3 => 26.6.3 metro-react-native-babel-preset: ^0.64.0 => 0.64.0 moment: ^2.29.1 => 2.29.1 react: 17.0.1 => 17.0.1 react-native: 0.64.0 => 0.64.0 react-native-animatable: ^1.3.3 => 1.3.3 react-native-auto-cacheable-image: ^1.1.4 => 1.1.4 react-native-calendars: ^1.403.0 => 1.1258.0 react-native-confirmation-code-field: ^7.0.1 => 7.0.1 react-native-controlled-mentions: github:DeniferSantiago/react-native-controlled-mentions#Deploy => 2.2.5 react-native-draggable-flatlist: ^2.5.4 => 2.6.1 react-native-fs: ^2.16.6 => 2.17.0 react-native-geolocation-service: ^5.2.0 => 5.2.0 react-native-gesture-handler: ^1.6.1 => 1.10.3 react-native-get-random-values: ^1.7.0 => 1.7.0 react-native-haptic-feedback: ^1.11.0 => 1.11.0 react-native-image-picker: ^3.2.1 => 3.3.4 react-native-inappbrowser-reborn: ^3.5.1 => 3.5.1 react-native-indicators: ^0.17.0 => 0.17.0 react-native-maps: 0.27.1 => 0.27.1 react-native-modal-datetime-picker: ^9.1.0 => 9.2.1 react-native-paper: ^4.8.0 => 4.8.1 react-native-permissions: ^3.0.0 => 3.0.2 react-native-photo-editor: ^1.0.10 => 1.0.10 react-native-reanimated: ^2.1.0 => 2.1.0 react-native-redash: ^16.0.11 => 16.0.11 (14.2.4) react-native-safe-area-context: ^3.0.5 => 3.2.0 react-native-screens: ^2.16.1 => 2.18.1 react-native-splash-screen: ^3.2.0 => 3.2.0 react-native-status-bar-height: ^2.6.0 => 2.6.0 react-native-svg: ^12.1.0 => 12.1.1 react-native-vector-icons: ^7.1.0 => 7.1.0 react-redux: ^7.2.3 => 7.2.4 react-test-renderer: 17.0.1 => 17.0.1 redux: ^4.0.5 => 4.1.0 uuid: ^8.3.2 => 8.3.2 (3.4.0, 3.3.2) npmGlobalPackages: @aws-amplify/cli: 4.49.0 @vue/cli: 4.3.1 expo-cli: 4.0.17 typescript: 4.2.3 yarn: 1.22.10 ```

Describe the bug

I need to get attributes of a user when they log in with oauth. Currently Hub.listen returns me some user data like this: 

{
  "Session": null, 
  "authenticationFlowType": "USER_SRP_AUTH", 
  "client": {
    "endpoint": "https://cognito-idp.us-east-1.amazonaws.com/", 
    "fetchOptions": [Object]
  }, 
  "keyPrefix": "CognitoIdentityServiceProvider.vifuv747v73gj48v", 
  "pool": {
    "advancedSecurityDataCollectionFlag": true, 
    "client": [Client], 
    "clientId": "vifuv747v73gj48v", 
    "storage": [Function MemoryStorage], 
    "userPoolId": "us-east-1_gkfke8e", 
    "wrapRefreshSessionCallback": [Function anonymous]
  }, 
  "signInUserSession": {
    "accessToken": [CognitoAccessToken], 
    "clockDrift": 0, 
    "idToken": [CognitoIdToken], 
    "refreshToken": [CognitoRefreshToken]
  }, 
  "storage": [Function MemoryStorage], 
  "userDataKey": "CognitoIdentityServiceProvider.sdfj656fs5efsdf45es.Google_0000000000000000000000.userData", 
  "username": "Google_0000000000000000000000"
}

Also I can't access them with: currentAuthenticatedUser()

const { attributes } = await Auth.currentAuthenticatedUser();
//attributes === undefined

Expected behavior

Being able to get the attributes with the auth class.

const { attributes } = await Auth.currentAuthenticatedUser();
//attributes !== undefined

Reproduction steps

Follow the instructions of: https://docs.amplify.aws/lib/auth/social/q/platform/js try to get user attributes: const { attributes } = await Auth.currentAuthenticatedUser();

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

const awsmobile = {
    "aws_project_region": "us-east-1",
    "aws_cognito_identity_pool_id": "us-east-1:00000000-0000-0000-0000-000000000000",
    "aws_cognito_region": "us-east-1",
    "aws_user_pools_id": "us-east-1_AAAAAAA0",
    "aws_user_pools_web_client_id": "aa0a0a0a00aa00a0a0a0a",
    "oauth": {
        "domain": "mydomain-dev.auth.us-east-1.amazoncognito.com",
        "scope": [
            "phone",
            "email",
            "openid",
            "profile"
        ],
        "redirectSignIn": "myapp://",
        "redirectSignOut": "myapp://",
        "responseType": "token"
    },
    "federationTarget": "COGNITO_USER_POOLS",
    "aws_appsync_graphqlEndpoint": "https://a0a0a0a0aaaaa0a00aa00a.appsync-api.us-east-1.amazonaws.com/graphql",
    "aws_appsync_region": "us-east-1",
    "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
    "aws_appsync_apiKey": "aa0-aaa0a0000aa0a0a0a00a",
    "aws_user_files_s3_bucket": "namea0a0a0aa0000a0a0aaa0-dev",
    "aws_user_files_s3_bucket_region": "us-east-1"
};

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

DeniferSantiago commented 3 years ago

Found out how to access attributes when using Oauth to login:

const user = await Auth.currentAuthenticatedUser();
const attributes = user.signInUserSession?.idToken?.payload;

I noticed this adds some extra properties but it does what I need.

I will not close this issue as I consider that amplify should fill the "attributes" property internally to ensure similar behavior in any type of login.

chrisbonifacio commented 3 years ago

Hi @DeniferSantiago 👋 That's strange that attributes is not included in the response.

This is what I get when calling Auth.currentAuthenticatedUser logged in through google OAuth

code

const getUser = async () => {
    const { attributes } = await Auth.currentAuthenticatedUser();
    console.log(attributes);
  };

console log

Screen Shot 2021-05-05 at 12 25 24 PM

However, I am using @aws-amplify/auth, not amazon-cognito-identity-js. Maybe try with the Auth import from aws-amplify instead? I think we recommend just using that for Auth now.

DeniferSantiago commented 3 years ago

I am using the module: import { Auth } from "aws-amplify"; I am getting:

{
  "Session": null, 
  "authenticationFlowType": "USER_SRP_AUTH", 
  "client": {
    "endpoint": "https://cognito-idp.us-east-1.amazonaws.com/", 
    "fetchOptions": [Object]
  }, 
  "keyPrefix": "CognitoIdentityServiceProvider.vifuv747v73gj48v", 
  "pool": {
    "advancedSecurityDataCollectionFlag": true, 
    "client": [Client], 
    "clientId": "vifuv747v73gj48v", 
    "storage": [Function MemoryStorage], 
    "userPoolId": "us-east-1_gkfke8e", 
    "wrapRefreshSessionCallback": [Function anonymous]
  }, 
  "signInUserSession": {
    "accessToken": [CognitoAccessToken], 
    "clockDrift": 0, 
    "idToken": [CognitoIdToken], 
    "refreshToken": [CognitoRefreshToken]
  }, 
  "storage": [Function MemoryStorage], 
  "userDataKey": "CognitoIdentityServiceProvider.sdfj656fs5efsdf45es.Google_0000000000000000000000.userData", 
  "username": "Google_0000000000000000000000"
}

I work in React Native.

chrisbonifacio commented 3 years ago

@DeniferSantiago could you try adding aws.cognito.signin.user.admin to your scopes in aws-exports? You should be able to do so from the cli as well if you run amplify update auth

"scope": [
            "phone",
            "email",
            "openid",
            "profile",
            "aws.cognito.signin.user.admin"
        ],
DeniferSantiago commented 3 years ago

The scopes are already added

chrisbonifacio commented 3 years ago

The scopes are already added

you have the aws.cognito.signin.user.admin scope specifically as well?

It's missing in the aws-exports file you shared.

If so, did it make any difference in the return for Auth.currentAuthenticatedUser?

github-actions[bot] commented 2 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.