Potential bug: Calling signOut() before currentAuthenticatedUser() does not log the user out on react-native app restart

[bertrand-caron]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

``` # Put output below this line System: OS: macOS 11.4 CPU: (8) arm64 Apple M1 Memory: 95.45 MB / 16.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 14.16.0 - ~/.nvm/versions/node/v14.16.0/bin/node Yarn: 1.22.10 - ~/.nvm/versions/node/v14.16.0/bin/yarn npm: 6.14.11 - ~/.nvm/versions/node/v14.16.0/bin/npm Browsers: Chrome: 91.0.4472.77 Firefox: 88.0.1 Safari: 14.1.1 npmPackages: @aws-amplify/api: 4.0.1 => 4.0.1 @aws-amplify/auth: 4.0.1 => 4.0.1 @aws-amplify/core: 4.0.1 => 4.0.1 (4.0.3) @babel/core: ^7.8.4 => 7.12.16 (7.14.3) @babel/runtime: ^7.8.4 => 7.12.13 (7.14.0) @fortawesome/fontawesome-svg-core: ^1.2.35 => 1.2.35 @fortawesome/free-regular-svg-icons: ^5.15.3 => 5.15.3 @fortawesome/free-solid-svg-icons: ^5.15.3 => 5.15.3 @fortawesome/react-native-fontawesome: ^0.2.6 => 0.2.6 @onfido/react-native-sdk: ^1.3.4 => 1.3.4 @react-native-async-storage/async-storage: ^1.14.1 => 1.14.1 @react-native-community/datetimepicker: ^3.4.2 => 3.4.2 @react-native-community/eslint-config: ^1.1.0 => 1.1.0 @react-native-community/netinfo: ^5.9.10 => 5.9.10 @react-native-community/progress-bar-android: ^1.0.4 => 1.0.4 @react-native-community/progress-view: ^1.2.4 => 1.2.4 @sentry/react-native: ^2.3.0 => 2.4.0 @types/amplitude-js: ^7.0.1 => 7.0.1 @types/jest: ^25.2.3 => 25.2.3 @types/react-native: ^0.63.2 => 0.63.49 (0.64.2) @types/react-native-vector-icons: ^6.4.6 => 6.4.6 @types/react-test-renderer: ^16.9.2 => 16.9.5 @typescript-eslint/eslint-plugin: ^4.15.0 => 4.15.0 (2.34.0) HelloWorld: 0.0.1 PDFExample: 0.0.1 amazon-cognito-identity-js: ^4.5.11 => 4.5.11 (5.0.2) amplitude-js: ^7.4.2 => 7.4.2 babel-jest: ^25.1.0 => 25.5.1 date-fns: ^2.21.3 => 2.21.3 docs: 0.0.0 eslint: ^7.20.0 => 7.20.0 eslint-config-airbnb-typescript: ^12.3.1 => 12.3.1 eslint-config-prettier: ^7.2.0 => 7.2.0 (6.15.0) eslint-plugin-import: ^2.22.1 => 2.22.1 eslint-plugin-jsx-a11y: ^6.4.1 => 6.4.1 eslint-plugin-react: ^7.22.0 => 7.22.0 (7.19.0) example: 0.1.0 fbjs: ^3.0.0 => 3.0.0 hermes-inspector-msggen: 1.0.0 jest: ^25.1.0 => 25.5.4 memo-parser: 0.2.1 metro-react-native-babel-preset: ^0.59.0 => 0.59.0 (0.64.0) prettier: ^2.2.1 => 2.2.1 react: 17.0.1 => 17.0.1 react-native: 0.64.1 => 0.64.1 react-native-biometrics: ^2.1.4 => 2.1.4 react-native-chart-kit: ^6.11.0 => 6.11.0 react-native-device-info: ^8.0.1 => 8.0.1 react-native-navigation: 7.15.0 => 7.15.0 react-native-navigation-bar-color: ^2.0.1 => 2.0.1 react-native-pdf: ^6.3.0 => 6.3.0 react-native-smooth-pincode-input: ^1.0.9 => 1.0.9 react-native-svg: ^12.1.0 => 12.1.0 react-native-toast-message: ^1.4.9 => 1.4.9 react-native-vector-icons: ^8.1.0 => 8.1.0 react-redux: ^7.2.4 => 7.2.4 react-test-renderer: 16.13.1 => 16.13.1 redux: ^4.1.0 => 4.1.0 redux-persist: ^6.0.0 => 6.0.0 redux-persist/integration/react: undefined () rn-fetch-blob: ^0.12.0 => 0.12.0 typescript: ^3.8.3 => 3.9.9 npmGlobalPackages: npm: 6.14.11 yarn: 1.22.10 ```

Describe the bug

Calling Auth.SignOut() before any call to Auth.currentAuthenticatedUser() does not log the user out on react-native application restart. I don't think the react-native part is relevant but am including it just in case.

Expected behavior

Calling Auth.SignOut() will log the user out if Auth.currentAuthenticatedUser() would have returned a non-null value.

Reproduction steps

1. Write react-native app that uses @aws-amplify/auth
2. Log in using Auth.signIn()
3. Restart App
4. Call Auth.signOut() -> This will not log the user out.
5. Call Auth.currentAuthenticatedUser() then Auth.signOut() -> This will log the user out.

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[chrisbonifacio]

Hey @bertrand-caron 👋 where are you calling Auth.signOut? Are you trying to log the user out if they leave the app and expect them to be logged out when the app restarts? Or are you calling currentAuthenticatedUser afterwards to verify they're logged out?

Just trying to get a better understanding of what we're trying to achieve by calling Auth.signOut before Auth.currentAuthenticatedUser. Seeing how and at what point each method is being called will help.

[bertrand-caron]

Hey @chrisbonifacio, thanks for looking into this.

I'm calling Auth.signOut() before any calls to Auth. currentAuthenticatedUser(). It just seemed very counter-intuitive to me that Auth. currentAuthenticatedUser() would succeed, but Auth.signOut() did not (unless I had called Auth. currentAuthenticatedUser() before).

Does that make sense?

Maybe this does not warrant any code change, but at least documentation update to Auth.signOut() to make it explicit? I spent much longer than I'd like to admit understanding what was happening.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

[chrisbonifacio]

Hi :wave: Sorry this was auto-closed by stale bot. We are working towards preventing this from happening in the future. Please let us know if you are still experiencing this issue and in need of assistance.

[pepso]

I think I experienced the same bug on React web-app right now with: "aws-amplify-react": "^5.0.13" / "@aws-amplify/ui-react": "^1.2.14",

My scenario:

1. Two tabs open for the same app.
2. On another I used hostedUI signout button to signout, which then cleared the local storage session variables and took me to sinin page.
3. In quick succession, on the other tab, I continued to use the session and call my backend as authenticated user like session was still going on remotely.

So does singOut() actually not singout the user? It just removes the local storage/session information of the authenticated session only?

[cwomack]

@bertrand-caron, I was able to reproduce this reliably and created this sample repo for further investigation. For anyone wanting to reproduce, the following order of events has to occur:

1. Sign In
2. Restart App
3. Hit the "Sign Out" button (calls Auth.signOut())
4. Hit the "Current User" button (calls Auth.currentAuthenticatedUser())

[cwomack]

@bertrand-caron, this should now be resolved with the release of v6 of Amplify. The Auth API's have changed and the equivalent to Auth.currentAuthenticatedUser() would be the v6 getCurrentUser API. Are you able to upgrade and test this to confirm it on your side as well? When testing this locally on v6, I'm not seeing the issue anymore.

[Samaritan1011001]

@bertrand-caron This should be solved in the latest version of Amplify V5. You may update the aws-amplify version to 5.3.18 and see if it resolves the issue on your React Native app. Thank you.

[cwomack]

With this now fixed in v5 (as of v5.3.18) and not an issue in v6, we'll close this.