Closed theogravity closed 11 months ago
I'm the colleague who sees the error most of the time, so I'll add a few more details:
Auth.SignIn()
call in a try/catch and retry the same SignIn call if it failed the first time, the second attempt typically succeededIf I had to make a guess as to what is going on (without knowing how these methods work under the hood), it appears to me as though the global sign out method continues to search for tokens to revoke slightly past the time that the awaited promise resolves, so if the SignIn call takes place too quickly, the sign out call revokes its token too, causing the sign in to fail.
We are having the same issue in our project. The second situation marla-hoggard describes (wrapping the Auth.SingIn in a try/catch) is what we have implemented, and the SignIn process always fails the first time but succeeds the second time around.
I am also facing same issue.
The developer preview for v6 of Amplify has officially been released with updates to the Auth package, error handling, and much more! Please check out our announcement and updated documentation to see what has changed.
We believe this issue should be resolved within the dev preview and upcoming General Availability for Amplify v6, but let us know with a comment if there are further issues.
With the release of the latest major version of Amplify (aws-amplify@>6), this issue should now be resolved! Please refer to our release announcement, migration guide, and documentation for more information.
Hello team,
It seems that the issue is still there, although not reproducible 100% of the times, there's is a reasonably consistent pattern how I was able to reproduce it (aws-amplify
version 6.0.18). Also reproducible if I use the globalSignOut
from the amazon-cognito-identity-js
version 6.3.7 instead.
I'm trying to implement the case for ensuring that the User session can only be used once across devices. Without waiting for some seconds between the global sign out and the last sign in, the newest token issued by the last sign in will be revoked :(
The code for my "signInSingleSession" function:
const out = await signIn({ username, password });
if (!out.isSignedIn) {
return out;
}
await signOut({ global: true });
// await new Promise((resolve) => setTimeout(resolve, 5000)); // if I add smth like this, the issue seems to be gone.
await signIn({ username, password });
My FE also checks every second if the tokens are valid, otherwise redirects to the sign in page:
// in a React component:
const goToLoginPage = useCallback(() => navigate("/sign-in"), [navigate]);
useEffect(() => {
void validateSingletonSession({ onFailure: goToLoginPage });
const intervalId = window.setInterval(
() => validateSingletonSession({ onFailure: goToLoginPage }),
60000,
);
return () => window.clearInterval(intervalId);
}, [goToLoginPage]);
// in authService:
export async function validateSingletonSession({
onFailure,
}: {
onFailure: () => void;
}) {
try {
// Doesn't matter what we fetch here. We just need to trigger a request to Cognito that validates the token,
// but does not refresh it.
await fetchUserAttributes(); // this already tries to fetch auth token inside (without force refresh)
} catch (error) {
// To clear the current session, and to make sure that the token is indeed revoked,
// we need to try to force-refresh the token.
const { tokens } = await fetchAuthSession({ forceRefresh: true });
if (!tokens) {
console.error("Failed to get the current user!", error);
onFailure();
}
}
}
How I was able to reproduce:
It seems that the issue might be in the underlying library (Cognito provider?), but is there a way to actually reliably wait for the tokens to be revoked without trying to guess the duration?
I would assume this is still an open issue? Why is it closed?
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
Authentication
Amplify Categories
auth
Environment information
Describe the bug
Auth.changePassword()
to change the user's password.Auth.signOut({ global: true })
Auth.signIn()
with the username / password to regenerate the tokensAuth.signIn()
call fails withAuthClass - Failed to get the signed in user
NotAuthorizedException: Access Token has been revoked
Expected behavior
The
Auth.signIn()
call should succeed given correct credentials.Reproduction steps
See bug description and code snippet.
Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response