aws-amplify / aws-sdk-ios

AWS SDK for iOS. For more information, see our web site:
https://aws-amplify.github.io/docs
Other
1.68k stars 884 forks source link

Device with key *key* does not exist in device pool *pool* #5339

Open SeifAhli opened 6 months ago

SeifAhli commented 6 months ago

first time reporting a bug on a github repo so excuse any confusion. I'll try to get the idea across

Describe the bug It's an extreme case but might occur non the less with no solution other than a hard reset or nuking the keychain

To Reproduce the user has to be signed in on the device prior, any change to the device key in the cognito user pool would most likely be resolved when the user attempts to sign in agin or reset password.

To reproduce this case the user refresh token has to be invalidated. so that user is unable to login, unable to reset password, and the aws getSession function is unable to fetch expirationTokenKey.

Observed Behavior upon login, user gets the error stated in the title with error code: 24

no way to resolve this issue

Expected Behavior user should be able to either register a new device upon reinstalling the app at least but due to persistDevice function in AWSCognitoIdentityUser. the user credentials stored in the keychain don't get reset. and attempting to call forgetDevice() or forgetDevice(deviceID) fail due to the user session not being verified by aws. solution is to simply call the forgetDeviceInternal function, however it's inaccessible from outside the library and the attempting to get the keychain keys used by amazon is not a viable solution, nor is it easy or persistent for long term.

Areas of the SDK you are using (AWSMobileClient, Cognito, Pinpoint, IoT, etc)? AWSCognitoIdentityUser

Environment(please complete the following information):

Device Information (please complete the following information):

Additional context it's not a case that would occur in most scenarios. but to make it easie to resolve such issue, provide the sdk a method for the developer to purge the keychain used by AWS cognito libraries

also what is the use of redundant deviceID storage in asfDeviceId as well?

SeifAhli commented 6 months ago

basically bricks the phone for the user until either the phone is formatted. extreme case but a nice QOL improvement would be a way to remove stored keychain credentials without having to go through AWS authentication (as a developer)

tested on same device with different users and got no issues. tested other device with same user and got no issues.

confident problem is user and device specific as changing the app bundle also allows the user to login on the bricked device.

thisisabhash commented 6 months ago

Thank you for posting this. Our team will investigate and post updates on this ticket.