SeifAhli
commented
2 weeks ago basically bricks the phone for the user until either the phone is formatted. extreme case but a nice QOL improvement would be a way to remove stored keychain credentials without having to go through AWS authentication (as a developer)
tested on same device with different users and got no issues. tested other device with same user and got no issues.
confident problem is user and device specific as changing the app bundle also allows the user to login on the bricked device.
thisisabhash
first time reporting a bug on a github repo so excuse any confusion. I'll try to get the idea across
Describe the bug It's an extreme case but might occur non the less with no solution other than a hard reset or nuking the keychain
To Reproduce the user has to be signed in on the device prior, any change to the device key in the cognito user pool would most likely be resolved when the user attempts to sign in agin or reset password.
To reproduce this case the user refresh token has to be invalidated. so that user is unable to login, unable to reset password, and the aws getSession function is unable to fetch expirationTokenKey.
Observed Behavior upon login, user gets the error stated in the title with error code: 24
no way to resolve this issue
Expected Behavior user should be able to either register a new device upon reinstalling the app at least but due to persistDevice function in AWSCognitoIdentityUser. the user credentials stored in the keychain don't get reset. and attempting to call forgetDevice() or forgetDevice(deviceID) fail due to the user session not being verified by aws. solution is to simply call the forgetDeviceInternal function, however it's inaccessible from outside the library and the attempting to get the keychain keys used by amazon is not a viable solution, nor is it easy or persistent for long term.
Areas of the SDK you are using (AWSMobileClient, Cognito, Pinpoint, IoT, etc)? AWSCognitoIdentityUser
Environment(please complete the following information):
Device Information (please complete the following information):
Additional context it's not a case that would occur in most scenarios. but to make it easie to resolve such issue, provide the sdk a method for the developer to purge the keychain used by AWS cognito libraries
also what is the use of redundant deviceID storage in asfDeviceId as well?