search

awslabs / aws-mobile-appsync-sdk-js

JavaScript library files for Offline, Sync, Sigv4. includes support for React Native
Apache License 2.0
919 stars 266 forks source link

headerBasedAuth not updating the headers with new values #666

Open chrisharrison opened 3 years ago

chrisharrison commented 3 years ago

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

Using the following config when creating a client:

const client = new AWSAppSyncClient({
  url: config.AppSync.aws_appsync_graphqlEndpoint as string,
  region: config.AppSync.aws_appsync_region,
  auth: {
    type: AUTH_TYPE.AMAZON_COGNITO_USER_POOLS,
    jwtToken: async () =>
      (await Auth.currentSession()).getIdToken().getJwtToken(),
  },
  disableOffline: true,
});
  disableOffline: true,
});

When a subscription is created a websocket is established. Under some circumstances (network disruption, VPN switching etc) a new websocket connection is established. But the authorization header is not updated. If the access token has since expired then Appsync will return:

[{errorType: "UnauthorizedException", message: "Token has expired."}]

What is the expected behavior?

The authorization header should use the token returned by the jwtToken function in the Appsync client config.

paulich commented 1 year ago

We've run into the same issue and it seems like the fix in #667 solves it. Can this be added to the libraries?