SECRET_HASH header is not added in refreshSession.
Cause
The step is enclosed by one if block, and it is unnecessary.
Fix
Move the SECRET_HASH header insertion out of the block, like how it is done in other methods.
Details:
If the Cognito App Client has set up a client secret, a SECRET_HASH header will be required to refresh the token.
One possible scenario will be:
User login to the app, Cognito returns Access Token, ID Token, Refresh Token.
App stored all tokens and username on the device (e.g. shared_preferences).
User closes the app and opens the app again after the access token or ID token is expired.
App attempts to generate new tokens with stored username and refresh token.
New tokens are generated and replace expired tokens.
So in step 4, my app failed to refresh the session because the secret hash is not added to the headers.
Current logic has one condition check before adding SECRET_HASH, which is unnecessary.
furaiev
commented
2 years ago
Pull request #198: Moving SECRET_HASH assignment out from unrelated condition block
Summary
Issue
SECRET_HASHheader is not added inrefreshSession.Cause
The step is enclosed by one if block, and it is unnecessary.
Fix
Move the
SECRET_HASHheader insertion out of the block, like how it is done in other methods.Details:
If the Cognito App Client has set up a client secret, a
SECRET_HASHheader will be required to refresh the token.One possible scenario will be:
shared_preferences).So in step 4, my app failed to refresh the session because the secret hash is not added to the headers. Current logic has one condition check before adding
SECRET_HASH, which is unnecessary.