Incorrect redirection on session expiration with Cognito/Google

[stripethree]

When a session expires, ra-auth-cognito does not appear to correctly redirect a user to the Cognito hosted UI.

In this state, this is what appears to happen, in chronological order:

• getPermissions is called in the authProvider
  • the call to userPool.getCurrentUser() returns a valid user
  • the call to user.getSession returns an error: Cannot retrieve a new session. Please authenticate.
  • getPermissions returns Promise.reject with the error
• checkAuth is called in the authProvider
  • the call to userPool.getCurrentUser() returns a valid user
  • the call to user.getSession returns an error: Cannot retrieve a new session. Please authenticate.
  • checkAuth returns Promise.reject with the error

If the {loginPage} attribute on <Admin> is set to Login (from this library), the user is forwarded to the Login view. This is not useful since username/password is not enabled. There appears to be no way to return to the Cognito Hosted UI login page without manually updating the URL in the location bar. Clearing browser data, navigating back to the applications root URL, etc. all lead to this scenario.

If the {loginPage} attribute on <Admin> is set to false, which makes sense given the information in #2, the screen is stuck on a loading view:

Making the following change in authProvider.ts checkAuth function resolves the issue in my testing:

        user.getSession((err, session) => {
          if (err) {
            console.log(err);
            // log the error?
+            return redirectToOAuthIfNeeded(new HttpError('No user', 401));
-            return reject(err);
          }

Changing this in getPermissions is not possible without larger changes, given where the redirectToOAuthIfNeeded is currently defined.

More information on the configuration of the application I am developing and how I am testing

• testing using Brave Version 1.48.164 Chromium: 110.0.5481.100 (Official Build) (arm64)
• Cognito and Google project set up according to documentation in this repository, with the exception that the Cognito application is configured to us Google as the only identity provider. Cognito user pool is not enabled.
• Hosted UI is enabled using a Cognito domain, no custom domains
• Additional information on the configuration of the Cognito app client:

  
  Authentication flows
  ALLOW_CUSTOM_AUTH
  ALLOW_REFRESH_TOKEN_AUTH
  ALLOW_USER_SRP_AUTH

Authentication flow session duration 3 minutes

Refresh token expiration 60 minutes

Access token expiration 5 minutes

ID token expiration 5 minutes

- Relevant package versions in the project:

"amazon-cognito-identity-js": "^6.1.2",
"ra-auth-cognito": "^1.0.0",
"ra-core": "4.7.2",
"ra-data-simple-rest": "4.8.1",
"react": "^18.2.0",
"react-admin": "4.7.1",
"react-dom": "^18.2.0",
"react-scripts": "5.0.1",

Please let me know if I can provide any more details that would help.

[djhi]

Thanks for the detailed report and the fix. I was able to reproduce it and fix it

[julienV]

Hi, I still have this exact same issue with 1.0.1...

[julienV]

please can you make a new release with the fix... it's in fact not in 1.0.1