Open Jay2113 opened 4 years ago
I confirm the behaviour. This thread on Apple forum explains keychain data are not deleted when an app is deleted. https://forums.developer.apple.com/thread/36442 The thread is mentioning a way to workaround that behaviour, but that should be implemented in the AWSMobileClient SDK, not in the (workshop) app. I am engaging the product team to search for guidance.
Thank you for that response. I look forward to hearing what the product team has to say about this.
Here is the answer I received from the IOS SDK service team :
This behavior is different in versions of iOS. Here is a related issue with a work around: https://github.com/aws-amplify/aws-sdk-ios/issues/1605#issuecomment-502590202
We will consider this as we work on getting Amplify to GA. There are no security risks here since it is stored in the encrypted keychain (the preferred method). A lot of apps do actually work this way as well (if you remove/re-install you’ll be logged in again).
Let me know if the workaround is acceptable.
Describe the issue
I understand that the AWSMobileClient manages state by storing credentials in the keychain. So once a user is authenticated and logged into the application, now if the user goes ahead uninstalls and reinstalls the app the state is maintained and he doesn’t have to be authenticated again. Is there a way that everytime a user uninstalls and reinstalls the app he has to be authenticated and doesn’t log in directly?
Steps to reproduce:
This is the delete procedure I tried:
Screenshots
Amplify CLI Version 4.16.1
Xcode Version 11.2.1
Desktop: