Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amplify API calls fail to refresh token #2549

Closed
skylerrichter opened this issue Jan 15, 2019 · 6 comments
Closed

Amplify API calls fail to refresh token #2549

skylerrichter opened this issue Jan 15, 2019 · 6 comments
Assignees
@elorzafe @tannerabread
Labels
Auth Related to Auth components/category documentation Related to documentation feature requests feature-request Request a new feature

Comments

@skylerrichter
Copy link

skylerrichter commented Jan 15, 2019
edited
Loading

Describe the bug
After a successful sign in using Auth.federatedSignIn() I am only able to successfully make 1 API call before my security token expires. If I refresh my app after signing in the API will return a 403. If I refresh a second time Amplify will forget my credentials and I will be back on the login screen.

To Reproduce

App.js

Amplify.configure({
  Analytics: {
    disabled: true
  },
  Auth: {
    identityPoolId: 'IDENTITY_POOL_ID',
    region: 'us-east-1'
  },
  API: {
    endpoints: [
      {
        name: 'Service',
        endpoint: "https://LAMBDA_URL.execute-api.us-east-1.amazonaws.com/dev"
      }
    ]
  }
});

Login.js

_signInWithGoogle = () => {
    Google.logInAsync({
      iosClientId: 'IOS_CLIENT_ID', 
      scopes: ['profile', 'email']
    }).then((res) => {
      if (res.type === 'success') {
        Auth.federatedSignIn('google', { token: res.idToken }, { email: res.user.email })
          .then((creds) => {
            this.props.navigation.navigate('Main');
          });
      }
    });
  }

Foo.js

componentDidMount() {
  API.get('Service', '/foo').then(console.log).catch(console.log)
}

Expected behavior
Security tokens should refresh automatically as per the Amplify documentation "When using Authentication with AWS Amplify, you don’t need to refresh Amazon Cognito tokens manually. The tokens are automatically refreshed by the library when necessary."

Smartphone

  • Device: Phone X Simulator (Expo)
  • OS: iOS 12.1
  • Version 32.0.0
@haverchuck haverchuck added Auth Related to Auth components/category investigating This issue is being investigated labels Jan 16, 2019
@haverchuck haverchuck added this to the Triage milestone Jan 16, 2019
@elorzafe elorzafe self-assigned this Jan 17, 2019
@elorzafe elorzafe added bug Something isn't working and removed investigating This issue is being investigated labels Jan 18, 2019
@elorzafe
Copy link
Contributor

@skylerrichter I reproduced the problem I marked this as a bug and try to send a pr to fix it

@elorzafe
Copy link
Contributor

@skylerrichter I found the root cause of your issue.

You need to add to Auth.federatedSignIn expires_at attribute like this.

_signInWithGoogle = () => {
    Google.logInAsync({
      iosClientId: 'IOS_CLIENT_ID', 
      scopes: ['profile', 'email']
    }).then((res) => {
      if (res.type === 'success') {
        Auth.federatedSignIn('google', { token: res.idToken, expires_at:<token_expiration> }, { email: res.user.email })
          .then((creds) => {
            this.props.navigation.navigate('Main');
          });
      }
    });
  }

I will mark this as enhancement rather than bug, it should warn in case the expires_at is not there.

@elorzafe elorzafe added enhancement and removed bug Something isn't working labels Jan 18, 2019
@elorzafe
Copy link
Contributor

@skylerrichter if you need to refreshTokens you can define a refreshToken callback and configure that refreshHandlers for Auth. Following there is an example for doing this.

function refreshToken() {
    // refresh the token here and get the new token info
    // ......

    return new Promise(res, rej => {
        const data = {
            token, // the token from the provider
            expires_at, // the timestamp for the expiration
            identity_id, // optional, the identityId for the credentials
        }
        res(data);
    });
}

Auth.configure({
    refreshHandlers: {
        'developer': refreshToken // the property could be 'google', 'facebook', 'amazon', 'developer', OpenId domain
    }
})

@usmansbk
Copy link

The docs is a bit misleading. It doesn't automatically refresh the token in a non browser environment. One has to implement it.

@elorzafe elorzafe added the documentation Related to documentation feature requests label Jan 21, 2019
@mlabieniec mlabieniec removed this from the Triage milestone Jun 10, 2019
@sammartinez sammartinez added feature-request Request a new feature and removed enhancement labels Jun 17, 2019
@tomasyaya
Copy link

Hi @elorzafe I have a related question in issue 4782. I provided the callback for the refresh but it deosn't seem to work.

If you have any suggestion that would be great

@tannerabread
Copy link
Contributor

Hi 👋 Closing this as resolved. There have been docs updates here and here that now display this process is not automatic for federatedSignIn outside of Facebook and Google.

Thank you!

@tannerabread tannerabread self-assigned this Dec 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elorzafe elorzafe

@tannerabread tannerabread

Labels
Auth Related to Auth components/category documentation Related to documentation feature requests feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@mlabieniec @sammartinez @usmansbk @haverchuck @skylerrichter @elorzafe @tannerabread @tomasyaya