extend AuthCognitoTokens to provide more functionality #3288
Comments
atierian
added
auth
|
Hi @drmarkpowell, thanks for opening this issue. First question - how to know when a refresh token is invalid:Do you need to know if the refresh token has expired, or would knowing if the user is currently signed in suffice? let isSignedIn = try await Amplify.Auth.fetchAuthSession().isSignedInFor test mocks, the likely easiest way is injecting the calls to Amplify in something that you can swap out in your tests. struct Router {
let signedInResolver: () async throws -> Bool
func userRoute() async -> Route {
do {
let isUserSignedIn = try await signedInResolver()
return isUserSignedIn ? .profile : .login
} catch {
return .error(error)
}
}
}
extension Router {
static let live = Router(
signedInResolver: {
try await Amplify.Auth.fetchAuthSession().isSignedIn
}
)
}
// Application Target
let route = await Router.live.userRoute()
// Test Target
let route = await Router(signedInResolver: { true }).userRoute()
// assert ProfileRoute
let route = await Router(signedInResolver: { false }).userRoute()
// assert LoginRoute
let route = await Router(signedInResolver: { throw SomeError() }).userRoute()
// assert ErrorRouteSecond question - how to completely delete tokens when the user signs out:This is done automatically by Amplify. Are you seeing behavior that indicates otherwise? |
atierian
added
question
atierian
added
pending-community-response
|
I want to test whether the refreshments expired so that I can immediately navigate the user to a login UI instead of trying to login with an expired token and handling the exception. IsSignedIn would not give me that, if I understand correctly.
|
atierian
removed
pending-community-response
That's correct, do {
// .forceRefresh() will refresh the access tokens
// if the refresh token is expired, it will throw AuthError.sessionExpired
let isSignedIn = try await Amplify.Auth.fetchAuthSession(
options: .forceRefresh()
).isSignedIn
// ...
} catch AuthError.sessionExpired {
// the refresh token has expired
// you need to call `signOut()` before attempting to sign in.
_ = await Amplify.Auth.signOut()
// now you can sign in
// ...
} catch {} |
atierian
added
the
pending-community-response
github-actions
bot
removed
the
pending-community-response
Is your feature request related to a problem? Please describe.
I have two recurring problems I'd love to be able to solve (at all).
One, I know of no way to know when a refresh token is invalid. When this happens, the app login flow will generate an error and we have to handle that properly. There is no way I know of to mock this for testing, and no way I know of to reproduce it by injecting an expired token or mock token in order to validate that the application logic that handle the error and navigate the user to the login page works properly. I'm looking for a way to query the token provider, to ask it "Is the refresh token expired?"
Two, I know of no way to completely delete tokens when the user signs out, which I want to do to make a signout application logic actually thorough, requiring the user to sign in again the next time they mean to access the app. I know of no way to delete the current access and refresh tokens from the secure storage where they are kept.
Describe the solution you'd like
Here is the current API:
I would like to see something added to the API similar to:
Describe alternatives you've considered
I've tried using Foundation API to clear secure keychain tokens, but it isn't working.
I've considered storing the date/time of refresh token generation in UserDefaults or similar and tracking it within the app, but that's error prone and shouldn't be implemented by third party developers...it should be part of Amplify SDK.
Is the feature request related to any of the existing Amplify categories?
Auth
Additional context
No response
The text was updated successfully, but these errors were encountered: