From eb7e2b3c189e86248c229aa1f6debb039fd81287 Mon Sep 17 00:00:00 2001
From: Harshdeep Singh <6162866+harsh62@users.noreply.github.com>
Date: Wed, 21 Aug 2024 16:31:48 -0400
Subject: [PATCH] fix(auth): clear credentials values only if namespacing has
 changed

---
 .../AWSCognitoAuthCredentialStore.swift                |  4 ++--
 .../CredentialStoreConfigurationTests.swift            | 10 +++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/CredentialStorage/AWSCognitoAuthCredentialStore.swift b/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/CredentialStorage/AWSCognitoAuthCredentialStore.swift
index 3bb2a2e1bb..28654896ea 100644
--- a/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/CredentialStorage/AWSCognitoAuthCredentialStore.swift
+++ b/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/CredentialStorage/AWSCognitoAuthCredentialStore.swift
@@ -65,12 +65,12 @@ struct AWSCognitoAuthCredentialStore {
             newIdentityConfigData != nil &&
             oldIdentityPoolConfiguration == newIdentityConfigData
         {
-
             // retrieve data from the old namespace and save with the new namespace
             if let oldCognitoCredentialsData = try? keychain._getData(oldNameSpace) {
                 try? keychain._set(oldCognitoCredentialsData, key: newNameSpace)
             }
-        } else if oldAuthConfigData != currentAuthConfig {
+        } else if oldAuthConfigData != currentAuthConfig &&
+                    oldNameSpace != newNameSpace {
             // Clear the old credentials
             try? keychain._remove(oldNameSpace)
         }
diff --git a/AmplifyPlugins/Auth/Tests/AuthHostApp/AuthIntegrationTests/CredentialStore/CredentialStoreConfigurationTests.swift b/AmplifyPlugins/Auth/Tests/AuthHostApp/AuthIntegrationTests/CredentialStore/CredentialStoreConfigurationTests.swift
index 0dd8d34e9f..8efbebdefd 100644
--- a/AmplifyPlugins/Auth/Tests/AuthHostApp/AuthIntegrationTests/CredentialStore/CredentialStoreConfigurationTests.swift
+++ b/AmplifyPlugins/Auth/Tests/AuthHostApp/AuthIntegrationTests/CredentialStore/CredentialStoreConfigurationTests.swift
@@ -89,8 +89,16 @@ class CredentialStoreConfigurationTests: AWSAuthBaseTest {
             XCTFail("Unable to save credentials")
         }
 
+        // When configuration changed
+        let updatedConfig = AuthConfiguration.userPoolsAndIdentityPools(
+            UserPoolConfigurationData(poolId: Defaults.userPoolId,
+                                      clientId: Defaults.appClientId,
+                                      region: Defaults.regionString,
+                                      clientSecret: Defaults.appClientSecret,
+                                      pinpointAppId: "somethingNew"),
+            Defaults.makeIdentityConfigData())
         // When configuration don't change changed
-        let newCredentialStore = AWSCognitoAuthCredentialStore(authConfiguration: initialAuthConfig)
+        let newCredentialStore = AWSCognitoAuthCredentialStore(authConfiguration: updatedConfig)
 
         // Then
         guard let credentials = try? newCredentialStore.retrieveCredential(),