Inconsistent behavior when session expires (refresh token dead) #3943
Comments
github-actions
bot
added
pending-triage
edisooon
added
question
|
Hi @dcristolovean , thank you for submitting this issue. One of our team members will take a look into this matter and provide with an answer here. |
github-actions
bot
removed
the
pending-maintainer-response
|
I discovered also an interesting behavior. So the session is dead and I call signOut(). I press CANCEL on the system dialog but the user is logged out and session can be fixed now, with fetch. Which leads me to believe that signOut() has 2 parts: one on API side, web stuff, it works if there's a session valid, otherwise .... and one local part that cleans up the local user. The thing is that if the 1st part fails (or i press cancel), you still clean up local stuff and everything will work from now on. At least there's that, but if I'm right, then you really should have a signOut() method that actually detects the session is dead so there's no point for any web stuff or any system dialog to be displayed and only do the local part. And another thing. If the session expires when the app is opened, you have to handle the error from the API, which is nowhere to be found in the doc. Putting some prints when you detect an API error is not a documentation. if let apiError = error as? APIError { |
github-actions
bot
added
the
pending-maintainer-response
sebaland
removed
the
pending-maintainer-response
@dcristolovean There is currently no way of achieving a silent logout if you are using HostedUI via non private session. I am discussing this internally within the team to provide some kind of way to only sign out locally via an API option.
I'll take this feedback and see if we are able to improve documentation around error handling. |
Describe the bug
I'm transitioning from AWSMobileClient to Amplify and it's a huge endeavor. I'm a bit stuck with handling session expiration cases and it might be a bug (or intended behavior, but then see the questions).
My app is configured to use auth user AND non-auth users.
So, let's assume in my Amplify.Hub.listen (...) I receive the sessionExpired event.
This leaves me in a totally inconsistent state, where, I would like to revert to a non-auth user and continue using the app. Or display something, doesn't matter.
But when I get the sessionExpired event, nothing works anymore: fetchAuthSession is dead, getIdentityId is dead, API calls are dead.
And the reason for that is that the fetchAuthSession returns isSignedIn = true and still has a user stalled somewhere.
The only way I could transition back to a non auth user is to call Amplify.Auth.signOut() and actually get rid of my bad user. After that, everything works again, I am a non-auth user.
This approach has one big problem: the user plays in the app and suddenly he gets the system dialog to sign in. We all know the issue with that text in the system dialog. It's really bad to just show this dialog out of the blue. And they might press CANCEL.
So... how can I get rid of the logged in user with the expired session ? Silently, not showing anything to the user.
PS: (Rant) The documentation is, again, completely useless, doesn't explain anything, doesn't give any actual real world examples. I'm using AWS for 10 years now and this was always the weak link. I expected Amplify to finally fix this issue, but unfortunately the documentation is just as useless as before.
PS2: Interestingly enough, on Android, according to my colleague, when he gets a sessionExpired in the Hub, calling fetchAuthSession magically fixes everything, session doesn't show signed in anymore and no user left to sign out and he's a non-auth user with a new identityId.
Steps To Reproduce
Kinda hard to provide some steps, it's a more generic theoretical questionExpected behavior
Amplify Framework Version
2.45.2
Amplify Categories
Auth
Dependency manager
Swift PM
Platforms
iOS
The text was updated successfully, but these errors were encountered: