-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fetchAuthSession triggering logout when offline #6057
Comments
Having the same issue, I see tokenRefresh_failure event being fired and tokens are removed from cookie storage |
@dehli Thanks for taking a look. I can confirm i see the same behavior as well. I will look closer into this today and report back. |
@dehli @didemkkaslan Can you confirm which version are you both on? There was a retry fix just recently, while i see the issue on 6.6.4 (I used this version since that was what @didemkkaslan issue mentioned and on another issue as well) when i try the most recent version 6.8.0 i dont see the logout behavior anymore. Can one of you confirm ? |
Hey @ashika112, thanks for looking into it. I'm on Here's my stacktrace: |
@dehli so this what i see, i do get network error but after that when network comes back on i am able to get credentials and token for the customer and not logged out. |
@dehli do you have any custom storage implementation? Would it be possible to put out a minimal code reproducing and share me the repo? |
No custom storage. I'll work on putting together a minimal reproducing example though 👍 |
@dehli , I was also testing in next js since some other issues was there. I will also try in react now at my end (which i notice is what you use at your end). |
@dehli Im able to reproduce this consistently in React and hence i have marked this as bug. We will keep this ticket posted for updates. |
Awesome! Thanks so much 🎉 |
I've tested both versions With aws-amplify: "6.6.4" Got the below error and tokens are deleted from my custom cookie storage With aws-amplify: "6.8.0" Tokens are not deleted from my custom cookie storage, I can still access session idtoken data My custom cookie storage implementation:
I have one question tho: I shouldn't signout the user when a tokenrefresh_failure event fires right? |
@didemkkaslan Ideally you want log customer out when there is error except for Network error. |
@dehli Do you use Sorry for the back and forth. As i investigate i see the behavior is scoped only to the component. |
@ashika112 Yep, I am using the |
@dehli I think this is scoped to Authenticator. Is it possible for you to verify the behavior without Authenticator? On my side, im going to reach out to |
It will take a bit to pull out the Authenticator with the way our project is setup. I did look through the From my investigation this morning, it seemed to be related to the |
@dehli I am working internally with the team right now, if this needs to be in their repo, i will re-route this ticket to them so they have context. |
Sounds good! This seems to be what's causing the behavior:
|
Before opening, please confirm:
Fix can be found here: #6061
JavaScript Framework
React
Amplify APIs
Authentication
Amplify Version
v6
Amplify Categories
auth
Backend
CDK
Environment information
Describe the bug
If you call
Auth.fetchAuthSession({ forceRefresh: true })
while offline, amplify will trigger the logout flow.Expected behavior
I'd expect an error, but I wouldn't expect to be logged out.
Reproduction steps
Auth.fetchAuthSession({ forceRefresh: true })
(I did this by adding the function to the window).Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
Related to aws-amplify/amplify-js#13596 & aws-amplify/amplify-js#13993
The below chunk of code is NOT responsible for clearing the tokens. I confirmed that the signout workflow is triggered further downstream.
https://github.com/aws-amplify/amplify-js/blob/0f5091780046b9556b98300c29fb970a0358bd70/packages/auth/src/providers/cognito/tokenProvider/TokenOrchestrator.ts#L173-L176
If I return null (and prevent calling the subsequent
Hub.dispatch
) I am not logged out. Not sure what implications that will have so I didn't submit a PR.The text was updated successfully, but these errors were encountered: