amplify-android: Amplify.Auth.fetchAuthSession() returns the same access token even after expiry

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication

Gradle script dependencies



implementation 'com.amplifyframework:core-kotlin:0.19.4'
implementation 'com.amplifyframework:aws-auth-cognito:1.35.5'

Environment information

------------------------------------------------------------
Gradle 7.2
------------------------------------------------------------

Build time:   2021-08-17 09:59:03 UTC
Revision:     a773786b58bb28710e3dc96c4d1a7063628952ad

Kotlin:       1.5.21
Groovy:       3.0.8
Ant:          Apache Ant(TM) version 1.10.9 compiled on September 27 2020
JVM:          11.0.6 (AdoptOpenJDK 11.0.6+10)
OS:           Mac OS X 10.16 x86_64

Please include any relevant guides or documentation you’re referencing

No response

Describe the bug

I am using Amplify authentication to signup/login and get an authToken that I use to authenticate with our api. Everything works fine until the access token’s expiration. After that point every time I try to get a new token (using Amplify.Auth.fetchAuthSession()) I only get the same expired token. I am fetching the auth session on app’s start and every time I get a 401 code response from our api, every time the token I receive is the same. The only solution to get a new valid token is to Log out -> Log in -> Amplify.Auth.fetchAuthSession but I don’t think that’s the intended behaviour.

Reproduction steps (if applicable)

  1. Login using amplify and get the accessToken
  2. Wait for the token to expire
  3. Try getting a new accessToken by calling Amplify.Auth.fetchAuthSession()
  4. Notice that the token I get is the same token as the initial one which expired.

Code Snippet


override suspend fun getAuthSession(): Outcome<AuthSession> {
        return try {
            val session = Amplify.Auth.fetchAuthSession()
            Log.i("AmplifyQuickstart", "Auth session = $session")
            keyValuePersistentData.setValue(
                TOKEN_KEY,
                (session as AWSCognitoAuthSession).userPoolTokens.value?.accessToken
            )
            Outcome.success(session as AuthSession)
        } catch (e: Exception){
            Outcome.failure(e)
        }

    }

Log output

// Put your logs below this line

amplifyconfiguration.json

{ “auth”: { “plugins”: { “awsCognitoAuthPlugin”: { “CognitoUserPool”: { “Default”: { “PoolId”: “eu-north-1_WzFxOg9l7”, “AppClientId”: “76c0ocgfjp3jc8mmk6p2ge2c43”, “Region”: “eu-north-1” } }, “Auth”: { “Default”: { “authenticationFlowType”: “USER_SRP_AUTH” } } } } } }

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 37 (13 by maintainers)

Most upvoted comments

Hello @smartpuffindev I am looking at the issue and will advise soon. Thank you

+1
gpanshu on Jun 14, 2022
Read more comments on GitHub
← amplify-android: After remembering device, calling Amplify.Auth.signOut() causes next signIn() call to return CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE
amplify-android: Amplify.Auth.fetchAuthSession returns "You are currrently signed out." immediately after successful Amplify.Auth.signIn call →