amplify-js: Here's a revised version of your text: Bug in fetchAuthSession with the {forceRefresh:true} parameter causes an error.

Before opening, please confirm:

JavaScript Framework

Not applicable

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

  System:
    OS: macOS 14.1.1
    CPU: (12) arm64 Apple M2 Max
    Memory: 723.77 MB / 32.00 GB
    Shell: 3.2.57 - /bin/sh
  Binaries:
    Node: 20.9.0 - /usr/local/bin/node
    Yarn: 1.22.19 - /usr/local/bin/yarn
    npm: 10.2.5 - /usr/local/bin/npm
  Browsers:
    Chrome: 120.0.6099.129
    Chrome Canary: 122.0.6201.0
    Safari: 17.1
  npmPackages:
    @aws-amplify/ui-react: ^6.0.7 => 6.0.7 
    @aws-amplify/ui-react-internal:  undefined ()
    @creativebulma/bulma-divider: ^1.1.0 => 1.1.0 
    @fortawesome/fontawesome-svg-core: ^6.5.1 => 6.5.1 
    @fortawesome/react-fontawesome: ^0.2.0 => 0.2.0 
    @mapbox/mapbox-gl-style-spec:  14.0.0 
    @stripe/react-stripe-js: ^2.4.0 => 2.4.0 
    @stripe/stripe-js: ^2.2.2 => 2.2.2 
    @testing-library/jest-dom: ^6.1.5 => 6.1.5 
    @testing-library/react: ^14.1.2 => 14.1.2 
    @testing-library/user-event: ^14.5.1 => 14.5.1 
    aws-amplify: ^6.0.9 => 6.0.9 
    aws-amplify/adapter-core:  undefined ()
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/kinesis:  undefined ()
    aws-amplify/analytics/kinesis-firehose:  undefined ()
    aws-amplify/analytics/personalize:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/api:  undefined ()
    aws-amplify/api/server:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/datastore:  undefined ()
    aws-amplify/in-app-messaging:  undefined ()
    aws-amplify/in-app-messaging/pinpoint:  undefined ()
    aws-amplify/push-notifications:  undefined ()
    aws-amplify/push-notifications/pinpoint:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-amplify/utils:  undefined ()
    aws-sdk: ^2.1525.0 => 2.1525.0 
    axios: ^1.6.2 => 1.6.2 
    bulma: ^0.9.4 => 0.9.4 
    bulma-checkradio: ^2.1.3 => 2.1.3 
    compression-webpack-plugin: ^10.0.0 => 10.0.0 
    dompurify: ^3.0.6 => 3.0.6 
    firebase: ^10.7.1 => 10.7.1 
    firebase/analytics:  undefined ()
    firebase/app:  undefined ()
    firebase/app-check:  undefined ()
    firebase/auth:  undefined ()
    firebase/auth/cordova:  undefined ()
    firebase/compat:  undefined ()
    firebase/compat/analytics:  undefined ()
    firebase/compat/app:  undefined ()
    firebase/compat/app-check:  undefined ()
    firebase/compat/auth:  undefined ()
    firebase/compat/database:  undefined ()
    firebase/compat/firestore:  undefined ()
    firebase/compat/functions:  undefined ()
    firebase/compat/installations:  undefined ()
    firebase/compat/messaging:  undefined ()
    firebase/compat/performance:  undefined ()
    firebase/compat/remote-config:  undefined ()
    firebase/compat/storage:  undefined ()
    firebase/database:  undefined ()
    firebase/firestore:  undefined ()
    firebase/firestore/lite:  undefined ()
    firebase/functions:  undefined ()
    firebase/installations:  undefined ()
    firebase/messaging:  undefined ()
    firebase/messaging/sw:  undefined ()
    firebase/performance:  undefined ()
    firebase/remote-config:  undefined ()
    firebase/storage:  undefined ()
    history: ^5.3.0 => 5.3.0 
    intro.js-react: ^1.0.0 => 1.0.0 
    lodash: ^4.17.21 => 4.17.21 
    mapbox-gl: ^3.0.1 => 3.0.1 
    minisearch: ^6.3.0 => 6.3.0 
    moment: ^2.29.4 => 2.29.4 
    node-sass: ^9.0.0 => 9.0.0 
    react: ^18.2.0 => 18.2.0 
    react-dom: ^18.2.0 => 18.2.0 
    react-ga: ^3.3.1 => 3.3.1 
    react-ga4: ^2.1.0 => 2.1.0 
    react-helmet-async: ^2.0.4 => 2.0.4 
    react-joyride: ^2.7.1 => 2.7.1 
    react-responsive: ^9.0.2 => 9.0.2 
    react-router-dom: ^6.21.1 => 6.21.1 
    react-scripts: ^5.0.1 => 5.0.1 
    react-tooltip: ^5.25.0 => 5.25.0 
    sass: ^1.69.5 => 1.69.5 
    source-map-explorer: ^2.5.3 => 2.5.3 
    sweetalert: ^2.1.2 => 2.1.2 
    sweetalert2: ^11.10.1 => 11.10.1 
    sweetalert2-react-content: ^5.0.7 => 5.0.7 
    swiper: ^11.0.5 => 11.0.5 
    util: ^0.12.5 => 0.12.5 
    validator: ^13.11.0 => 13.11.0 
    web-vitals: ^3.5.0 => 3.5.0 
  npmGlobalPackages:
    @aws-amplify/cli: 12.8.2
    corepack: 0.20.0
    nodemon: 3.0.2
    npm-check-updates: 16.14.12
    npm: 10.2.5
    serverless: 3.36.0
    yarn: 1.22.19

Describe the bug

In version 5 of Amplify Authentication, I passed a parameter {bypassCache: true} to load user information and ignore the cache. The new Amplify version suggests using the fetchAuthSession function. This function works correctly as long as I don’t pass the {forceRefresh:true} parameter. When I pass this parameter, it shows the error below and logs out, even though I am already logged in with a valid user.

Expected behavior

When you add this parameter, it must ignore the logged-in user information and refresh the user information from the server without logging in or out. This helps clients, after updating their attributes such as name, phone, and address without logging out, to see the latest updates on their account.

Reproduction steps

  1. Login and fetch the user with fetchAuthSession() function ( I have integrated auth with facebook and google)
  2. Add this parameter {forceRefresh:true} to fetchAuthSession like this fetchAuthSession({forceRefresh:true}) and see the issue.

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

image

The recent changes in Amplify auth are disappointing because they make a simple process more complicated with fewer values, and Authentication is a security pillar. Imagine having 100 clients with websites built by Amplify; then, for just a simple update, I need to rewrite the entire authentication system for all clients. Please adopt and thoroughly test tools within your own company before releasing them.

About this issue

  • Original URL
  • State: closed
  • Created 6 months ago
  • Comments: 16 (11 by maintainers)

Most upvoted comments

Hello @nadernt , @gokaten-token .

The latest release included a better error handling when the fetchAuthSession API is unable to refresh the session. We also added refreshing sessions and refreshing sessions with social providers documentation to help users to manage sessions.

Let us know if that solves your concerns.

+1
israx on Jan 12, 2024

The library is not able to refresh tokens via the oauth2/token endpoint as mentioned above because it requires a refresh_token in the request. Thus, we encourage the usage of the code oauth flow as suggested on this comment.

We currently merged some changes into the library which includes a better error handling when a refresh_token is not present in storage. We also fix the issue where a tokenRefresh_failure event was not dispatched when the refresh_token was expired.

These changes are currently in the unstable version of the library and can be tested.

+1
israx on Jan 10, 2024

Hello @gokaten-token . It is expected that you get an exception when the refresh_token has expired.

You would need to re-authenticate as the refresh_token is used to refresh access and id tokens. However, you can increase the expire time by accessing to your user pool via de Cognito console, and then going to your clientId .

Yes. I believe the tokenRefresh_failure event should be faired. I’ll double check and see if there is an issue. Thanks for bringing that up.

+1
israx on Jan 4, 2024

hey @nadernt. I was able to dig into the root cause of the issue. fetchAuthSession will throw an error when it is not able to find either an id_token, access_token or refresh_token. In your case, it is not able to find a refresh_token

When using oauth flows, you can use a code grant or implicit grant flow.

When using code grant flow, the library exchanges the code param return from Hosted UI and calls the POST oauth2/token endpoint to exchange that code for tokens. In the response it will include the refresh_token. However if you use a implicit grant flow, then Hosted UI will return only access_token and id_token. For more info check this post

saying that, we still have a bug as the error thrown is not meaningfull. To troubleshoot, you can change your oauth configuration to use code grant oauth flow.

Amplify.configure({
   Auth: {
    Cognito: {
      ...cognitoConfig,
      loginWith: {
        oauth: {
          ...oauthConfig,
          responseType: "code",
        },
      },
    },
  },
})
+1
israx on Dec 29, 2023
Read more comments on GitHub
← amplify-js: Error: No credentials, applicationId or region
amplify-js: PushNotification.onRegister not generating a token. PushNotication from @aws-amplify/pushnotification doesn't have configure, onRegeister or onNotification methods on it?  →