fetchAuthSession(): credentials / sessionToken Not Persisted Across Restarts about amplify-js HOT 3 OPEN

Hello, @brianlenz 👋. While this was opened as a bug, it looks like it's very similar to the feature request in #10393 regarding improved offline session management. Also, the behavior described here for the fetchAuthSession() API after the app goes offline and gets restarted seems expected. When loading up (or reloading/restarting) an app, fetchAuthSession() will attempt to get the credentials again due to them being persisted in-memory.

I'll mark this as a duplicate of #10393, but let us know if you have additional questions. Feel free to add any context, upvotes, etc. on that issue and track it for updates on this feature request too. Thanks!

from amplify-js.

@cwomack I appreciate the response! I can see how #10393 is related, but that's an old feature request from 2022 in the context of v5, whereas this is v6-specific. v5 supported what we're trying to do here, but v6 does not, so this feels more like a regression than a feature request.

I've been doing more testing, and it looks like the issue also applies to getCurrentUser(). In v5, you could invoke Auth.currentAuthenticatedUser() to get the current user without needing to hit the server, even if the session had expired. getCurrentUser(), however, requires a session in order to complete, which means that if the session/token has expired, it will attempt a request to the server, so there is no way in v6 to ensure we can check a user is signed in to Amplify without an internet connection. This feels like a bug to me since it was possible in v5?

We are going to work around these limitations by reworking our logic, leveraging NetInfo and some internal state to determine if a user is signed in since we can no longer reliably rely on Amplify for that. To me, it feels like these improvements would still be warranted from an Amplify framework standpoint, but I'll leave it to you to determine how best to handle within the issues here since you know the project much better than I do 👍 Thanks!

from amplify-js.

Hi @cwomack @brianlenz ,
I am investigating an issue that might be related to the one currently being discussed. I've noticed in the code at this section:
https://github.com/aws-amplify/amplify-js/blob/main/packages/auth/src/providers/cognito/credentialsProvider/credentialsProvider.ts#L119-L148
that when guest user credentials expire, the SDK sends a request with the existing Cognito Identity ID as a parameter to getCredentialsForIdentity. Interestingly, the identity ID is replaced with the one that is returned. In my local tests, however, the same identity ID is returned even after the guest user token expires (after 1 hour). Yet, the identity ID is replaced in the if condition on line 142. Can you clarify if the guest Cognito ID can change and under what circumstances? How can we reproduce this behavior? Please let me know if you need more information, or another issue should be opened.

from amplify-js.