Skip to content

fix(auth): User pool token, user sub should be returned for signedIn user with no identityPool config #632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 10, 2020
Merged

fix(auth): User pool token, user sub should be returned for signedIn user with no identityPool config #632

merged 3 commits into from
Jul 10, 2020

Conversation

royjit
Copy link
Contributor

@royjit royjit commented Jul 10, 2020

Description of changes:

Amplify can be used with only Cognito User Pool configured. With the configuration structure shown below. In this case while calling the api fetchAuthSession the returned result doesnot provide the right values for usersub and cognito tokens. This PR fixes this behavior.


{
    "UserAgent": "aws-amplify-cli/2.0",
    "Version": "1.0",
    "auth": {
        "plugins": {
            "awsCognitoAuthPlugin": {
                "UserAgent": "aws-amplify/cli",
                "Version": "0.1.0",
                "IdentityManager": {
                    "Default": {}
                },
                
                "CognitoUserPool": {
                    "Default": {
                        "PoolId": "xx",
                        "AppClientId": "xx",
                        "AppClientSecret": "xx",
                        "Region": "xx"
                    }
                },
                "Auth": {
                    "Default": {
                        "OAuth": {
                            ...
                            
                        },
                        "authenticationFlowType": "USER_SRP_AUTH"
                    }
                }
            }
        }
    }
}

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@royjit royjit self-assigned this Jul 10, 2020
@royjit royjit requested review from lawmicha and palpatim July 10, 2020 16:57
@royjit royjit added the auth Issues related to the Auth category label Jul 10, 2020
@drochetti drochetti added this to the 1.0.5 milestone Jul 10, 2020
palpatim
palpatim requested changes Jul 10, 2020
View reviewed changes
...gins/Auth/AWSCognitoAuthPlugin/Dependency/AuthorizationProviderAdapter+SignedInSession.swift Outdated
@@ -222,4 +220,18 @@ extension AuthorizationProviderAdapter {
cognitoTokensResult: tokenResult)
completionHandler(.success(authSession))
}

/// Check if the error is related to improper configuration of Cognito Identity Pool
private func identityPoolConfigured(error: Error) -> Bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. See note above re method name
  2. I don't see this using any instance members, so make this static

More importantly, it's hard to wade through the double negatives in this method logic: the method comment asserts that we're looking to see if the error is related to improper configuration of an identity pool, but we return false if we find that the error is in fact a cognitoIdentityPoolNotConfigured error. How is that error not related to improper configuration? Why are just these two error conditions sufficient to assert that the error isn't related to improper configuration?

...gins/Auth/AWSCognitoAuthPlugin/Dependency/AuthorizationProviderAdapter+SignedInSession.swift Outdated
} else if let cognitoIdentityPoolError = error as NSError?,
cognitoIdentityPoolError.domain == AWSCognitoIdentityErrorDomain,
cognitoIdentityPoolError.code == AWSCognitoIdentityErrorType.notAuthorized.rawValue {
} else if !self.identityPoolConfigured(error: error!) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More context would be handy here. Why is it safe to ignore what appears just be reading code to be a misconfigured identity pool? Changing the method name to self-document the intent of the check would be helpful, but honestly I can't tell what the method below is actually trying to do.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the method name

@royjit royjit merged commit 122dceb into main Jul 10, 2020
@royjit royjit deleted the FixSessionDetails branch July 10, 2020 21:06
@joao-jesus joao-jesus mentioned this pull request Jul 23, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@palpatim palpatim palpatim approved these changes

@lawmicha lawmicha Awaiting requested review from lawmicha

Assignees

@royjit royjit

Labels
auth Issues related to the Auth category
Projects
None yet
Milestone
1.0.5
Development

Successfully merging this pull request may close these issues.
3 participants
@royjit @palpatim @drochetti