By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What does Amplify's fetchAuthSession function throws when the refresh token expires and is unable to refresh access token and id token?

0

I'm using Amplify Auth V6, and I'm somewhere confused with the following:

After the official Amplify V6 documentation, the fetchAuthSession function retrieves the tokens from the chosen storage for the currently authenticated user, and if they are expired it uses the refresh token in order to bring brand new tokens. When the refresh token expires the documentation does not specify which error is thrown when that happens, or if in that case no error will be thrown.

The example from the docs:

  try {
    const { accessToken, idToken } = (await fetchAuthSession()).tokens ?? {};
  } catch (err) {
    console.log(err);
  }

If they're wrapping the function call around a try block and expecting an error to be thrown, but they're also expecting the tokens prop to be undefined then how readers will know how to handle that specific case in code?

I've searched for the function's source code and found this

	/**
	 * Fetch the auth tokens, and the temporary AWS credentials and identity if they are configured. By default it
	 * does not refresh the auth tokens or credentials if they are loaded in storage already. You can force a refresh
	 * with `{ forceRefresh: true }` input.
	 *
	 * @param options - Options configuring the fetch behavior.
	 *
	 * @returns Promise of current auth session {@link AuthSession}.
	 */
	async fetchAuthSession(
		options: FetchAuthSessionOptions = {},
	): Promise<AuthSession> {
		let credentialsAndIdentityId: CredentialsAndIdentityId | undefined;
		let userSub: string | undefined;

		// Get tokens will throw if session cannot be refreshed (network or service error) or return null if not available
		const tokens = await this.getTokens(options);

		if (tokens) {
			userSub = tokens.accessToken?.payload?.sub;

			// getCredentialsAndIdentityId will throw if cannot get credentials (network or service error)
			credentialsAndIdentityId =
				await this.authOptions?.credentialsProvider?.getCredentialsAndIdentityId(
					{
						authConfig: this.authConfig,
						tokens,
						authenticated: true,
						forceRefresh: options.forceRefresh,
					},
				);
		} else {
			// getCredentialsAndIdentityId will throw if cannot get credentials (network or service error)
			credentialsAndIdentityId =
				await this.authOptions?.credentialsProvider?.getCredentialsAndIdentityId(
					{
						authConfig: this.authConfig,
						authenticated: false,
						forceRefresh: options.forceRefresh,
					},
				);
		}

		return {
			tokens,
			credentials: credentialsAndIdentityId?.credentials,
			identityId: credentialsAndIdentityId?.identityId,
			userSub,
		};
	}

But for me it stills unclear, I will be very grateful if someone is able to answer my question :)

Topics
Front-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS AmplifyAmazon Cognito
Language
English
Dacaramo
asked 11 days ago112 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content