Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

IOS Amplify session expire/logout after using AWS SNS or AWS SES in-app

0

[Note: unresolved question from before with new insights]

Environment:

iOS app with Amplify using Swift Cognito User/Identity Pools for authentication AWS SNS and SES services requiring authorized users Authorization using Cognito tokens from Identity Pool Problem:

I am using Amplify to automatically manage the auth flow of users within my app I am using AWS SES and AWS SNS for various purposes within my app. I can use these services within the app robustly and the auth states are managed successfully via Cognito tokens. The user remains signed throughout the app experience and the token refreshing capabilities work as desired (this has been validated thoroughly by logging and testing a variety of scenarios). When I then terminate the app and launch it again, the user is no longer signed in and when I fetch the session the log outputs the following error (blurred out actual credential details): Session: { "AWS Credentials" = "["accessKey": "...", "sessionToken": "...", "secretAccessKey": "...", "expiration": 2024-11-29 09:44:47 +0000]"; cognitoTokensError = "AuthError: There is no user signed in to retreive cognito tokens\nRecovery suggestion: Call Auth.signIn to sign in a user and then call Auth.fetchSession"; identityId = "..."; isSignedIn = false; userSubError = "AuthError: There is no user signed in to retreive user sub\nRecovery suggestion: Call Auth.signIn to sign in a user and then call Auth.fetchSession"; }

I have implemented a centralised auth management system which watches for changes to auth states such as session expiration or signouts using "Amplify.Hub.listen(to: .auth)" but there is no evidence of any expiration or signout throughout the entire use of the app. As the user is signed out, it is not a matter of token expiration/renewal as was previously suggested, as there is no user to retrieve tokens. Attempted Solutions:

Force refreshing the cognito tokens after using SNS or SES to ensure that Amplify and AWS have synchronised credentials and would not lead to any inconsistencies. Decoupled the AWS service authentication from Amplify. More robust error handling and retry mechanisms I am truly lost at this point so any help or direction is appreciated.

Topics
Front-End Web & MobileSecurity, Identity, & Compliance
Tags
Amazon CognitoAWS Amplify
Language
English
asked a year ago165 views
1 Answer
0

Based on the information provided, it appears that you're experiencing an issue with user authentication persistence in your iOS app using AWS Amplify, particularly after using AWS SNS or SES services. This problem seems to occur when the app is terminated and relaunched, resulting in the user being signed out unexpectedly.

The error message you're seeing suggests that there is no signed-in user when attempting to fetch the session after relaunching the app. This indicates that the user's authentication state is not being properly persisted or restored between app launches.

Here are some potential reasons and solutions to consider:

  1. Token Storage: Ensure that Amplify is correctly storing and retrieving the authentication tokens. By default, Amplify should securely store these tokens in the iOS Keychain. Verify that there are no issues with Keychain access or storage.

  2. Session Management: The Amplify Auth library should handle session management automatically, including token refresh. However, it's possible that there's an issue with how the session is being restored when the app is relaunched. Make sure you're initializing Amplify correctly when the app starts up.

  3. Amplify Configuration: Double-check your Amplify configuration, especially the Auth configuration. Ensure that all necessary settings for Cognito User and Identity Pools are correctly specified.

  4. AWS SDK Conflicts: If you're using the AWS SDK directly for SNS and SES alongside Amplify, there might be conflicts in how credentials are managed. Try to use Amplify's APIs exclusively for these services if possible, or ensure that the credential providers are properly synchronized.

  5. Background Task Handling: If your app is performing operations using SNS or SES in the background, make sure these tasks are properly handled and don't interfere with the authentication state.

  6. Amplify Version: Ensure you're using the latest version of Amplify libraries, as there might have been bug fixes related to session management in recent updates.

  7. Custom Sign-In Persistence: If the automatic session persistence isn't working, you might need to implement a custom solution. Store the user's sign-in state securely (e.g., in the Keychain) and check this state when the app launches. If the stored state indicates the user was previously signed in, attempt to refresh the session manually using Amplify's APIs.

  8. Logging and Debugging: Implement more detailed logging around the authentication process, especially during app launch and when using SNS/SES services. This can help identify at which point the session is being lost.

  9. AWS Support: If none of the above solutions work, it might be worth reaching out to AWS Support, as this could potentially be a bug in the Amplify library itself, especially if it's specifically related to the use of SNS and SES services.

Remember to thoroughly test any changes in various scenarios, including different network conditions and app states, to ensure a robust solution.
Sources
Sign-out - AWS Amplify Gen 2 Documentation
Manage user sessions - AWS Amplify Gen 2 Documentation
Sign-out - AWS Amplify Gen 2 Documentation

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content