From 0f6d4a986e48edde4c7b95b3729391dda99b3ee9 Mon Sep 17 00:00:00 2001
From: Jordan Nelson <Jordanryannelson@gmail.com>
Date: Thu, 31 Aug 2023 13:35:55 -0400
Subject: [PATCH 1/6] fix(smithy_aws)!: do not sign optional requests

---
 .../lib/src/http/interceptors/with_sig_v4.dart      | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart b/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart
index a4e751ae93..e2dd6e4bf1 100644
--- a/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart
+++ b/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart
@@ -31,16 +31,9 @@ class WithSigV4 extends HttpRequestInterceptor {
 
   @override
   Future<AWSBaseHttpRequest> intercept(AWSBaseHttpRequest request) async {
-    // Try to retrieve credentials. If it fails, continue without authentication
-    // for optional auth requests only.
-    try {
-      await credentialsProvider.retrieve();
-    } on Exception {
-      if (isOptional) {
-        return request;
-      }
-      rethrow;
-    }
+    // Do not attempt to sign requests where auth is optional.
+    if (isOptional) return request;
+
     final signer = AWSSigV4Signer(
       credentialsProvider: credentialsProvider,
       algorithm: algorithm,

From c9634fbcccd495fed6e95bde78768a8d2c2ef185 Mon Sep 17 00:00:00 2001
From: Jordan Nelson <Jordanryannelson@gmail.com>
Date: Thu, 31 Aug 2023 14:44:50 -0400
Subject: [PATCH 2/6] chore: remove mock state machine from test

---
 .../plugin/fetch_user_attributes_test.dart    | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart b/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart
index 0e299171f7..96f0f515e7 100644
--- a/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart
+++ b/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart
@@ -93,7 +93,11 @@ void main() {
   late AmplifyAuthCognitoDart plugin;
 
   group('fetchUserAttributes', () {
-    setUp(() {
+    tearDown(() async {
+      await plugin.close();
+    });
+
+    test('converts user attributes correctly', () async {
       stateMachine = MockCognitoAuthStateMachine()
         ..addInstance<CognitoIdentityProviderClient>(
           MockCognitoIdentityProviderClient(
@@ -107,13 +111,6 @@ void main() {
           ),
         );
       plugin = AmplifyAuthCognitoDart()..stateMachine = stateMachine;
-    });
-
-    tearDown(() async {
-      await plugin.close();
-    });
-
-    test('converts user attributes correctly', () async {
       final res = await plugin.fetchUserAttributes();
       final expected = [
         AuthUserAttribute(
@@ -202,6 +199,16 @@ void main() {
     });
 
     test('refreshes token before calling Cognito', () async {
+      stateMachine = CognitoAuthStateMachine()
+        ..addInstance<CognitoIdentityProviderClient>(
+          MockCognitoIdentityProviderClient(
+            getUser: () async => GetUserResponse(
+              userAttributes: [],
+              username: username,
+            ),
+          ),
+        );
+
       final secureStorage = MockSecureStorage();
       SecureStorageInterface storageFactory(scope) => secureStorage;
       seedStorage(

From 2aeded7f48862c1f56894428da371b4d198f2fb8 Mon Sep 17 00:00:00 2001
From: Jordan Nelson <Jordanryannelson@gmail.com>
Date: Thu, 31 Aug 2023 14:52:35 -0400
Subject: [PATCH 3/6] fix(auth): use loadCredentials to check login state

---
 .../lib/src/state/machines/sign_in_state_machine.dart    | 4 ++--
 .../test/state/sign_in_state_machine_test.dart           | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart b/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart
index 6ca772bf4d..714b178016 100644
--- a/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart
+++ b/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart
@@ -770,8 +770,8 @@ final class SignInStateMachine
   Future<void> _assertSignedOut() async {
     bool isSignedIn;
     try {
-      await manager.getUserPoolTokens();
-      isSignedIn = true;
+      final credentials = await manager.loadCredentials();
+      isSignedIn = credentials.userPoolTokens != null;
     } on Exception {
       isSignedIn = false;
     }
diff --git a/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart b/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart
index 6ac4bfccb5..24925b7b26 100644
--- a/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart
+++ b/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart
@@ -136,6 +136,15 @@ void main() {
         ).ignore();
 
       final signInStateMachine = stateMachine.expect(SignInStateMachine.type);
+
+      final fetchAuthSessionStateMachine = stateMachine.getOrCreate(
+        FetchAuthSessionStateMachine.type,
+      );
+
+      fetchAuthSessionStateMachine.stream.listen(
+        (_) => throw StateError('.signIn() should not fetch auth session.'),
+      );
+
       expect(
         signInStateMachine.stream,
         emitsInOrder([

From e3399bb708c8c01d40af48fb41089c586dd58a46 Mon Sep 17 00:00:00 2001
From: Jordan Nelson <Jordanryannelson@gmail.com>
Date: Sat, 10 Jun 2023 10:45:08 -0400
Subject: [PATCH 4/6] fix(authenticator): use getCurrentUser to check sign in
 state

---
 .../lib/src/services/amplify_auth_service.dart    | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart b/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart
index da2c66b56c..9e8a80d2c5 100644
--- a/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart
+++ b/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart
@@ -28,8 +28,18 @@ abstract class AuthService {
 
   Future<AuthUser?> get currentUser;
 
+  /// Checks to see if a user has a valid session.
+  ///
+  /// A valid session is a session in which the tokens are not expired, OR
+  /// the access/id tokens have expired but the state of the refresh token is
+  /// unknown due to network unavailability.
   Future<bool> isValidSession();
 
+  /// Checks if a user is logged in based on whether or not there are
+  /// tokens on the device.
+  ///
+  /// This will not check whether or not those tokens are valid. To check
+  /// if tokens are valid, see [isValidSession].
   Future<bool> get isLoggedIn;
 
   Future<ResetPasswordResult> resetPassword(String username);
@@ -191,9 +201,8 @@ class AmplifyAuthService
   Future<bool> get isLoggedIn async {
     return _withUserAgent(() async {
       try {
-        final result = await Amplify.Auth.fetchAuthSession();
-
-        return result.isSignedIn;
+        await Amplify.Auth.getCurrentUser();
+        return true;
       } on SignedOutException {
         return false;
       }

From a3294c0bee7e285350e1109ef04a0ea9fa7ce904 Mon Sep 17 00:00:00 2001
From: Jordan Nelson <Jordanryannelson@gmail.com>
Date: Wed, 20 Sep 2023 16:44:29 -0400
Subject: [PATCH 5/6] chore: update comment

---
 .../smithy_aws/lib/src/http/interceptors/with_sig_v4.dart     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart b/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart
index e2dd6e4bf1..5ee34b4de4 100644
--- a/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart
+++ b/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart
@@ -32,6 +32,10 @@ class WithSigV4 extends HttpRequestInterceptor {
   @override
   Future<AWSBaseHttpRequest> intercept(AWSBaseHttpRequest request) async {
     // Do not attempt to sign requests where auth is optional.
+    //
+    // This is only set in Cognito and SSO services where the trait indicates
+    // that signing is strictly unnecessary and that signing the request does
+    // not impact the behavior of the APIs.
     if (isOptional) return request;
 
     final signer = AWSSigV4Signer(

From 8755015041ee50495782ab32b54b31888a81dbdb Mon Sep 17 00:00:00 2001
From: Jordan Nelson <nejrd@amazon.com>
Date: Thu, 21 Sep 2023 12:03:39 -0400
Subject: [PATCH 6/6] chore: update test

Co-authored-by: Dillon Nys <24740863+dnys1@users.noreply.github.com>
---
 .../test/state/sign_in_state_machine_test.dart                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart b/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart
index 24925b7b26..a96e088155 100644
--- a/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart
+++ b/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart
@@ -142,7 +142,7 @@ void main() {
       );
 
       fetchAuthSessionStateMachine.stream.listen(
-        (_) => throw StateError('.signIn() should not fetch auth session.'),
+        (_) => fail('.signIn() should not fetch auth session.'),
       );
 
       expect(