-
Notifications
You must be signed in to change notification settings - Fork 549
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh token expired earlier than it should on android application #679
Comments
@andrey-chorniy Sorry for the delayed response. From the logs I could find this: Event-1:
At 08:18:43, the credentials were retrieved and saved to SharePreferences and AWSMobileClient gave a state change Event-2:
Event-3:
Event-4:
We are looking to debug this issue. So far we wrote a test that would signIn and check for the presence of tokens on the device. Advance the clock by 24 hours and then get tokens which uses the refresh token to retrieve a new access token which is different from the previous one and this seems to work.
|
We also get other user reports about their credentials being expired (so they become logged out and have to login again). |
@andrey-chorniy Thank you for the quick response.
|
@kvasukib On On |
Hi @andrey-chorniy , We have made some flow improvements. Please see if SDK release 2.12.5 fixes this issue for you. If not, we'll continue to investigate. |
@minbi We have got the same issue again on aws mobile sdk version 2.12.5
|
We're experiencing this issue as well - apparently as soon as the ID and Access tokens expire (one hour after they're issued) the Tested with AWS Mobile SDK v2.12.6, very similar to #815 |
Hi @saurabh947 , The |
Hi @andrey-chorniy , I ran an experiment for an hour and I was able to get another set of userpools tokens and federate them into cognito identity pools. Please see my setup below. MainActivity.java
activity_main.xml
|
Hi @andrey-chorniy , I'm noticing in your logs that the "Tokens are invalid, please sign-in again." line does not include a stacktrace. Has this been truncated somewhere? The log should be writing the exception as seen here. The full exception would shed a lot of light into the scenario. If you are able to reproduce this, can you use the Android Profiler to capture some network requests and responses during the "Tokens are invalid, please sign-in again." event? |
Is it possible there is poor network conditions when the refresh is attempted? |
Investigation notes: Scenario 1: Sign-in, wait a day, call Scenario 2: Sign-out, state is clear and simulates a problem when initializing AWSMobileClient, debug and force a "refresh" of empty credentials and empty state but injecting refresh token from previous day, new tokens are federated and new AWS credentials are returned. Discoveries when testing: The refresh request requires the deviceKey to be sent if the remember device feature is enabled in the service. |
When this scenario happens, you can also try calling |
Hi @minbi
I upgraded the SDK to latest version (v2.13.1 as of this writing) and this seems to have resolved our issue - Thanks for your help and quick resolution! |
Hi @andrey-chorniy, can you respond to @minbi's questions? |
@minibi @muellerfr
It could be truncated. The logs are taken from bugfender https://bugfender.com
Sure, we will try to do this in the team (however it's not easy to reproduce this, it may require hours of testing)
There definitely were the cases when the authentication expiration was preceeded by the numerous SocketTimeoutException's in the logs, but it's hard to say whether this was always the case. Our testing team experienced many cases with authentication token expiration. |
@minbi @muellerfr we still experience this issue on Interesting thing: we emulated exception to be thrown in However: the exception stacktrace was not logged even in Logcat (displayed by android studio). Here are the logs which we took directly from Logcat:
Update: we believe as long Exception is not printed then it was |
Hi @andrey-chorniy , We are working on a fix that would expose network based exceptions without changing the state of the user. You may track its progress on this branch. |
This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems. |
Looks like it happens on android emulators, not on real devices. But yes, it should be fixed. Summary: cognito do nothing when access token expired (refresh token is actual) on android emulators (x86, not tested on arm). |
State your question
In our android application, the user logged-in at
2019, Jan 28 13:37:55 UTC
. In less than 24 hours, at2019, Jan 29 08:21:20 UTC
the application received a user state change with state:SIGNED_OUT_USER_POOLS_TOKENS_INVALID
Before these 2 events the app performed authenticated actions (using AWSMobileClient.getInstance() as credentials provider) with such AWS services:
Initially, we created cognito user pool with default settings, e.g. app clients had default refresh token expiration time set to 30 days. Afterwards, to prevent expiration of credentials (which is the requirement of the app), we set refresh token expiration time to 3650 days (almost 10 years).
Note: log in happened after the refresh token lifetime was changed to 3650 days for app clients.
Questions:
Which AWS Services are you utilizing?
Cognito, DynamoDB, Lambda, AppSync, S3
Environment(please complete the following information):
SDK Version: 2.10.1
Device Information (please complete the following information):
The text was updated successfully, but these errors were encountered: