Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: revoke tokens during auth sign out #2415

Merged
merged 19 commits into from
Jul 30, 2021
Merged

feat: revoke tokens during auth sign out #2415

merged 19 commits into from
Jul 30, 2021

Conversation

jamesonwilliams
Copy link
Contributor

@jamesonwilliams jamesonwilliams commented Apr 3, 2021

What is this?

When sign out is requested with the invalidateTokens(true) option, AWSMobileClient will now revoke ID, access, and refresh tokens for the currently signed in Cognito User Pools user.

Tested with Drop-in UI and with native signIn/signOut flows. Not yet tested with Hosted UI.

Refer: aws-amplify/amplify-js#3435

A Note on Composition

The PR is broken up into two parts:

  1. Updates to the Cognito Identity Provider client code, based on the services' update models.
  2. Use of the new low-level client code from above, in the mid-level SDK clients and in the AWSMobileClient itself.

Testing:

  • HostedUI
  • User Pools
  • Federated Sign in
  • Unit tests

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@raphkim
Copy link
Contributor

raphkim commented Apr 6, 2021

Just to note: codegen will override service package code if it sees any diff by default unless configured specifically to ignore certain files (in which case it will stop receiving updates from the service team).

div5yesh and others added 3 commits June 30, 2021 14:15
* feat(aws-android-sdk-cognitoidentityprovider): support custom endpoint

* feat(aws-android-sdk-cognitoidentityprovider): support custom endpoint unit tests

* feat(aws-android-sdk-cognitoidentityprovider): support custom endpoint unit tests

* feat(aws-android-sdk-machinelearning): update models to latest (#2407)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* feat(aws-android-sdk-iot): update models to latest (#2408)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* feat(aws-android-sdk-comprehend): update models to latest (#2409)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* feat(aws-android-sdk-transcribe): update models to latest (#2410)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* feat(aws-android-sdk-lex): update models to latest (#2413)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* chore(lex): update service name for lex runtime (#2424)

* feat(aws-android-sdk-kinesisvideo-archivedmedia): update models to latest (#2422)

* Revert "feat(aws-android-sdk-cognitoidentityprovider): support custom endpoint" (#2425)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* release: 2.22.6 (#2426)

* fix(mobile-client): missing optional dependency warning removed (#2427)

* fix(mobile-client): missing optional dependency warning removed

* make comment more descriptive

* chore: add fastlane scripts for release automation (#2428)

* fix: change protocol for github import (#2429)

* fix(s3): remove eTag validation logic (#2419)

* chore(build): use in-memory key in CI (#2449)

* change the time offset precision from int to long (#2448)

**Notes:**

The clockskew auto-correct logic in the SDK relies on the `int`
primitive type when calculating the offset. When the offset is converted
from milliseconds to days, the ms represented as an `int` have the
boundaries as -24 and +24 days. Changing it to long (64-bit precision)
fixes the limit.

* fix(s3): force upload part tasks to be serial (#2447)

* feat(aws-android-sdk-core): update models to latest (#2445)

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* release: AWS SDK for Android 2.22.7 (#2451)

* release: AWS SDK for Android 2.23.0

* Update CHANGELOG.md

Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* Update CHANGELOG.md

* Update gradle.properties

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: awsmobilesdk-dev+ghops <awsmobilesdk-dev+ghops@amazon.com>
Co-authored-by: Chang Xu <42978935+changxu0306@users.noreply.github.com>
Co-authored-by: Richard McClellan <ricmccle@amazon.com>

* "feat(aws-android-sdk-cognitoidentityprovider): support custom endpoint" (#2455)

* fix(pinpoint): add campaign attributes to push events (#2458)

* release: AWS SDK for Android 2.23.0 (#2459)

* release: AWS SDK for Android 2.22.8

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update gradle.properties

Co-authored-by: awsmobilesdk-dev+ghops <awsmobilesdk-dev+ghops@amazon.com>
Co-authored-by: Chang Xu <42978935+changxu0306@users.noreply.github.com>

* feat(aws-android-sdk-sns): update models to latest (#2461)

* feat(aws-android-sdk-cognitoidentityprovider): update models to latest (#2456)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* chore(build): set region in circleci script (#2467)

* fix: launch hosted-ui sign-out using custom tabs manager (#2472)

* feat(mobile-client): hosted-ui auth response handler is now built into redirect activity (#2473)

* feat(mobile-client): auth response handler is now built into redirect activity

* add javadocs for redirect activities

* add signout latch conditionally

* add no history flag to auth signout flow

* feat(aws-android-sdk-connect): update models to latest (#2469)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* feat(aws-android-sdk-transcribe): update models to latest (#2476)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* feat(aws-android-sdk-rekognition): update models to latest (#2487)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* feat(aws-android-sdk-iot): update models to latest (#2490)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>
Co-authored-by: Rafael Juliano <rjjulian@amazon.com>

* feat(aws-android-sdk-location): update models to latest (#2494)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* feat(aws-android-sdk-sns): update models to latest (#2496)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* feat(aws-android-sdk-polly): update models to latest (#2497)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* chore(sts): add support for regionalizing sts client (#2493)

* feat(sts): add support for regionalizing sts client

* feat(aws-android-sdk-mobile-client): adds signature with user attributes in confirmSignIn (#2492)

* feat(aws-android-sdk-mobile-client): adds signature with user attributes in confirmSignIn

* code review suggestion

Co-authored-by: Noyes <dnnoyes@f8ffc25e9e15.ant.amazon.com>

* release: AWS SDK for Android 2.24.0 (#2500)

* release: AWS SDK for Android 2.24.0

* Reword the changelog

* include instruction for applying fix

Co-authored-by: awsmobilesdk-dev+ghops <awsmobilesdk-dev+ghops@amazon.com>
Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* fix(aws-android-sdk-lex): prioritize custom lex signer for all regions (#2506)

* fix(aws-android-sdk-lex): prioritize custom lex signer for all regions

* add tests

* fix(mobileclient): Honor auth flow setting from config (#2499)

* fix(mobileclient): Honor auth flow setting from config

* PR feedback

* fix(aws-android-sdk-polly): use correct SignerConfig in all regions (#2505)

Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>

* feat(aws-android-sdk-cognitoidentityprovider): update models to latest (#2510)

* release: AWS SDK for Android 2.25.0 (#2512)

Co-authored-by: awsmobilesdk-dev+ghops <awsmobilesdk-dev+ghops@amazon.com>

* chore(docs): releases not pushed to S3 anymore (#2514)

* fix(aws-android-sdk-s3): implement retry mechanism for upload part (#2504)

* implement retry mechanism for upload part

* reduce backoff time and max attempts

* lgtm warning

* feat(aws-android-sdk-connect): update models to latest (#2516)

* feat(aws-android-sdk-kms): update models to latest (#2518)

* release: AWS SDK for Android 2.26.0 (#2525)

Co-authored-by: awsmobilesdk-dev+ghops <awsmobilesdk-dev+ghops@amazon.com>

* feat(aws-android-sdk-connect): update models to latest (#2526)

Co-authored-by: Abhash Kumar Singh <abhashs@amazon.com>
Co-authored-by: Abhash Kumar Singh <thisisabhash@gmail.com>
Co-authored-by: Jameson Williams <jhwill@amazon.com>
Co-authored-by: AWS Mobile SDK Team <46607340+awsmobilesdk@users.noreply.github.com>
Co-authored-by: Richard McClellan <ricmccle@amazon.com>
Co-authored-by: Raphael Kim <52714340+raphkim@users.noreply.github.com>
Co-authored-by: Rafael Juliano <rjjulian@amazon.com>
Co-authored-by: Daniel Rochetti <daniel.rochetti@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: awsmobilesdk-dev+ghops <awsmobilesdk-dev+ghops@amazon.com>
Co-authored-by: Chang Xu <42978935+changxu0306@users.noreply.github.com>
Co-authored-by: Dustin Noyes <dustin.noyes.dev@gmail.com>
Co-authored-by: Noyes <dnnoyes@f8ffc25e9e15.ant.amazon.com>
Co-authored-by: tllauda <85560392+tllauda@users.noreply.github.com>
remove duplicate vars.
div5yesh added 3 commits July 2, 2021 15:50
 - use access token to check claim
 - check for origin_jti claim
 - clientSecret is optional
@div5yesh div5yesh marked this pull request as ready for review July 2, 2021 22:54
@div5yesh
Copy link
Contributor

div5yesh commented Jul 2, 2021

PR for docs content change for token revocation: aws-amplify/docs#3379

@div5yesh div5yesh requested review from lawmicha and rjuliano July 7, 2021 20:54
div5yesh and others added 2 commits July 8, 2021 10:20
…onaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java

Co-authored-by: Richard McClellan <ricmccle@amazon.com>
@div5yesh div5yesh requested a review from richardmcclellan July 9, 2021 20:28
Copy link
Contributor

@richardmcclellan richardmcclellan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

Copy link
Contributor

@rjuliano rjuliano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@div5yesh div5yesh merged commit 1940e05 into main Jul 30, 2021
@gpanshu gpanshu deleted the token_revocation branch February 25, 2022 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants