fix(auth): clear out identityId as well when clearing credentials for…

… sign out (aws-amplify#11908) * fix: signOut test faiures
elorzafe · Aug 29, 2023 · 6fd4a4f · 6fd4a4f
1 parent b06ce0d
commit 6fd4a4f
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 18 deletions.
diff --git a/packages/auth/__tests__/providers/cognito/signOut.test.ts b/packages/auth/__tests__/providers/cognito/signOut.test.ts
@@ -133,7 +133,7 @@ describe('signOut tests no oauth request fail', () => {
 				Auth: {
 					tokenProvider: TokenProvider.CognitoUserPoolsTokenProvider,
 					credentialsProvider: {
-						clearCredentials() {
+						clearCredentialsAndIdentityId() {
 							clearCredentialsSpy();
 						},
 						getCredentialsAndIdentityId(getCredentialsOptions) {
@@ -250,7 +250,7 @@ describe('signOut tests with oauth', () => {
 				Auth: {
 					tokenProvider: TokenProvider.CognitoUserPoolsTokenProvider,
 					credentialsProvider: {
-						clearCredentials() {
+						clearCredentialsAndIdentityId() {
 							clearCredentialsSpy();
 						},
 						getCredentialsAndIdentityId(getCredentialsOptions) {

diff --git a/packages/auth/src/providers/cognito/credentialsProvider/credentialsProvider.ts b/packages/auth/src/providers/cognito/credentialsProvider/credentialsProvider.ts
@@ -39,8 +39,14 @@ export class CognitoAWSCredentialsAndIdentityIdProvider
 	}
 
 	// TODO(V6): export clear crecentials to singleton
+	async clearCredentialsAndIdentityId(): Promise<void> {
+		logger.debug('Clearing out credentials and identityId');
+		this._credentialsAndIdentityId = undefined;
+		await this._identityIdStore.clearIdentityId();
+	}
+
 	async clearCredentials(): Promise<void> {
-		logger.debug('Clearing out credentials');
+		logger.debug('Clearing out in-memory credentials');
 		this._credentialsAndIdentityId = undefined;
 	}
 
@@ -71,20 +77,7 @@ export class CognitoAWSCredentialsAndIdentityIdProvider
 			this.clearCredentials();
 		}
 
-		// check eligibility for guest credentials
-		// - if there is error fetching tokens
-		// - if user is not signed in
 		if (!isAuthenticated) {
-			// Check if mandatory sign-in is enabled
-			if (authConfig.Cognito.allowGuestAccess) {
-				// TODO(V6): confirm if this needs to throw or log
-				throw new AuthError({
-					name: 'AuthConfigException',
-					message:
-						'Cannot get guest credentials when mandatory signin is enabled',
-					recoverySuggestion: 'Make sure mandatory signin is disabled.',
-				});
-			}
 			return await this.getGuestCredentials(identityId, authConfig);
 		} else {
 			// Tokens will always be present if getCredentialsOptions.authenticated is true as dictated by the type

diff --git a/packages/core/src/singleton/Auth/index.ts b/packages/core/src/singleton/Auth/index.ts
@@ -99,7 +99,7 @@ export class AuthClass {
 
 	async clearCredentials(): Promise<void> {
 		if (this.authOptions?.credentialsProvider) {
-			return await this.authOptions.credentialsProvider.clearCredentials();
+			return await this.authOptions.credentialsProvider.clearCredentialsAndIdentityId();
 		}
 	}
 }
diff --git a/packages/core/src/singleton/Auth/types.ts b/packages/core/src/singleton/Auth/types.ts
@@ -50,7 +50,7 @@ export interface AWSCredentialsAndIdentityIdProvider {
 	getCredentialsAndIdentityId: (
 		getCredentialsOptions: GetCredentialsOptions
 	) => Promise<AWSCredentialsAndIdentityId>;
-	clearCredentials: () => void;
+	clearCredentialsAndIdentityId: () => void;
 }
 
 export type TokenProvider = {