amplify-android icon indicating copy to clipboard operation
amplify-android copied to clipboard
verified publisher icon aws-amplify

Signout does not complete when closing the browser without action

Open niihofutoshi opened this issue 2 years ago • 12 comments

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication

Gradle script dependencies

// libs.versions.toml
// Put output below this line

[versions]
amplify = "2.13.2"

[libraries]
amplify-core = { module = "com.amplifyframework:core-kotlin", version.ref = "amplify" }
amplify-cognito = { module = "com.amplifyframework:aws-auth-cognito", version.ref = "amplify" }
amplify-pinpoint = { module = "com.amplifyframework:aws-push-notifications-pinpoint", version.ref = "amplify" }

Environment information

# Put output below this line
------------------------------------------------------------
Gradle 8.3
------------------------------------------------------------

Build time:   2023-08-17 07:06:47 UTC
Revision:     8afbf24b469158b714b36e84c6f4d4976c86fcd5

Kotlin:       1.9.0
Groovy:       3.0.17
Ant:          Apache Ant(TM) version 1.10.13 compiled on January 4 2023
JVM:          20.0.1 (Homebrew 20.0.1)
OS:           Mac OS X 13.4 aarch64

Please include any relevant guides or documentation you're referencing

Signout does not complete when closing the browser without action

Describe the bug

When calling signout, if the browser is displayed and then closed without any action, the signout process does not complete.

To Reproduce

  1. Authenticate using UserPool.
  2. Use signInWithSocialWebUI for login.
  3. Call the signout method.
  4. When the browser is displayed, close it without any action.(If the browser doesn't display, it might be helpful to try it offline.)
  5. Observe that the signout process does not complete.

Expected behavior The signout process should either complete or throw an error when the browser is closed without any action.

Possible Cause When the browser is closed without any action, a CancelSignOut event is issued. Currently, only the sign-in state is restored at this event. (authentication, autorization) It might be necessary in the _signout event synchronization process to wait for the SignoutCancel event and call an error in onComplete when the SignoutCancel event is received.

Reproduction steps (if applicable)

No response

Code Snippet

// Put your code below this line.

println("a") // output "a"
val signOutResult = Amplify.Auth.signOut(options)
println("a") // <- does not call

Log output

// Put your logs below this line

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

niihofutoshi avatar Sep 28 '23 08:09 niihofutoshi

Thanks for the report @niihofutoshi. We'll take a look at this.

mattcreaser avatar Sep 29 '23 17:09 mattcreaser

@niihofutoshi It looks like you are right here and there is a missing case to fix, however we would also not expect this to be a common occurrence as the browser should very quickly redirect back and close itself after signing out. We can look into fixing this but I also want to check whether you are seeing the browser staying open during a sign out?

mattcreaser avatar Sep 29 '23 18:09 mattcreaser

@mattcreaser Thank you for your reply! You're right, in most cases, the moment open browser, browser will be redirected to the app and the signout will be completed. However, in special cases such as when offline, the redirection may not occur, and in that case, the signout process will not be completed.

niihofutoshi avatar Oct 02 '23 06:10 niihofutoshi

Thanks for the confirmation. We'll try to get a fix made for this issue soon.

mattcreaser avatar Oct 02 '23 15:10 mattcreaser

I'm going to relabel this as a feature request, but after looking at this a bit more, this is working as intended.

v2 requires the redirect to complete before continuing with the sign out. If the user does not have a network connection, we can't actually sign the user out of the Cognito browser session.

When the user clicks the back button, there would be no way to distinguish between a user attempting to quickly cancel a sign out request, or an indication that the sign out should proceed.

This would likely require a sign out option to override user cancellation and instead continue with sign out.

tylerjroach avatar Oct 20 '23 15:10 tylerjroach

Hello, I also get this issue, I use amplify version 2.14.7. Is there a newer version that has resolved this issue?

fauzimubarokk avatar Feb 21 '24 06:02 fauzimubarokk

@tylerjroach Is this feature request in your roadmap? Is there an ETA ?

I have a use case in my app where the user needs to be able to sign out from the app even if they are offline.
Please let us know if there is a workaround.

lokeshbhattarai avatar May 31 '24 12:05 lokeshbhattarai

In attempting to figure out a workaround to allow sign out in no network conditions(such as manually clearing shared preferences file), I discovered the original report does contain a valid bug. This is not just a feature request.

I have observed that the onComplete callback does not fire at all (as reported), leaving auth in an invalid state where no other actions are completed.

We will begin working on a fix to return a failed sign out in the onComplete callback, ensuring future auth calls proceed successfully.

@niihofutoshi I'm sorry for the wrong original diagnosis. Thank you for the report.

tylerjroach avatar May 31 '24 15:05 tylerjroach

Hi, I also got this issue, I use the latest amplify 2.18.0. Besides we encountered another similar issue.

  1. we use signInWithSocialWebUI() with custom AWS SAML provider and login successfully.
  2. we go to AWS cognito provider console and check "Sign-out flow"
  3. Then when we sign out it, a web popup and will not redirect to our app.

Hope you could also clarify this issue. Thanks a lot. https://github.com/aws-amplify/amplify-android/issues/2839

ScottLu77 avatar Jun 04 '24 08:06 ScottLu77

Hi @lokeshbhattarai, @fauzimubarokk, @niihofutoshi please try the Amplify Android 2.18.0 update.

You should observe the cancellation as a FailedSignOut in the onComplete block. We will discuss with product, the addition of allowing an on-device sign out to proceed (even if credentials are not cleared from the browser).

@ScottLu77 The issue you are referring to is that when you sign out, the redirect isn't directing back into the app. Clicking back should result in a cancellation which will returend a failed sign out in onComplete block. Are you saying that in your case you still aren't seeing any callbacks in onComplete?

tylerjroach avatar Jun 04 '24 15:06 tylerjroach

Hi tyler, in my case, I must manually close the popup WebView, and it will receive sign out fail callback as follows

signOutResult: FailedSignOut(exception=UserCancelledException{message=The user cancelled the sign-out attempt, so it did not complete., cause=null, recoverySuggestion=To recover: catch this error, and attempt the sign out again.})

ScottLu77 avatar Jun 05 '24 03:06 ScottLu77

@ScottLu77 That is working as expected. The issue in your case is that Cognito/SAML provider is not providing the redirect back into the application. This appears to be a configuration issue on the service side. Please look into that area a bit more and create a new ticket if necessary.

The purpose of this ticket was to make sure the UserCancelledException was provided when the hosted ui browser was manually closed.

@lokeshbhattarai I created a feature request ticket to track your use case: https://github.com/aws-amplify/amplify-android/issues/2842. I've given some background information in the ticket as to why the functionality is not currently present. If you have any more use case information to add, please let us know in the ticket.

tylerjroach avatar Jun 05 '24 13:06 tylerjroach