amplify-js
amplify-js copied to clipboard
aws-amplify
IAM Graphql call always returns expired Session Credentials after 1 hr
Before opening, please confirm:
- [X] I have searched for duplicate or closed issues and discussions.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
Next.js
Amplify APIs
Authentication, GraphQL API
Amplify Version
v6
Amplify Categories
auth, api
Backend
None
Environment information
System:
OS: macOS 14.4.1
CPU: (12) arm64 Apple M2 Max
Memory: 520.42 MB / 64.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 20.6.1 - ~/.nvm/versions/node/v20.6.1/bin/node
Yarn: 1.22.5 - ~/.yarn/bin/yarn
npm: 9.8.1 - ~/.nvm/versions/node/v20.6.1/bin/npm
Watchman: 2024.01.22.00 - /usr/local/bin/watchman
Browsers:
Brave Browser: 114.1.52.130
Chrome: 123.0.6312.107
Safari: 17.4.1
npmPackages:
@knowt/eslint-config: * => 0.0.0
dotenv-cli: latest => 7.4.1
husky: ^8.0.0 => 8.0.3
lint-staged: ^12.4.0 => 12.5.0
prettier: ^2.7.1 => 2.8.8
turbo: ^1.10.12 => 1.13.2
npmGlobalPackages:
@aws-amplify/cli: 12.10.1
amplify: 0.0.11
appcenter-cli: 2.14.0
corepack: 0.19.0
eas-cli: 5.4.0
eslint: 8.56.0
expo-cli: 6.3.10
npm-check: 6.0.1
npm: 9.8.1
ts-node: 10.9.2
vercel: 33.5.4
Describe the bug
On Dev, after bumping the version to 4.0.27, it seems like all my unauthorized calls are returning "ExpiredTokenException"
I checked the fetchAuthSession call, and even when calling with forceRefresh, the token did not update, and the Expiration at (await fetchAuthSession({ forceRefresh: true })).credentials.Expiration was always in the past. The only way to fix this seems to be to rm -rf .next and restart the server, which caused the new session credentials to get created. However, this will likely lead to a problem in production if tokens expire after that long and never get refreshed. We are using identity pool access and it has been working on our live site (as of 4 days ago, on 4.0.21).
Expected behavior
I expect session tokens get refreshed automatically. We chose IAM instead of API KEY as the unauth authorization mode since we would not have to worry about expiries.
Reproduction steps
- create a simple graphql API
- clear next folder, run yarn, and make an unauth API call, and log the session. you will see an expiration time
- wait 1 hr (which seems to be the expiration time) and make another call, and get an "ExpiredTokenException"
Turn on
ConsoleLogger.LOG_LEVEL = "INFO", and see that the log
[INFO] 13:35.744 CognitoCredentialsProvider - returning stored credentials as they neither past TTL nor expired.
is printed beforehand, and we see the call for ExpiredTokenException right afterwards.
Code Snippet
// Put your code below this line.
Log output
// Put your logs below this line
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
Hi @asp3 👋 thanks for raising this issue.
In order for us to accurately reproduce the issue, can you specify what package you're referring to with the version of 4.0.27? Is that the aws-amplify package?
I ask because the code you shared seems more like the current API in v6 and the issue description mentions v6.
Hi 👋 Closing this as we have not heard back from you. If you are still experiencing this issue and in need of assistance, please feel free to comment and provide us with any information previously requested by our team members so we can re-open this issue and be better able to assist you.
Thank you!