amplify-swift icon indicating copy to clipboard operation
amplify-swift copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

getCurrentUser.username returns userID instead of username

Open pwinterh opened this issue 3 years ago • 12 comments

Describe the bug The amplify sdk returns the userID instead of the username when using Amplify.Auth.getCurrentUser()?.username. In our setup the username is the email of the user, so i would expect that the email is than also returned

To Reproduce Steps to reproduce the behavior:

  1. Register a new user account
  2. Sign In with with the user account
  3. Access the current user with Amplify.Auth.getcurrentUser()
  4. See error

Observed Behavior When i call Amplify.Auth.getCurrentUser() than username and userId have both the same value.

Expected Behavior I would expect that the username is returned or nil if the username is not set (in case of a configuration issue).

Code Snippet Amplify.Auth.getCurrentUser()?.username

Unique Configuration { "auth": { "plugins": { "awsCognitoAuthPlugin": { "IdentityManager": { "Default": {} }, "CredentialsProvider": { "CognitoIdentity": { "Default": { "PoolId": "XXXXX", "Region": "eu-west-3" } } }, "CognitoUserPool": { "Default": { "PoolId": "XXXXX", "AppClientId": "XXXXX", "Region": "eu-west-3" } }, "Auth": { "Default": { "authenticationFlowType": "USER_SRP_AUTH" } } } } } }

Areas of the SDK you are using (AWSMobileClient, Cognito, Pinpoint, IoT, etc)?

  1. Amplify
  2. AmplifyPlugins/AWSCognitoAuthPlugin

Screenshots If applicable, add screenshots to help explain your problem.

Environment(please complete the following information):

  • SDK Version: 1.9.2
  • Dependency Manager: Cocoapods
  • Swift Version : 5.0
  • Xcode Version: 12.5

Device Information (please complete the following information):

  • Device: iPhoneXR, Simulator
  • iOS Version: iOS 14.5.1
  • Specific to simulators:

Additional context We use the email as username. Login with email + password working fine.

Relevant Console Output AWSAuthUser(username: "41ee5bda-75a0-4441-8769-XXXXXXXXXX", userId: "41ee5bda-75a0-4441-8769-XXXXXXXXXX")

pwinterh avatar May 27 '21 06:05 pwinterh

FYI - This is causing the same issue in amplify-flutter (on iOS): https://github.com/aws-amplify/amplify-flutter/issues/201

I was able to reproduce this. You can see in the screenshot below that sub and username are identical.

Screen Shot 2021-06-08 at 3 26 34 PM

Edit: Updated the issue number since we had duplicate issues in amplify-flutter

Jordan-Nelson avatar Jun 08 '21 19:06 Jordan-Nelson

Digging in a little further, I can see that in the ios sdk, AWSCognitoIdentityUser is first initialized correctly on signIn, but then initialized with the incorrect params after calling getCurrentUser(). See screenshot below where it is being initialized with the sub.

Screen Shot 2021-06-08 at 5 04 41 PM

Jordan-Nelson avatar Jun 08 '21 21:06 Jordan-Nelson

This seems to be where it is getting set to the sub https://github.com/aws-amplify/aws-sdk-ios/blob/143fafd64b7c6b9c7c159709f9c6c618f7e7fd28/AWSCognitoIdentityProvider/AWSCognitoIdentityUser.m#L1043

You can see in the screenshot below that self.username is equal to the email address, but is getting set to the sub.

Screen Shot 2021-06-08 at 5 17 40 PM

I probably need someone from the ios team to help me debug this further.

Jordan-Nelson avatar Jun 08 '21 21:06 Jordan-Nelson

Amplify library uses the same username that is assigned to the signed in user by Cognito User pool. If you login to AWS console for Cognito User Pool and navigate to the user session, you can see the details of the user.

Amplify.Auth uses the same username that is displayed in the console.

Can you check whether the username shown in your AWS console for the signed in user is same as the one shown in Amplify.Auth?

royjit avatar Jun 09 '21 19:06 royjit

Can you check whether the username shown in your AWS console for the signed in user is same as the one shown in Amplify.Auth?

I do see that the username in the AWS console matches what is returned from getCurrentUser().username

Jordan-Nelson avatar Jun 09 '21 20:06 Jordan-Nelson

Yes I also see in the console the same username as in Amplify.Auth.getCurrentUser - but that is actually the userID and not the userName?

pwinterh avatar Jun 10 '21 12:06 pwinterh

@pwinterh, @Jordan-Nelson:This is working as designed, although perhaps not as expected.

The confusion comes because "username" could be interpreted to mean "the thing I type into the username field when I login. Cognito takes a stricter approach to usernames. It requires that usernames are unique, required at registration, and immutable--they cannot be changed once a user is logged in. For some User Pool configurations (such as allowing sign in with email or phone number), Cognito sets "username" to the ID (as reported in the sub claim), since email addresses and phone numbers don't fulfill all of those requirements.

It's reasonable to expect the "thing I type into the username field", behavior in some cases, but it's not universally applicable. Maybe you mean "the thing I display on a home page?" or "the handle I display in forum posts?". In any case, any change we make to this behavior at this point would break existing customers who may be relying on it.

We're thinking of ways to normalize this behavior--not just to provide consistent behavior across platforms, but to better fulfill expectations--but we don't have any updates. In the meantime, apps will have to be explicit in what they're requesting: to get an email address, get the appropriate user attribute; etc.

palpatim avatar Jun 16 '21 21:06 palpatim

@palpatim: Thank you for your detailed replay.

Yes I also think that the current behaviour is actually somehow misleading. In addition, the functionality of the iOS SDK differs here from the Android SDK. There it is possible to get the email of the user with Amplify.Auth.getCurrentUser()?.username.

Also thanks to @Jordan-Nelson the workaround with fetch user attributes call works as alternative too.

pwinterh avatar Jun 18 '21 09:06 pwinterh

Tagging this as a feature request:

Is your feature request related to a problem? Please describe. Customers are confused that getCurrentUser()?.username returns unexpected values in different scenarios, such as when the User Pool configuration allows aliases for sign in.

Describe the solution you'd like A normalized, predictable behavior for getCurrentUser()?.username that acts the same across platforms.

Describe alternatives you've considered Note conversation above for workarounds, and differing behavior on Android vs. iOS

Additional context See conversation above.

palpatim avatar Jun 18 '21 23:06 palpatim

Any solution for this?

Since am using flutter version. Sometimes after uninstall and install the app again am getting some userId which is not present in cognito user pool. username is not returning also.

Sunsiha avatar Jul 24 '22 14:07 Sunsiha

@Sunsiha, please open a new issue on the Amplify Flutter repo with the details of the issue you're experiencing. Please also link this issue in there so both teams can investigate. Thanks!

atierian avatar Jul 25 '22 18:07 atierian

Changed logic to get these values always from the token - https://github.com/aws-amplify/amplify-ios/blob/97a2bac5d6d7d27fc9934a0f5271acd42aa7b6f9/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Support/Helpers/TokenParserHelper.swift#L12

royjit avatar Sep 21 '22 19:09 royjit

Amplify 2.0 has been released which normalizes what values are returned in the getCurrentUser API. The API will now use the accessToken to determine the userId and username values. Adding the reference to the implementation as well.

harsh62 avatar Oct 21 '22 15:10 harsh62