CognitoCachingCredentials: Token is inactive error when using Kinesis

[meavydev]

Describe the bug This is with an updated AWS AuthToken, which is reporting an expiry time an hour away:

07-08 14:00:19.428 18549 22126 D Utils$Companion: Updating AWS AuthToken for Kinesis with new expiry Thu Jul 08 15:00:19 GMT+01:00 2021

Then we see this (2 sec later), which shows the user is signed in but it gives "Token is inactive" errors in the logcat:

07-08 14:00:21.839 18549 22113 D CognitoCachingCredentia: Clearing credentials from SharedPreferences 07-08 14:00:21.840 18549 23231 D AWSMobileClient: Inspecting user state details 07-08 14:00:21.840 18549 23231 I KinesisStream$initKinesisDataStream: [nvsdk] AWS Init onResult: SIGNED_IN 07-08 14:00:21.841 18549 23231 I KinesisStream$initKinesisDataStream: [nvsdk] AWS user is signed in, setting up Kinesis 07-08 14:00:21.847 18549 22974 D CognitoCachingCredentia: Loading credentials from SharedPreferences 07-08 14:00:21.849 18549 22974 D KeyProvider23: AndroidKeyStore contains keyAlias com.amazonaws.android.auth.aesKeyStoreAlias 07-08 14:00:21.849 18549 22974 D KeyProvider23: Loading the encryption key from Android KeyStore. 07-08 14:00:21.851 18549 22974 D CognitoCachingCredentia: Making a network call to fetch credentials. 07-08 14:00:21.853 18549 22610 D com.amazonaws.request: Received error response: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is inactive (Service: null; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 8ccc7906-9aae-46a2-8b39-a38cb7ce87c5) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: DeadLetterListener onRecordsDropped has thrown an exception (user code) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: java.lang.NullPointerException: Attempt to invoke interface method 'void com.amazonaws.mobileconnectors.kinesis.kinesisrecorder.DeadLetterListener.onRecordsDropped(java.lang.String, java.util.List)' on a null object reference 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.mobileconnectors.kinesis.kinesisrecorder.AbstractKinesisRecorder.submitAllRecords(AbstractKinesisRecorder.java:188) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at com.navenio.sdk.aws.kinesis.KinesisStream$sendKinesisWifiStream$1.invokeSuspend(KinesisStream.kt:253) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) 07-08 14:00:21.854 18549 22610 E AbstractKinesisRecorder: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: ServiceException in submit all, the last request is presumed to be the cause and will be dropped 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is inactive (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 8ccc7906-9aae-46a2-8b39-a38cb7ce87c5) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:742) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:420) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:229) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:1836) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getId(AmazonCognitoIdentityClient.java:809) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.auth.AWSAbstractCognitoIdentityProvider.getIdentityId(AWSAbstractCognitoIdentityProvider.java:172) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.auth.AWSEnhancedCognitoIdentityProvider.refresh(AWSEnhancedCognitoIdentityProvider.java:76) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:687) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.auth.CognitoCredentialsProvider.getCredentials(CognitoCredentialsProvider.java:474) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:496) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:78) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.services.kinesis.AmazonKinesisClient.invoke(AmazonKinesisClient.java:3331) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.services.kinesis.AmazonKinesisClient.putRecords(AmazonKinesisClient.java:1716) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.mobileconnectors.kinesis.kinesisrecorder.KinesisStreamRecordSender.sendBatch(KinesisStreamRecordSender.java:86) 07-08 14:00:21.858 18549 22610 E AbstractKinesisRecorder: at com.amazonaws.mobileconnectors.kinesis.kinesisrecorder.AbstractKinesisRecorder.submitAllRecords(AbstractKinesisRecorder.java:139)

To Reproduce Seems to be random, but when it happens it repeats, interspersed with working Kinesis uploads.

Which AWS service(s) are affected? Kinesis / Cognito

Expected behavior No error

Environment Information (please complete the following information):

• AWS Android SDK Version: 2.26.0
• Device: Pixel 3A XL
• Android Version: 10
• Specific to simulators: No

[div5yesh]

@hassanctech Please take a look at this.

[gpanshu]

HI @meavydev can you advise if this is still an issue. If it is can you advise exactly the steps you took to reproduce this?

[meavydev]

Hard to say as we coded around the problem and it was... a year ago!

[gpanshu]

If you remember what the workaround was or can dig it, please feel free to comment it out here to help others.

[meavydev]

Actually we obviously haven't coded round it (we just added retries and restarted Kinesis). We are currently using AWS SDK 2.55.0 on Android 13. 01-16 11:57:09.238 21201 24819 D com.amazonaws.request: Received error response: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is inactive (Service: null; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 5dd57c8f-c44e-4bbc-8bbb-7bed9f27bdd9) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: Failure to get credentials 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is inactive (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: NotAuthorizedException; Request ID: 5dd57c8f-c44e-4bbc-8bbb-7bed9f27bdd9) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:742) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:420) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:229) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.invoke(AmazonCognitoIdentityClient.java:1836) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient.getCredentialsForIdentity(AmazonCognitoIdentityClient.java:750) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:791) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:703) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCredentialsProvider.refresh(CognitoCredentialsProvider.java:640) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCachingCredentialsProvider.refresh(CognitoCachingCredentialsProvider.java:511) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getIdentityId(CognitoCachingCredentialsProvider.java:453) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCredentialsProvider.populateCredentialsWithCognito(CognitoCredentialsProvider.java:785) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCredentialsProvider.startSession(CognitoCredentialsProvider.java:703) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCredentialsProvider.getCredentials(CognitoCredentialsProvider.java:474) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:482) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.auth.CognitoCachingCredentialsProvider.getCredentials(CognitoCachingCredentialsProvider.java:78) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.services.kinesis.AmazonKinesisClient.invoke(AmazonKinesisClient.java:3331) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.services.kinesis.AmazonKinesisClient.putRecords(AmazonKinesisClient.java:1716) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.mobileconnectors.kinesis.kinesisrecorder.KinesisStreamRecordSender.sendBatch(KinesisStreamRecordSender.java:86) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.amazonaws.mobileconnectors.kinesis.kinesisrecorder.AbstractKinesisRecorder.submitAllRecords(AbstractKinesisRecorder.java:139) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at com.navenio.sdk.aws.kinesis.KinesisStream$scheduleSubmitKinesisRecords$1.invokeSuspend(SourceFile:498) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677) 01-16 11:57:09.242 21201 24819 E CognitoCachingCredentia: at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664) 01-16 11:57:09.242 21201 24819 D CognitoCachingCredentia: Identity id is changed 01-16 11:57:09.242 21201 24819 D CognitoCachingCredentia: Saving identity id to SharedPreferences