amplify-js
amplify-js copied to clipboard
aws-amplify
Auth - Offline Session Management in React Native (expired tokens while offline)
Before opening, please confirm:
- [X] I have searched for duplicate or closed issues and discussions.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
JavaScript Framework
React Native
Amplify APIs
Authentication
Amplify Categories
auth
Environment information
System:
OS: macOS 12.0.1
CPU: (10) arm64 Apple M1 Max
Memory: 74.09 MB / 32.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 18.7.0 - /opt/homebrew/bin/node
Yarn: 1.22.19 - /opt/homebrew/bin/yarn
npm: 8.15.0 - /opt/homebrew/bin/npm
Watchman: 2022.08.15.00 - /opt/homebrew/bin/watchman
Browsers:
Chrome: 105.0.5195.125
Firefox: 105.0.1
Safari: 15.1
npmPackages:
@novu/node: ^0.8.0 => 0.8.0
amqp-connection-manager: ^3.8.1 => 3.8.1
amqplib: ^0.8.0 => 0.8.0
amqplib-tutorials: 0.0.1
npmGlobalPackages:
@aws-amplify/cli: 9.0.0
@nestjs/cli: 8.2.6
aws-cdk: 2.43.0
eas-cli: 0.54.1
envinfo: 7.8.1
expo-cli: 5.4.6
n: 8.0.0
netlify-cli: 8.0.15
npm: 8.15.0
nx: 13.4.5
plop: 3.0.5
react-devtools: 4.24.3
ts-node: 10.8.1
typeorm: 0.3.6
typescript: 4.5.2
vercel: 28.2.2
Describe the bug
Hi all
We are experiencing session issues with our mobile apps, when our users are offline and the id/access token has expired.
id + access token have expiration of 60min and refresh token of 90 days
We would be interested how others are handling this situation:
- When a user is offline / has no internet connection and resumes the app after the id + access token have expired, the session is dropped and the user is logged out
- How can we avoid this behavior as it is a big pain point?
Would appreciate any feedback
Expected behavior
While user is offline and id + access tokens have expired:
const session = Auth.currentSession()
Reproduction steps
- Go into airplaine mode
- Close app
- Wait until tokens have expired
- Open app
Code Snippet
const session = Auth.currentSession()
Log output
// Put your logs below this line
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response
Hi :wave: @L-U-C-K-Y I am attempting to reproduce this and had a few questions:
I only see the @aws-amplify/cli and aws-cdk packages in your environment info, how are you using Amplify within the app itself? Can you give a snapshot of your current package.json
Does this happen only if the app is in a quit state?
Hi 👋 Closing this as we have not heard back from you. The most common solution I've seen to this is to set the id/access token to a higher expiration time (max 1 day), which can be done in the Cognito console in the App Client settings.
If you are still experiencing this issue and in need of assistance, please feel free to comment and provide us with any information previously requested by our team members so we can re-open this issue and be better able to assist you.
Thank you!
Hi @tannerabread I'm not the OP but we're experiencing exactly the same problem (mobile app + react native + app stays offline for a long period of time).
We are currently have Coginito service setup in AWS, and using [email protected] library just for authentication (via hosted UI).
When the app launches we check user session, something like this:
import { Auth } from 'aws-amplify';
const getTokensAndUserOnAppStart = async () => {
// refresh tokens
const data = await Auth.currentSession();
// get user details
const user = await Auth.currentAuthenticatedUser();
}
The suggestion of increasing the expiration time to 1 day does not solve the problem. Our app needs to work offline. Also, the app may not be in use for a few days/weeks in a row. When the app is launched and the token is expired, the app thinks that user is not authenticated for a brief moment.
It becomes even more problematic if the phone happens to be offline/no internet. The amplify library is not able to reach Cognito service and the session is dropped. When the app is in this state, there is no way (?) to check whether the user was logged in into the app or not, or who the user was. Both currentSession and currentAuthenticatedUser methods are raising exceptions.
AFAIK amplify stores some information internally in the local storage, so it is technically possible to determine that the user was logged in or not.
Any advice on how to handle offline mode in react native apps?
Hi @euvs
Sorry for the delayed response, it sounds like your needs are to verify if a user was previously logged in through the information stored in the cookies. You are correct that information does persist but the currentSession and currentAuthenticatedUser methods are asynchronous and make API calls to Cognito itself.
I believe Auth.currentAuthenticatedUser({ bypassCache: false }) should work but that wouldn't solve your issue if the user was offline for an extended period of time. Other than that I don't think there is currently a way to check those cookies from Amplify.
Can you confirm that I captured your concerns correctly? And maybe anything you would suggest to handle this?
Hi @tannerabread We have the exact same requirements as @euvs (using amplify.js) and for us, you summarized it correctly. We already set the id/access token to the max of 1 day which is in our case unfortunately not sufficient.
I'm struggling with how to achieve offline usage of the app for multiple days and I would appreciate any help/ideas on that topic.
Hi @Morathil did you find any solutions for the staying offline for more that 1 day? I'm also facing the same issue.
Hey @tannerabread. We are experiencing this in our react native app. The issue precisely is that if a user opens the app while offline and his access token has expired, then Auth.currentAuthenticatedUser() throws The user is not authenticated. If the user then came online Auth.currentAuthenticatedUser() will return correctly.
This is an issue because users will think they are logged out but in reality they are not. All they need to do is turn on their wifi and then they are logged in again.
You can reproduce it by creating a simple react native app with aws amplify setup and log in with a user. You can then turn off wifi, change time from settings to after the period of the access token, and then try to call Auth.currentAuthenticatedUser() and you will see The user is not authenticated being thrown. In fact I do not think you need a react native app specifically, but that's our use case.
There is a merged fix in amplify-flutter to handle when a user is offline. Can we have something similar here?
Hi, excuse the delay on this issue. I have just reproduced it with the steps provided and will bring it up with the rest of the team soon to see if this is something we will fix on our side.
Hi, excuse the delay on this issue. I have just reproduced it with the steps provided and will bring it up with the rest of the team soon to see if this is something we will fix on our side.
Thank you and looking forward for a reply 🙏🏻
Hi @itsramiel this is something I think we want to/should support so we have marked this as a bug and the team is going to look into this further. I don't currently have a timeline on the fix but any updates should be posted here.
Thank you for bringing this to our attention
Would be good to see some support for this. At least more descriptive errors so we can handle offline refresh case.
Running into the same problems around offline and low connectivity app usage (Amplify returning {} for auth tokens, and doesn't recover once connection is restored).
We are experiencing the same issues in the react-native app. Do you have any updates about this? The user is logged out when the internet is off due to a token refresh failure. Is there a way to avoid refreshing the token if the internet is unavailable?
My team is also having this same issue. Any insight here would be great!
My team is having serious issues with this, can you please give an update on the status?
