No Callback for Auth.fetchUserAttributes

[tapovana-innovations]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

// Put output below this line
implementation 'com.amplifyframework:aws-auth-cognito:1.24.0'

Environment information

# Put output below this line

------------------------------------------------------------
Gradle 7.2
------------------------------------------------------------

Build time:   2021-08-17 09:59:03 UTC
Revision:     a773786b58bb28710e3dc96c4d1a7063628952ad

Kotlin:       1.5.21
Groovy:       3.0.8
Ant:          Apache Ant(TM) version 1.10.9 compiled on September 27 2020
JVM:          11.0.11 (AdoptOpenJDK 11.0.11+9)
OS:           Mac OS X 11.5 x86_64

Please include any relevant guides or documentation you're referencing

No response

Describe the bug

No callback is received in app for Auth.fetchUserAttributes.
This is happening especially when the existing token in expired and user is re-authenticated.

We are using federated sign-in via OKTA. Login is successful and returned to app
App listens to Hub Events like this
Amplify.Hub.subscribe(
HubChannel.AUTH
) { hubEvent: HubEvent<*> -> ....
....
when (AuthChannelEventName.valueOf(hubEvent.name)) {
AuthChannelEventName.SIGNED_IN -> {
Auth.fetchUserAttributes(....
.....

Reproduction steps (if applicable)

User is re-authenticated as expected if token is expired and SIGNED_IN is notified at the app via Hub Events

When Auth.fetchUserAttributes is called no callback is returned

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line

W/AWSMobileClient: signalTokensNotAvailable

W/AWSMobileClient: signalTokensNotAvailable
W/AWSMobileClient: Tokens are invalid, please sign-in again.

java.lang.Exception: No cached session.
        at com.amazonaws.mobile.client.AWSMobileClient$11$1.signalTokensNotAvailable(AWSMobileClient.java:1943)
        at com.amazonaws.mobile.client.AWSMobileClient$11$1.getAuthenticationDetails(AWSMobileClient.java:1923)
        at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1032)
        at com.amazonaws.mobile.client.AWSMobileClient$11.run(AWSMobileClient.java:1904)
        at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
        at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1870)
        at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1076)
        at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:877)
        at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:874)
        at com.amazonaws.mobile.client.internal.ReturningRunnable$1.run(ReturningRunnable.java:44)
        at java.lang.Thread.run(Thread.java:919)
D/AWSMobileClient: Inspecting user state details

W/AWSMobileClient: signalTokensNotAvailable
W/AWSMobileClient: Tokens are invalid, please sign-in again.
    java.lang.Exception: No cached session.
        at com.amazonaws.mobile.client.AWSMobileClient$11$1.signalTokensNotAvailable(AWSMobileClient.java:1943)
        at com.amazonaws.mobile.client.AWSMobileClient$11$1.getAuthenticationDetails(AWSMobileClient.java:1923)
        at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1032)
        at com.amazonaws.mobile.client.AWSMobileClient$11.run(AWSMobileClient.java:1904)
        at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
        at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1870)
        at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1076)
        at com.amazonaws.mobile.client.AWSMobileClient.waitForSignIn(AWSMobileClient.java:955)
        at com.amazonaws.mobile.client.AWSMobileClient$19.run(AWSMobileClient.java:2570)
        at com.amazonaws.mobile.client.internal.InternalCallback$1.run(InternalCallback.java:101)
        at java.lang.Thread.run(Thread.java:919)
D/AWSMobileClient: waitForSignIn: userState:SIGNED_OUT_USER_POOLS_TOKENS_INVALID

W/AWSMobileClient: signalTokensNotAvailable

/* FEDERATED SIGN-IN TAKES PLACE HERE */

D/AuthClient: Authorization flow completed successfully
D/AWSMobileClient: onSuccess: HostedUI signed-in
D/AWSMobileClient: _federatedSignIn: Putting provider and token in store
D/AWSMobileClient: Inspecting user state details
D/AWSMobileClient: Inspecting user state details
D/AWSMobileClient: hasFederatedToken: false provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ
D/AWSMobileClient: hasFederatedToken: false provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ

D/AWSMobileClient: onResult: Federation from the Hosted UI succeeded
D/AWSMobileClient: hasFederatedToken: true provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ

D/AWSMobileClient: Inspecting user state details
D/AWSMobileClient: hasFederatedToken: true provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ

/* NO CALLBACK FOR FETCH USER ATTRIBUTES REQUEST AT THIS STAGE */

amplifyconfiguration.json

{
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "",
"Region": "us-west-2"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "",
"AppClientId": "5rtv8ahv2c7ijdlviqopsicas8",
"Region": "us-west-2"
}
},
"Auth": {
"Default": {
"OAuth": {
"WebDomain": ".auth.us-west-2.amazoncognito.com",
"AppClientId": "5rtv8ahv2c7ijdlviqopsicas8",
"SignInRedirectURI": "",
"SignOutRedirectURI": "",
"ResponseType": "code",
"Scopes": [
"phone",
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin",
""
]
},
"authenticationFlowType": "USER_SRP_AUTH"
}
}
}
}
}
}

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

[tylerjroach]

Thank you for your report. Someone on our team will take a look.

[gpanshu]

Hi @tapovana-innovations can you paste the result of the fetchAuthSession after you are logged in before you do a fetchUserAttributes? Also if upgrading is an option for you I would highly recommend you to upgrade to V2 of the Amplify library for Android as we have rewritten it entirely in Kotlin.

[tapovana-innovations]

Hi
This is the sequence of log entries when token in expired and we try to login

02/13 08:47:26: Launching 'app' on Xiaomi POCO F1.
Install successfully finished in 14 s 648 ms.

V/FA: onActivityCreated

D/--- CLM ---: Configure Amplify

D/AWSMobileClient: Using the SignInProviderConfig from awsconfiguration.json.
D/AWSMobileClient: initialize: Cognito HostedUI client detected
D/AWSMobileClient: Inspecting user state details

D/--- CLM ---: Subscribe to Events
D/CognitoLoginManager: *** fetchSession ***
D/CognitoLoginManager: ====> HubEvent: SUCCEEDED
D/CognitoLoginManager: Amplify Auth Hub Event: Initialization Succeeded

D/AWSMobileClient: Inspecting user state details

W/.tech.debu: Long monitor contention with owner Thread-6 (13096) at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserSession com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.readCachedTokens()(CognitoUser.java:2700) waiters=0 in com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserSession com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getCachedSession() for 1.321s
W/AWSMobileClient: signalTokensNotAvailable
W/CognitoUserSession: CognitoUserSession is not valid because idToken is null.
W/AWSMobileClient: signalTokensNotAvailable
W/AWSMobileClient: Tokens are invalid, please sign-in again.
java.lang.Exception: No cached session.
at com.amazonaws.mobile.client.AWSMobileClient$11$1.signalTokensNotAvailable(AWSMobileClient.java:1943)
at com.amazonaws.mobile.client.AWSMobileClient$11$1.getAuthenticationDetails(AWSMobileClient.java:1923)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1032)
at com.amazonaws.mobile.client.AWSMobileClient$11.run(AWSMobileClient.java:1904)
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1870)
at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1076)
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:877)
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:874)
at com.amazonaws.mobile.client.internal.ReturningRunnable$1.run(ReturningRunnable.java:44)
at java.lang.Thread.run(Thread.java:919)
D/CognitoLoginManager: *** (Auth.fetchAuthSession) Already Signed In ***
D/--- CLM ---: Fetch User Attributes
D/AWSMobileClient: Inspecting user state details
W/CognitoUserSession: CognitoUserSession is not valid because idToken is null.
W/AWSMobileClient: signalTokensNotAvailable
W/AWSMobileClient: Tokens are invalid, please sign-in again.
java.lang.Exception: No cached session.
at com.amazonaws.mobile.client.AWSMobileClient$11$1.signalTokensNotAvailable(AWSMobileClient.java:1943)
at com.amazonaws.mobile.client.AWSMobileClient$11$1.getAuthenticationDetails(AWSMobileClient.java:1923)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1032)
at com.amazonaws.mobile.client.AWSMobileClient$11.run(AWSMobileClient.java:1904)
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1870)
at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1076)
at com.amazonaws.mobile.client.AWSMobileClient.waitForSignIn(AWSMobileClient.java:955)
at com.amazonaws.mobile.client.AWSMobileClient$19.run(AWSMobileClient.java:2570)
at com.amazonaws.mobile.client.internal.InternalCallback$1.run(InternalCallback.java:101)
at java.lang.Thread.run(Thread.java:919)
D/AWSMobileClient: waitForSignIn: userState:SIGNED_OUT_USER_POOLS_TOKENS_INVALID
W/CognitoUserSession: CognitoUserSession is not valid because idToken is null.
D/CognitoLoginManager: ====> HubEvent: SESSION_EXPIRED
W/AWSMobileClient: signalTokensNotAvailable

[tapovana-innovations]

In the properly working scenario this is the log

02/13 09:04:06: Launching 'app' on Xiaomi POCO F1.

V/FA: onActivityCreated

D/--- CLM ---: Configure Amplify
D/AWSMobileClient: Using the SignInProviderConfig from awsconfiguration.json.
D/AWSMobileClient: initialize: Cognito HostedUI client detected
D/AWSMobileClient: Inspecting user state details
D/--- CLM ---: Subscribe to Events
D/CognitoLoginManager: *** fetchSession ***
D/AWSMobileClient: Inspecting user state details
D/CognitoLoginManager: ====> HubEvent: SUCCEEDED
D/CognitoLoginManager: Amplify Auth Hub Event: Initialization Succeeded

D/AWSMobileClient: hasFederatedToken: false provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ
D/AWSMobileClient: hasFederatedToken: false provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ

D/AWSMobileClient: Inspecting user state details
D/AWSMobileClient: hasFederatedToken: true provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ
D/AWSMobileClient: waitForSignIn: userState:SIGNED_IN
D/AWSMobileClient: getCredentials: Validated user is signed-in
D/CognitoLoginManager: *** (Auth.fetchAuthSession) Already Signed In ***
D/--- CLM ---: Fetch User Attributes
D/AWSMobileClient: Inspecting user state details
D/AWSMobileClient: hasFederatedToken: true provider: cognito-idp.us-west-2.amazonaws.com/us-west-2_71D5Np1eQ
D/AWSMobileClient: waitForSignIn: userState:SIGNED_IN
D/CognitoLoginManager: Attributes -> [AuthUserAttribute {key=AuthUserAttributeKey {attributeKey=sub}, value=42a5087f-c4f9-4c93-8cb7-959836d862d5}, AuthUserAttribute {key=AuthUserAttributeKey {attributeKey=identities}, value=[{"userId":"*****","providerName":"Technicians","providerType":"SAML","issuer":"http://www.okta.com/exklz088kuYg0qHEU0h7","primary":true,"dateCreated":1603776740400}]}]
E/CLM: authUserAttributeKey -> sub
D/CognitoLoginManager: Key - Value -> 42a5087f-c4f9-4c93-8cb7-959836d862d5
E/CLM: authUserAttributeKey -> identities
D/CognitoLoginManager: Key - Value -> [{"userId":"*******","providerName":"Technicians","providerType":"SAML","issuer":"http://www.okta.com/exklz088kuYg0qHEU0h7","primary":true,"dateCreated":1603776740400}]

[gpanshu]

Thank you so much for providing this information. We will investigate and get back to you.

[gpanshu]

HI @tapovana-innovations from what I understand the flow is this (Please correct me if I am wrong):

1. You sign in
2. You do a fetch auth session and the cognito user session is invalid
3. You sign in again
4. You do a fetch user attributes which does not return a response

After #3 if you do a fetchAuthSession does it return a successful response with a successful user session?

Is that correct?

[AnirudhWinimy]

+1
This seem to be happening to us too, using amplify version 1.37.0
These are the steps to reproduce:

1. Sign in using social login signInWithSocialWebUI
2. Refresh token expires, so fetch auth session user session is invalid
3. Prompt user to signin again , invoking signInWithSocialWebUI
4. Call fetchAuthSession after signin is sucessful, the callback never gets triggered.

We are using version 1.37.0
com.amplifyframework:core:1.37.0
com.amplifyframework:aws-auth-cognito:1.37.0
com.amplifyframework:aws-analytics-pinpoint:1.37.0

[tapovana-innovations]

Sorry for delayed reply.

The root of the issue appears to be lies in the Auth.fetchAuthSession which calls 'success' callback with 'success.isSignedIn' as TRUE though token/session is expired.. If it returns (when session is expired) 'FALSE' for 'isSignedIn' i guess that would guide developers to apply different logic in the code.

We have tried to upgrade to 2.x but due to breaking changes we couldn't proceed.

[Androidbangnv]

Already upgrade to 2.xx but this issue still unresolved

Using version : 2.5.0
com.amplifyframework:core:2.5.0
com.amplifyframework:aws-auth-cognito:2.5.0

Anyone have a solution?

[tylerjroach]

@tapovana-innovations I have been able to reduce the scenario where fetchUserAttributes does not get called if the auth session is expired and unable to refresh due to refresh token expiration.

@AnirudhWinimy You are reporting a different scenario of fetchAuthSession not returning a callback. I was unable to replicate the issue in the steps you have described. Could you please open a new issue for the issue that you are seeing with logs.

@Androidbangnv Please open a new issue with logs, describing the scenario you are seeing. v1 and v2 of Amplify was a complete rewrite, so any logs posted for v1 issue do not translate to v2.

[tylerjroach]

@tapovana-innovations

From your 1st example showing no callback from fetchUserAttributes, I can see that you received the hub event of:
D/CognitoLoginManager: ====> HubEvent: SESSION_EXPIRED.

When this event is fired, the refresh token has expired and the user must be logged out, and then signed in again.

In the Amplify v1 implementation, there are a few methods like fetchUserAttributes that will end up in a waiting state for the user to be signed out or signed in again before a response is returned in the callback.

For Amplify v1, the expectation is that hub events are listened to, and the user is signed out upon receiving SESSION_EXPIRED.

In Amplify v2, this behavior was changed, where fetchUserAttributes will return an onError callback if the refresh token is invalid.

From what I see in the logs, the v1 behavior is working as expected.

[gpanshu]

Closing due to inactivity. Feel free to open a new issue if your problem still persists.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.