For Google Federated Signin: AWSMobileClient.getInstance().initialize returns userState SIGNED_IN but AWSMobileClient.getInstance().getIdentityId() is null #700
Assignees
Labels
bug
Something isn't working
mobile client
Issues with AWS Mobile's client-side Cognito wrapper
pending-community-response
Issue is pending response from the issue requestor
Comments
BillBunting
changed the title
minbi
added
bug
|
Hi @BillBunting , Thanks for the report and details. I'll investigate and report back here. |
|
@minbi , I have very similar issues in the iPhone version of my app after upgrading from AWS-sdk-ios 2.8.2 to the current 2.9.0. A Google federated sign-in is not always able to refresh the token automatically. I'm going to upgrade the iOS version of the app to use 2.9.1 and also update the GoogleSignIn pod from 4.3.0 to 4.4.0 to see if that helps. As far as Android is concerned, it seems the app has had issues refreshing tokens for Google federated sign in for several AWS SDK Android releases since 2.8, including the version I have in production at this time built on 2.11.0. I reverted back to prior versions without success. I also attempted to turn on unauthenticated access by selecting "Enable access to unauthenticated identities" in the app's federated identity pool. With this enabled, anonymous, unauthenticated access was granted and a identityId was returned, but as it was an unauthenticated ID, all queries to DynamoDB, etc failed (as they should). The documentation is unclear on how to configure the identity pool (since this app was not built with Amplify (old MobileHub generated product). Does the identity pool need to have unauthenticated access enabled? Is there any more documentation? This problem remains specific to Google federated identities. Facebook works fine. Unfortunately, I'm blocked and my Google users are locked out of the app in some cases. Thank you for your attention to this issue. -Bill. |
|
@minbi Any update on this? I'd like to see a call to getIdentityId() with a callback when the identityId is available, similar to the iOS call. Since AWSMobileClient seems to function better for Facebook, I suspect a bug in the Goggle-related code. |
|
Hi @BillBunting , I'm looking at refreshing the code that we are using for Google and making sure that the refresh is working properly. For the identity id being null, can you try making a I will discuss with the team whether we can add an async |
|
@minbi Thank you for the suggestions. I will try the call to getCredentials() prior to getIdentityId() as a workaround. For consistency with the iOS version, it would be nice to have a callback on getIdentityId() rather than just returning null. Thank you for scheduling a review of the Google code. |
|
I added a call to getCredentials() after AWSMobileClient.getInstance().initialize() and upon case SIGNED_IN. It works properly the first time (as it did prior) but when I call SignOut(), and call the below method again, the following exception is thrown. Using 2.12.0 still. (Upgrade to 2.12.1 caused a UI crash when attempting to use the SignIn UI for a Cognito user pool and/or providing invalid entries such as leaving the password blank upon submit.) |
|
@BillBunting , I'll need to dive into this exception, the |
|
@minbi , signOut() is called on the UI thread as follows, but for extra measure, I wrapped it runOnUIThread. Either way, I still get the same exception from Google federated sign-in if I sign-in then sign out, then sign in again. Facebook and the app's Cognito user pool do not have this issue. I can repeatedly sign in and out with both Facebook and the app's Cognito user pool. |
|
@minbi , I'm confident there are bug in this release and possibly the prior release related specifically to Google federated sign-in. You asked: Is I have tried a lot of different things to work around the problem, but my current code is making all calls to SignOut and SignIn using runOnUIThread() the initializeAWSMobileClient() method is listed in a prior comment. Unfortunately, I'm blocked by problems with AWSMobileClient.getInstance().showSignIn and issues with Google federated sign-in via showSignIn. Is there a sample application to demonstrate the correct use of AWSMobileClient.getInstance().showSignIn() and the sign-in workflow and user state management including expired token management, etc? Thank you for your attention in this matter. |
|
@minbi Any update on this bug. I tried 2.12.2 and have the same problem. If a user signs in then out and attempts to sign back in again they are unable (exceptions thrown). Likewise, after the federated token expires after 1 hour, the user is unable to sign back in again. The problem only exists for Google federated signing. Stacktrace of error |
|
Hi @BillBunting , we did not address this issue in the 2.12.2 release. This is still in my queue. |
|
@minbi Google Federated sign-in with the drop in UI has not worked since 2.12.0, 27 days ago. This issue has blocked future releases on my app. When will this issue get some attention? I upgraded to 2.12.5. For Google, I still get the series of errors mentioned above. Facebook and Cognito username/password login work well. Thank you. |
|
@minbi , please help. Other issues and people seem to be suggesting the same or very similar bug. Google federated sign-in user tokens appear to expire and AWSMobileClient fails to refresh them after 1 hour (or after two immediate sign-out/sign-ins). This bug is only occurring for Google sign-in (via the drop in UI). Facebook and Cognito User Pool users do not have this issue (for me). Possibly related to users using multiple sign-in methods on the same device. I have been unable to release a new version of my app since early Feb. due to this issue. Please give it a bump in priority; thank you. |
minbi
added a commit
that referenced
this issue
Apr 2, 2019
…/Facebook from drop-in UI Updated `federatedSignIn()` method to contact the service immediately to validate tokens. The `signIn()` method will also attempt to federated immediately when applicable. See [issue #800](#800) Fix Google or Facebook refresh when using the drop-in UI. See [issue #809](#809), [issue #700](#700) Annotated methods that are designed to be called from UI thread or from a background thread with @anythread and @workerthread, respectively.
minbi
added a commit
that referenced
this issue
Apr 2, 2019
…/Facebook from drop-in UI Updated `federatedSignIn()` method to contact the service immediately to validate tokens. The `signIn()` method will also attempt to federated immediately when applicable. See [issue #800](#800) Fix Google or Facebook refresh when using the drop-in UI. See [issue #809](#809), [issue #700](#700) Annotated methods that are designed to be called from UI thread or from a background thread with @anythread and @workerthread, respectively.
sunchunqiang
pushed a commit
that referenced
this issue
Apr 2, 2019
…/Facebook from drop-in UI Updated `federatedSignIn()` method to contact the service immediately to validate tokens. The `signIn()` method will also attempt to federated immediately when applicable. See [issue #800](#800) Fix Google or Facebook refresh when using the drop-in UI. See [issue #809](#809), [issue #700](#700) Annotated methods that are designed to be called from UI thread or from a background thread with @anythread and @workerthread, respectively.
|
Hi, Please see if SDK release 2.12.7 fixes this issue for you. We have added the following enhancements:
You may see all changes in the changelog |
|
After upgrading to 2.12.7, AWSMobileClient fails to initialize properly and shows these errors when the app starts.The app calls AWSMobileClient.getInstance().initialize(this, new Callback() one time from onResume() from the MainActivity (launcher) upon app startup and now receives the following errors. AWSMobileClient.getInstance().initialize returns and the drop in sign in UI is called and the sign in activity is shown displaying Google, Facebook, and User Pool sign in options but clicking the buttons does nothing. User is unable to sign in.. Then, the initialize returns SIGNED_OUT so the app calls AWSMobileClient.getInstance().showSignIn followed by unauthorized exceptions. |
|
Hi @BillBunting , I found the bug, stay tuned for a fix. |
|
@minbi , I found a bug too - I bet it is the same one. line 3171 AWSMobileClient.java possible solution : set AWSMobileClient.this.awsConfiguration = awsConfiguration; sooner and before the call to identityManager.addSignInStateChangeListener(new SignInStateChangeListener() in _initialize OR pass the awsConfiguration to isConfigurationKeyPresent so it will not use this.awsConfiguration. |
|
Please see if SDK release 2.13.0 fixes this issue for you. |
|
@minbi , I started testing 2.13.0. At least one of the two issues remains a problem. If a Google user is signed in, then signs out and back in again, errors are generated as follows when the activity resumes after the Google button is selected. I am testing the token timeout (1 hour) now also. CognitoCachingCredentialsProvider: Failure to get credentials Logging |
|
@minbi , 2.13.0 has not resolved the problem. The app performs the same; after 1 hour, the token fails to federate Google sign-in, the sign-in dialog appears, the app main activity resumes, the sign-in onResult returns SIGNED_IN, app calls AWSMobileClient.getInstance().getAWSCredentials(new Callback() as you suggested to verify the credentials, getAWSCredentials never makes any callback to either onResult() nor onError(). This, the app blocks waiting for getAWSCredentials to make the call. Restarting the app results in a successful sign-in. Stacktrace and code |
|
@BillBunting , Thanks for the verification. I have a fix for the Google sign-in, sign-out, sign-in again problem. Still looking at the refresh issue. |
minbi
added
pending-release
|
@BillBunting , This issue should have been fixed in the 2.13.1 release as well. Please let us know if it persists. |
minbi
added
pending-community-response
|
@minbi - appears to be fixed. Thank you. |
awsmobilesdk
pushed a commit
to awsmobilesdk/aws-sdk-android
that referenced
this issue
Apr 12, 2020
…/Facebook from drop-in UI Updated `federatedSignIn()` method to contact the service immediately to validate tokens. The `signIn()` method will also attempt to federated immediately when applicable. See [issue aws-amplify#800](aws-amplify#800) Fix Google or Facebook refresh when using the drop-in UI. See [issue aws-amplify#809](aws-amplify#809), [issue aws-amplify#700](aws-amplify#700) Annotated methods that are designed to be called from UI thread or from a background thread with @anythread and @workerthread, respectively.
awsmobilesdk
pushed a commit
to awsmobilesdk/aws-sdk-android
that referenced
this issue
Apr 12, 2020
…/Facebook from drop-in UI Updated `federatedSignIn()` method to contact the service immediately to validate tokens. The `signIn()` method will also attempt to federated immediately when applicable. See [issue aws-amplify#800](aws-amplify#800) Fix Google or Facebook refresh when using the drop-in UI. See [issue aws-amplify#809](aws-amplify#809), [issue aws-amplify#700](aws-amplify#700) Annotated methods that are designed to be called from UI thread or from a background thread with @anythread and @workerthread, respectively.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
For Google sign-in, AWSMobileClient.getInstance().initialize returns SIGNED_IN but AWSMobileClient.getInstance().getIdentityId() == null
This is related to a larger issue I am trying to resolve. Facebook federated sign-in via AWSMobileClient.getInstance().showSignIn works perfectly. But, Google does not.
With Google, if a user signs out then attempts to sign in again, the sign-in will fail. AWSMobileClient may not refresh the token. After a token expires, it is not refreshed. AWSMobileClient should be refreshing the token automatically? Details below.
To Reproduce
Sign-in by selecting the "Sign in with Google" button on the AWSMobileClient.getInstance().showSignIn view. The first time, this will work. Then, call AWSMobileClient.getInstance().signOut() followed by AWSMobileClient.getInstance().showSignIn. The second time, the sign-in claims to succeed but the identityId is returned as null.
What is the proper way or location to get the identityId by calling AWSMobileClient.getInstance().getIdentityId() ?
I suspect this may be a bug related to not refreshing the token properly for Google federated sign-in. Calling sign-out in the app has a similar effect as waiting for the token to expire. Both cases result in a call to AWSMobileClient.getInstance().getIdentityId() returning null. However, Facebook federated sign-in does not have this problem.
A code sample or steps:
and the showSignIn() is contained in this method:
Which AWS service(s) are affected?
Expected behavior
I would expect after a successful sign in for getIdentityId() to return the identity id.
Environment Information (please complete the following information):
android {
Device: Simulator or device
Android Version: various
Specific to simulators: No
The text was updated successfully, but these errors were encountered: