Reputation: 3190
AWS Cognito SignOut Android
I'm using the latest version of the AWS SDK's for Android.
implementation 'com.amazonaws:aws-android-sdk-core:2.7.6'
implementation 'com.amazonaws:aws-android-sdk-cognito:2.7.6'
implementation 'com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.7.6'
My Authentication Handler is taken from their example code for the most part.
// create a handler for the sign-in process
private AuthenticationHandler authenticationHandler = new AuthenticationHandler() {
@Override
public void onSuccess(CognitoUserSession userSession, CognitoDevice newDevice) {
// String idToken = userSession.getIdToken().getJWTToken();
// Map<String, String> logins = new HashMap<>();
// logins.put("cognito-idp.us-east-1.amazonaws.com/" + getString(R.string.user_pool_id), idToken);
// AuthHelper.getInstance().getCredentialsProvider().setLogins(logins);
//
// new RefreshCognitoCredentials().execute();
startActivity(new Intent(LoginActivity.this, MainActivity.class));
finish();
}
@Override
public void getAuthenticationDetails(AuthenticationContinuation authenticationContinuation, String userId) {
String password = inputPassword.getText().toString();
AuthenticationDetails authenticationDetails = new AuthenticationDetails(userId, password, null);
authenticationContinuation.setAuthenticationDetails(authenticationDetails);
authenticationContinuation.continueTask();
}
@Override
public void getMFACode(MultiFactorAuthenticationContinuation continuation) {
}
@Override
public void authenticationChallenge(ChallengeContinuation continuation) {
}
@Override
public void onFailure(Exception exception) {
String error = AuthHelper.formatException(exception);
layoutUsername.setErrorEnabled(true);
layoutUsername.setError(error);
}
};
Authentication works just fine. And it caches as it should. In my splashscreen activity I am able to check the CognitoUser.getCurrentUser().getUserId().
And now to logout:
CognitoUser.getCurrentUser().signOut()
Now, if I close the app and open the app - CognitoUser.getCurrentUser().getUserId() still returns my previously logged in user.
I had done an AWS implementation a few months ago with 2.2.+ as my sdk versions and this example worked as expected.
Note* If I try CognitoUser.getCurrentUser().globalSignout() - it returns a 'user is not authenticated' error.
How can I check on app start-up if I have a valid user/session? I hate how AWS changes things on a daily basis with no documentation or documentation that is impossible to find.
Upvotes: 1
Views: 1912
Answers (3)
Reputation: 21
I experienced this when updating users' emails. In my case, cognito is not updating the value of the last authenticated user when a user switches back to a previously used email.
My solution was to manually update the value in shared preferences where cognito updates the last authenticated user:
SharedPreferences.Editor editor = context.getSharedPreferences("CognitoIdentityProviderCache", 0).edit();
String csiLastUserKey = "CognitoIdentityProvider." + cognitoUserPool.getClientId() + ".LastAuthUser";
editor.putString(csiLastUserKey, newEmail);
editor.commit();
This is a hacky workaround since I'm forcing what cognito should do automatically.
Upvotes: 1
Reputation: 21
It seems that it is a bug in AWS SDK.
I have almost the same issue. My steps:
1. Sign in as user 1
2. Sing out
3. Sign in as user 2
4. Surprise that user 1 is signed in instead of user 2
So, decided to upgrade to new SDK
com.amazonaws:aws-android-sdk-mobile-client:2.13.4
which uses
implementation 'com.amazonaws:aws-android-sdk-core:2.13.4'
implementation 'com.amazonaws:aws-android-sdk-cognito:2.13.4'
implementation 'com.amazonaws:aws-android-sdk-cognitoidentityprovider:2.13.4'
But it does not help.
During the investigation, it was found that
Issue related to file CognitoIdentityProviderCache.xml at /data/data/applicationId/shared_prefs/CognitoIdentityProviderCache.xml
CognitoIdentityProviderCache.xml file is not cleared after signout.
File content after signout example:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="CognitoIdentityProvider.app_id.LastAuthUser.encrypted">...</string>
<string name="CognitoIdentityProvider.app_id.LastAuthUser.encrypted.iv">...</string>
<string name="CognitoIdentityProvider.app_id.LastAuthUser.encrypted.keyvaluestoreversion">1</string>
</map>
Removing this 3 lines from file fixes the issue.
The workaround:
- Clear file on sign out.
But file name can be changed in the next version.
- Clear App Internal folder. (applied one)
It is the same as pressing "Clear data" at System Settings -> App -> AwesomeApp
context.cacheDir.parentFile.deleteRecursively()
You can follow my bug report for details at their bug tracker
https://github.com/aws-amplify/aws-sdk-android/issues/1015
Upvotes: 0
Reputation: 1441
signOut clears the cached tokens from the SharedPreferences. It clears the data stored under access, id and refresh tokens. However the LastAuthUser key contains the user id which is not cleared by signOut.
When you call cognitoUserPool.getCurrentUser().getUserId(), it checks for the presence of LastAuthUser key in SharedPreferences, hence it returns the userId. I am looking into the issue. Will update this answer when I can confirm the intended behavior.
Upvotes: 1
Related Questions
- AWS Cognito Sign-In (Android)
- AWS Cognito android unauthenticated credentials issue
- Simple Auth with Cognito AWS via Android
- How to sign out of aws cognito - android?
- How to implement signOut once signed in with Cognito/UserPool on Android
- What is the url for aws cognito login for the android sdk
- AWS cognito android how to do manual login flow with username, password
- How can I get AWS Cognito login/logout to work properly with AWS API Gateway on Android?
- Android aws cognito Invalid login token. Not a Cognito token
- CognitoCachingCredentialsProvider (Android) - how to logout and remove cached credentials