Does AWS Amplify sign up a user with his unauthenticated identifier ID?

Question

Say we have a Cognito Identity Pool that allows for unauthenticated identities and a AWS Amplify session that does not specify a mandatorySignIn option in its configuration, my understanding of such a session is that it gets promoted to an unauthenticated user right after a proper configuration is specified, right?

Or should AWS.Auth.currentCredentials() be called first? Anyway, assuming whichever of the two situations, if a user that is an unauthenticated user signs up using AWS.Auth.signUp(), will the identity ID specified for the sign up be the same as the identity ID specified by AWS.Auth.currentCredentials()?

I'm asking this question because I would like to generate a profile with a UUID for said unauthenticated user in a DynamoDB table.

One last question, if the user closes and re-opens the application, will the unauthenticated identity ID get preserved? As far as I know, it is saved in the Local Storage, but I'd like to be sure.

Answer 1

It seems that authenticated and unauthenticated identities are completely distinct. Your unauthenticated identity does get cached in Local Storage (you can view it in your browser with Shift + F9) and it is different from any identity you create/authenticate.

You would want to use your identity ID as a key in your DynamoDB tables since it is unique for both authenticated and unauthenticated users. You can also define specific IAM roles with distinct policies for either authenticated and unauthenticated users.

If you want to grab the current user's identityId, you can call AWS.Auth.currentCredentials(), you'll notice that whenever you grab credentials when not signed in, you'll get your locally cached unauthenticated identity credentials, but when you sign in, you will instead fetch the authenticated identity's credential. Nifty stuff!