Can we stay "SignedIn" when we start the app ? SignedInException a User is already Signed In

[Moisenberg]

Good morning,

I observed the following behavior (Emulator):

I can authenticate and when i restart the app, since i didn't sign Out, I was still SignedIn, it was probably normal but I thought it was an interesting feature since it's not required to type our login/password again and i haven't tried yet to authenticate with a federated party.

However after a few weeks, i realized that i was on the SignIn Screen again, and when I tried to Sign In, I received a SignedInException : A user is already SignedIn with a "something went wrong" temporary message on the bottom.

From what I read on internet, even if i haven't found that information yet it seems that the reason is that my credentials are outdated since the refresh token has expired which means that i'm still signedIn but with wrong credentials.

However, i didn't find a way to force the signOut when the refresh token has expired.

I'm using

implementation("com.amplifyframework:aws-auth-cognito:2.16.1")
implementation("com.amplifyframework.ui:authenticator:1.0.0")

I used the authenticator UI to authenticate my users.

Here are some parts of the code

//MainActivity.kt

                    Amplify.Auth.fetchAuthSession(
                        { result: AuthSession ->
                            if (result.isSignedIn) {
                                Log.d("AuthSession", result.toString())
                            } else {
                                // Handle not signed in
                                Log.d("AuthSession", "notsignedin")

                            }
                        },
                        { error: AuthException ->
                            // Handle the error
                            Log.d("AuthSession", error.toString())
                        }
                    )
                    Authenticator(

                        content = { authState ->
                        Log.d("AuthState", authState.toString())
                        MyApp(this, authState)
                        }
                    )

//MyApplication.kt
class MyApplication : Application() {
    lateinit var container: AppContainer
    override fun onCreate() {
        super.onCreate()
        try {
            Amplify.addPlugin(AndroidLoggingPlugin(LogLevel.DEBUG))
            Amplify.addPlugin(AWSCognitoAuthPlugin())
            Amplify.configure(applicationContext)
            Log.i("MyAmplifyApp", "Initialized Amplify")
        } catch (error: AmplifyException) {
            Log.e("MyAmplifyApp", "Could not initialize Amplify", error)
        }
        container = DefaultAppContainer(applicationContext)
    }
}

Interestingly, The AuthFetchSession() brings the message "notsignedin" in the logs when I got the SignedInException a User is already Signed in.

I thought that the signOut was managed by authenticator UI when this situation happens.
The idea with AuthFetchSession() was to force the signOut in such a situation but it will also be called when no one is signed In. Moreover i don't see an easy way to get the AuthState in the code of the authenticator to call the signOut function.

Then I have the following questions :

• are we supposed to or can we stay SignedIn ? Or should I call the SignOut function when we close the app, what happens in that situation if the signout failed and the app is closed for the determined period of the refresh token?
• Is there a way to force the SignOut of the authenticator when the refresh token has expired ?

PS: sorry for the code without colors but i don't understand how to get a beautiful code.

Thank you & have a nice day.

[lawmicha]

Hi @Moisenberg, thanks for details.

are we supposed to or can we stay SignedIn ? Or should I call the SignOut function when we close the app, what happens in that situation if the signout failed and the app is closed for the determined period of the refresh token?

This would be up to your use cases, whether you would like to require your end-users to sign in again after closing the app. You should be able to let your end-users stay signed in and let Amplify manage the auth session, so you do not need to sign the user out. In regards to the issue you described where after signed in for a few weeks, the app shows a sign in screen.

Can you clarify

1. The sign in screen is provided by Authenticator UI and
2. The sign in failed because of the exception "SignedInException : A user is already SignedIn "

If both are true, it sounds like a bug. The behavior I would expect is if the refresh token cannot be used anymore, then the user should be moved to a signed out state, Authenticator would show the sign in view, and sign in should be successfully.

Is there a way to force the SignOut of the authenticator when the refresh token has expired ?

Authenticator should be using Amplify to manage which views to display based on the state. This ultimately sounds like something we need to reproduce once we have some more clarification on the details and steps. If you can provide us with a more verbose version of MainActivity.kt, we can look into this further

[Moisenberg]

Thank you for your quick reply.
To begin, it's my first time working with authentication on AWS and to make a real project, then it might be me who does something wrong.

My code (related to Authentication is really the default Authenticator UI Component)

class MainActivity : ComponentActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        setContent {
            Authenticator { state ->
                Myapp(state)
            }
        }
    }
}

I added the following code just before Authenticator ...

    Amplify.Auth.fetchAuthSession(
        { result: AuthSession ->
            if (result.isSignedIn) {
                Log.d("AuthSession", result.toString())
            } else {

                val error = (result as AWSCognitoAuthSession).identityIdResult.error

                when (error) {
                    is SessionExpiredException -> {
                        Amplify.Auth.signOut { signOutResult ->
                            when(signOutResult) {
                                is AWSCognitoAuthSignOutResult.CompleteSignOut -> {
                                    // Sign Out completed fully and without errors.
                                    Log.i("AuthQuickStart", "Signed out successfully")
                                }
                                is AWSCognitoAuthSignOutResult.PartialSignOut -> {
                                    // Sign Out completed with some errors. User is signed out of the device.
                                    signOutResult.hostedUIError?.let {
                                        Log.e("AuthQuickStart", "HostedUI Error", it.exception)
                                        // Optional: Re-launch it.url in a Custom tab to clear Cognito web session.

                                    }
                                    signOutResult.globalSignOutError?.let {
                                        Log.e("AuthQuickStart", "GlobalSignOut Error", it.exception)
                                        // Optional: Use escape hatch to retry revocation of it.accessToken.
                                    }
                                    signOutResult.revokeTokenError?.let {
                                        Log.e("AuthQuickStart", "RevokeToken Error", it.exception)
                                        // Optional: Use escape hatch to retry revocation of it.refreshToken.
                                    }
                                }
                                is AWSCognitoAuthSignOutResult.FailedSignOut -> {
                                    // Sign Out failed with an exception, leaving the user signed in.
                                    Log.e("AuthQuickStart", "Sign out Failed", signOutResult.exception)
                                }
                            }
                        }

                        // Handle the SignedInException case
                        println("The error is a SignedInException")
                    }
                    else -> {
                        // Handle other types of errors
                        println("The error is not a SessionExpiredException")
                    }
                }
                // Handle not signed in
                Log.d("AuthSession", "notsignedin")

            }
        },
        { error: AuthException ->
            // Handle the error
            Log.d("AuthSession", error.toString())
        }
    )

Because, as I said earlier, I got "notsignedin" in the log even if i have a SignedInException A user is already signed In.
From What I read it might be because the refresh toke has expired. If it's true I should get a SessionExpiredException from my understanding.

In fact, I saw that someone had a similar problem, but from reading the post I didn't see a final solution.
Here is the link :
https://github.com/aws-amplify/amplify-android/issues/2483

Thanks for your time and have a nice day,

As a reminder, here are the version of the depedencies i use for now, which aren't the latest, i would like to update them later but I'm scared to break everything since for now my app is globally working.

implementation("com.amplifyframework:aws-auth-cognito:2.16.1")
implementation("com.amplifyframework.ui:authenticator:1.0.0")

[harsh62]

Thanks for the information. Our team will look into reproducing it in a locally and get back to you .

[tylerjroach]

Hi @Moisenberg

I believe I fixed the issue you are reporting a while back (#2830). There were cases we were reporting that the user was signed out, when in fact, the user was still signed in, but did not have valid credentials. This issue has been fixed to report the proper state (signed in, but an exception will be returned when fetchAuthSession fails).

Please update to Authenticator version 1.2.3. There are a significant number of bug fixes between 1.0.0 and 1.2.3. aws-auth-cognito should also be updated to 2.22.1.

Let me know if you are still seeing issues after upgrading.

[Moisenberg]

Indeed it seems correct
I'll close it for now and reopen it if needed

Thanks for the quick answer !

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.