Home > other >  AWS Amplify Auth.signIn is still working after user is deleted
AWS Amplify Auth.signIn is still working after user is deleted

Time:01-13

I am implementing authentication with AWS Cognito through Auth in AWS Amplify. I have implemented sign-in, sign-out, and sign-up successfully. But i discovered that if I dont explicitly sign out, my user remains authenticated even if i manually delete the user from AWS Cognito. For example, if i create a user, sign in the user, delete user in aws cognito console, refresh my app --- my user is still authenticated and im unsure why.

Below is my router.js handling two navigation stacks -- one for unauth users, one for auth users which is returned in app.js

import {Auth} from 'aws-amplify';

export default () => {
  const [userToken, setUserToken] = useState(null)
  const [loading, setLoading] = useState(true)

  useEffect(()=>{
    loadApp()
  }, [])


  const loadApp = async () =>{ 
    await Auth.currentAuthenticatedUser()
    .then(user=>{
      console.log(user) //****still prints user even though its deleted from cognito ****
      signIn(user)
    })
    .catch(()=>{
      console.log("error signing in")
    })
    setLoading(false)
  }
const signIn = (user) => {
    setUserToken(user.signInUserSession.accessToken.jwtToken)
  }
  
  const signOut = async (user) => {
    await Auth.signOut()
    .catch((err) => {
      console.log(err)
    })
    setUserToken(null)
  }

  if (!userToken) {
    view = <AuthNavigator signIn={signIn}  />;
  } else {
    view = <AppNavigator signOut={signOut} />;
  }
  return(
    <NavigationContainer>
    {view}
    </NavigationContainer>
  )
}

CodePudding user response:

The function Auth.currentAuthenticatedUser() that you are using retrieves the user authentication data from the browser cache by default. Cognito issues stateless tokens that Amplify stores locally in the browser that are valid until they expire. Unless they are expired, Amplify does not try to retrieve new ones from Cognito (and until then, will not notice that the user has been deleted).

To actually make a call to Cognito with the Auth.currentAuthenticatedUser() function, you can call it with bypassCache :

Auth.currentAuthenticatedUser({
  bypassCache: true
})

You can read more about this in the Password & user management section of the Amplify Auth documentation

Page link:https//www.codepudding.com/other/671228.html

Prev:DynamoDB access From EC2
Next:Can we use @Query for a SQL operation that gives a result set different from the table structure in
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding