ios - AWS Cognito Get Session does not confirm the user on success


Keywords:ios 


Question: 

So some weird stuff is happening when using the AWS Cognito SDK to attempt to authenticate users and log them in.

Here is the login code.

AWSCognitioIdentityUser* user = [mainPool getCurrentUser]
[[user getSession:finalAccountName password:_passwordField.text validationData:@[type]] continueWithExecutor:[AWSExecutor mainThreadExecutor] withBlock:^id _Nullable(AWSTask<AWSCognitoIdentityUserSession *> * _Nonnull initialTask) {


    [(UIButton*)sender setUserInteractionEnabled:TRUE];
    [loader removeFromSuperview];

    if(initialTask.error){
        UIAlertController *controller = [UIAlertController alertControllerWithTitle:@"Login Failed" message:[initialTask.error.userInfo objectForKey:@"message"] preferredStyle:UIAlertControllerStyleAlert];
        [controller addAction:[UIAlertAction actionWithTitle:@"OK!" style:UIAlertActionStyleCancel handler:nil]];
        [self presentViewController:controller animated:YES completion:nil];
    } else {
        LoginStuffViewController *stuff = [[LoginStuffViewController alloc] init];
        [self.navigationController pushViewController:stuff animated:NO];
    }

    return nil;
}];

After this login code is called, I attempt to call a Lambda Function in my next controller, the lambda function unfortunately doesn't have the correct Identity for the user that just logged in thus failing and is unable to find the data. But for some reason when i call

 [cognitoUser getDetails] 

I get back all the information from cognito about the user, but i am still not able to call lambda functions because it sends incorrect identity.

SO AT THIS POINT - if i was to rerun the app and call

AWSCognitioIdentityUser* user = [mainPool getCurrentUser]
[[user getSession] continueWithBlock] etc. etc.

And than attempt to call the lambda function, the currentUser with the correct identity is sent to the lambda.

My team and I think it has something to possible do with the threading so we changed the continueWithBlock to a continueWithExecutor block in the login portion of the code.

Idk i'm pretty lost and confused if somebody could provide some insight that would be fantastic

Thanks!


1 Answer: 

Credentials are cached and good for an hour, so your unauthenticated credentials aren't being updated to your authenticated credentials after logging in. What you need to do is invalidate the temporary credentials you had up to this point. If you're following the docs and using the default service configuration you can do this by adding the following line to your block when logging in with the username and password.

[AWSServiceManager.defaultServiceManager.defaultServiceConfiguration.credentialsProvider invalidateCachedTemporaryCredentials];

Like so:

AWSCognitioIdentityUser* user = [mainPool getCurrentUser]
[[user getSession:finalAccountName password:_passwordField.text validationData:@[type]] continueWithExecutor:[AWSExecutor mainThreadExecutor] withBlock:^id _Nullable(AWSTask<AWSCognitoIdentityUserSession *> * _Nonnull initialTask){

    [(UIButton*)sender setUserInteractionEnabled:TRUE];
    [loader removeFromSuperview];

    if(initialTask.error){
        UIAlertController *controller = [UIAlertController alertControllerWithTitle:@"Login Failed" message:[initialTask.error.userInfo objectForKey:@"message"] preferredStyle:UIAlertControllerStyleAlert];
        [controller addAction:[UIAlertAction actionWithTitle:@"OK!" style:UIAlertActionStyleCancel handler:nil]];
        [self presentViewController:controller animated:YES completion:nil];
    } else {
        [AWSServiceManager.defaultServiceManager.defaultServiceConfiguration.credentialsProvider invalidateCachedTemporaryCredentials];
        LoginStuffViewController *stuff = [[LoginStuffViewController alloc] init];
        [self.navigationController pushViewController:stuff animated:NO];
    }
    return nil;
}];