diff --git a/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart b/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart index 6ca772bf4d..714b178016 100644 --- a/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart +++ b/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart @@ -770,8 +770,8 @@ final class SignInStateMachine Future<void> _assertSignedOut() async { bool isSignedIn; try { - await manager.getUserPoolTokens(); - isSignedIn = true; + final credentials = await manager.loadCredentials(); + isSignedIn = credentials.userPoolTokens != null; } on Exception { isSignedIn = false; } diff --git a/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart b/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart index 0e299171f7..96f0f515e7 100644 --- a/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart +++ b/packages/auth/amplify_auth_cognito_test/test/plugin/fetch_user_attributes_test.dart @@ -93,7 +93,11 @@ void main() { late AmplifyAuthCognitoDart plugin; group('fetchUserAttributes', () { - setUp(() { + tearDown(() async { + await plugin.close(); + }); + + test('converts user attributes correctly', () async { stateMachine = MockCognitoAuthStateMachine() ..addInstance<CognitoIdentityProviderClient>( MockCognitoIdentityProviderClient( @@ -107,13 +111,6 @@ void main() { ), ); plugin = AmplifyAuthCognitoDart()..stateMachine = stateMachine; - }); - - tearDown(() async { - await plugin.close(); - }); - - test('converts user attributes correctly', () async { final res = await plugin.fetchUserAttributes(); final expected = [ AuthUserAttribute( @@ -202,6 +199,16 @@ void main() { }); test('refreshes token before calling Cognito', () async { + stateMachine = CognitoAuthStateMachine() + ..addInstance<CognitoIdentityProviderClient>( + MockCognitoIdentityProviderClient( + getUser: () async => GetUserResponse( + userAttributes: [], + username: username, + ), + ), + ); + final secureStorage = MockSecureStorage(); SecureStorageInterface storageFactory(scope) => secureStorage; seedStorage( diff --git a/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart b/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart index 6ac4bfccb5..a96e088155 100644 --- a/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart +++ b/packages/auth/amplify_auth_cognito_test/test/state/sign_in_state_machine_test.dart @@ -136,6 +136,15 @@ void main() { ).ignore(); final signInStateMachine = stateMachine.expect(SignInStateMachine.type); + + final fetchAuthSessionStateMachine = stateMachine.getOrCreate( + FetchAuthSessionStateMachine.type, + ); + + fetchAuthSessionStateMachine.stream.listen( + (_) => fail('.signIn() should not fetch auth session.'), + ); + expect( signInStateMachine.stream, emitsInOrder([ diff --git a/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart b/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart index da2c66b56c..9e8a80d2c5 100644 --- a/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart +++ b/packages/authenticator/amplify_authenticator/lib/src/services/amplify_auth_service.dart @@ -28,8 +28,18 @@ abstract class AuthService { Future<AuthUser?> get currentUser; + /// Checks to see if a user has a valid session. + /// + /// A valid session is a session in which the tokens are not expired, OR + /// the access/id tokens have expired but the state of the refresh token is + /// unknown due to network unavailability. Future<bool> isValidSession(); + /// Checks if a user is logged in based on whether or not there are + /// tokens on the device. + /// + /// This will not check whether or not those tokens are valid. To check + /// if tokens are valid, see [isValidSession]. Future<bool> get isLoggedIn; Future<ResetPasswordResult> resetPassword(String username); @@ -191,9 +201,8 @@ class AmplifyAuthService Future<bool> get isLoggedIn async { return _withUserAgent(() async { try { - final result = await Amplify.Auth.fetchAuthSession(); - - return result.isSignedIn; + await Amplify.Auth.getCurrentUser(); + return true; } on SignedOutException { return false; } diff --git a/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart b/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart index a4e751ae93..5ee34b4de4 100644 --- a/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart +++ b/packages/smithy/smithy_aws/lib/src/http/interceptors/with_sig_v4.dart @@ -31,16 +31,13 @@ class WithSigV4 extends HttpRequestInterceptor { @override Future<AWSBaseHttpRequest> intercept(AWSBaseHttpRequest request) async { - // Try to retrieve credentials. If it fails, continue without authentication - // for optional auth requests only. - try { - await credentialsProvider.retrieve(); - } on Exception { - if (isOptional) { - return request; - } - rethrow; - } + // Do not attempt to sign requests where auth is optional. + // + // This is only set in Cognito and SSO services where the trait indicates + // that signing is strictly unnecessary and that signing the request does + // not impact the behavior of the APIs. + if (isOptional) return request; + final signer = AWSSigV4Signer( credentialsProvider: credentialsProvider, algorithm: algorithm,