Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): Removed dependency on oauth2 token for refreshToken and move to initiateAuth for hostedUI #3497

Merged
merged 1 commit into from
Feb 8, 2024
Merged

feat(auth): Removed dependency on oauth2 token for refreshToken and move to initiateAuth for hostedUI #3497

merged 1 commit into from
Feb 8, 2024

Conversation

harsh62
Copy link
Member

@harsh62 harsh62 commented Feb 5, 2024
edited
Loading

Issue #

#3496

Description

Currently we use oauth2/token endpoint to refresh tokens when the user is logged in via HostedUI. The premise of this was you need to refresh using the hostedUI api to preserve custom scopes. Service team has confirmed that we do not need to call the hosted UI endpoint api for refreshing of the tokens and simply calling the initiateAuth api will also preserve custom scopes as long as the sign in was done using the HostedUI api.

Furthermore, this brings us in parity with other platform implementations. Android and Flutter already does refreshing of tokens this way.
Android PR: https://github.com/aws-amplify/amplify-android/pull/2543/files

General Checklist

  • Added new tests to cover change, if needed
  • Build succeeds with all target using Swift Package Manager
  • All unit tests pass
  • All integration tests pass
  • Security oriented best practices and standards are followed (e.g. using input sanitization, principle of least privilege, etc)
  • Documentation update for the change if required
  • PR title conforms to conventional commit style
  • New or updated tests include Given When Then inline code documentation and are named accordingly testThing_condition_expectation()
  • If breaking change, documentation/changelog update with migration instructions

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@harsh62 harsh62 marked this pull request as ready for review February 6, 2024 14:37
@harsh62 harsh62 requested a review from a team as a code owner February 6, 2024 14:37
@harsh62 harsh62 merged commit 4ab4c99 into main Feb 8, 2024
78 checks passed
@harsh62 harsh62 deleted the remove-refresh-hostedui-token-flow branch February 8, 2024 01:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lawmicha lawmicha lawmicha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@harsh62 @lawmicha