Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing required parameter REFRESH_TOKEN #940

Closed
eax32 opened this issue May 6, 2019 · 15 comments
Closed

Missing required parameter REFRESH_TOKEN #940

eax32 opened this issue May 6, 2019 · 15 comments
Assignees
@mutablealligator
Labels
cognito Issues with the AWS Android SDK for Cognito question General question

Comments

@eax32
Copy link

eax32 commented May 6, 2019
edited by desokroshan
Loading

Describe the bug
For some users we received logs like that while user try to pass authentication with Cognito. In most cases (all?), this happened after token expiration(?) and next uninstalling and reinstalling the application with Google autobackups enabled. Signout or other attempts to clean cache do not lead to success.

Missing required parameter REFRESH_TOKEN (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: InvalidParameterException; Request ID: 6f675297-6d89-11e9-ba25-5fdef691f990);
com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getCachedSession(CognitoUser.java:955)
com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:743)
com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:1107)
com.amazonaws.mobile.client.internal.InternalCallback$1.run(InternalCallback.java:101)
java.lang.Thread.run(Thread.java:764)
;

To Reproduce
Looks like it can be reproduced after expiring some tokens and next user delete the app and reinstall again. (Google auto backup is enabled for app, so may be this is the problem)

Which AWS service(s) are affected?
AWS Cognito Auth

Expected behavior
App should pass authentication.

Environment Information (please complete the following information):

  • AWS Android SDK Version: 2.13.0
  • Device: Different devices
  • Android Version: 7 - 9 (more often on 9)

Additional context
Add any other context about the problem here.
@desokroshan desokroshan added cognito Issues with the AWS Android SDK for Cognito question General question labels May 6, 2019
@desokroshan
Copy link
Contributor

@eax32 Thanks for reporting this. Can you please share some relevant code snippet. Does this happen on sign-in or signups after reinstalling?

@eax32
Copy link
Author

eax32 commented May 7, 2019
edited
Loading

@desokroshan Thanks for answer. So, we use AWSMobileClient:

private void _signIn(String username, String password, final boolean sendVerificationCode, final AuthProcessHandler authProcessHandler) {
        mobileClient().signIn(username, password, null, new Callback<SignInResult>() {
            @Override
            public void onResult(SignInResult result) {
                processSignInResult(result, sendVerificationCode, authProcessHandler);
            }

            @Override
            public void onError(Exception e) {
                final MPSyncError error = getErrorFromException(e);
                mExecutionContext.onMain(new Runnable() {
                    @Override
                    public void run() {
                        authProcessHandler.onError(error);
                    }
                });

                doFailedAuth();
            }
        });
    }

So, I think (after exploring our app logs) it happend on sign-in after reinstall app.

@eax32
Copy link
Author

eax32 commented May 7, 2019

@desokroshan Also, have a question: in previous versions of our app we use low level api (something like AWSMobileClient uses) - and after app upgrade to AWSMobileClient, mobileClient.initialize allways returns that there is no logined user, so we ask user to relogin, and next all worked well. It's normal behaviour?

@eax32
Copy link
Author

eax32 commented May 15, 2019

@desokroshan @kvasukib Hello, do you have any updates/info for me?

@mutablealligator
Copy link
Contributor

@eax32 Sorry for the delayed response. AWSMobileClient has its own persistent store and does not share the credentials stored by the CognitoIdentityProvider SDK (aws-android-sdk-cognitoidentityprovider). So if you are migrating to AWSMobileClient, the credentials will not be migrated from the underlying SDK to AWSMobileClient.

@mutablealligator mutablealligator added the pending-community-response Issue is pending response from the issue requestor label May 20, 2019
@eax32
Copy link
Author

eax32 commented May 27, 2019

@kvasukib so, this bug reproduces on android 9.0 with auto backups enabled. User login, next delete the app, and next reinstall again - so, we have "Missing required parameter REFRESH_TOKEN". Also we fix this issue by cleaning shared preferences before signin.
SharedPreferences csiCachedTokens = mContext .getSharedPreferences("CognitoIdentityProviderCache", 0); SharedPreferences.Editor cacheEdit = csiCachedTokens.edit(); cacheEdit.clear(); cacheEdit.apply();

So, you can integrate in to upstream something like this or more elegant.

@alphamu
Copy link

alphamu commented May 30, 2019

@desokroshan I developed this issue recently on my Pixel (original) and found the following:

  • Issue came up after an account had been deleted from cognito and recreated several times (with exact same details, first name, last name, email, phone number, email was set as verified).
  • On the Android SDK the user could not login and I would get the CognitoInternalErrorException.
  • Uninstalling the app, restarting the phone, then reinstalling the app did not help.
  • I was successful logging in with an account that was not recreated a bunch of times.
  • The offending account would work perfectly fine with the Web SDK. I was able to login, change password, whatever.
  • The offending account would work perfectly on an other Android device.

So, for some reason, this account whose deletion and recreation I was working testing on a particular device just doesn't work any more, even if I uninstall the app and restart. This leads me to believe that there is a server side component to this, for some reason, the username + the device seem to be black listed by Cognito, or there is some sort of cache somewhere that suggests that a if a username + device is believe used that it belongs to an AWS account that no longer exists?

I'll try to debug more and report back if I find anything more.

@alphamu
Copy link

alphamu commented May 30, 2019

So @eax32 was spot on, I delete the CognitoIdentityProviderCache and it works!

@alphamu alphamu mentioned this issue May 31, 2019
Closed
@mutablealligator
Copy link
Contributor

@alphamu When the user signs out, do you call the appropriate signOut method from the SDK? That should clear the contents of SharedPreferences and wipe the credentials and the associated encryption keys used for encryption of those credentials. You don't have to manually wipe the contents of the SharedPreferences.

@alphamu
Copy link

alphamu commented May 31, 2019

Yes, I do. As far as I can tell, it doesn't clear the shareprefernces, in this or any other AWS shareprefernce file.
I simply call awsMobileClient.signOut() no callback or anything.

@desokroshan desokroshan removed the pending-community-response Issue is pending response from the issue requestor label Jun 5, 2019
@mutablealligator
Copy link
Contributor

@alphamu @eax32 AWSMobileClient.signOut() internally calls CognitoUser.signOut() which clears the tokens cached in the SharedPreferences. It clears the access token, id token and refresh token.

However the lastKnownUser field is not cleared from the CognitoIdentityProviderCache SharedPreferences and.

Also do you use the rememberDevice functionality through our SDK where it remembers the device the end user is using by storing metadata in the CognitoIdentityProviderDeviceCache SharedPreferences`.

Please correct my understanding: When autoBackup is enabled, Android backs up the SharedPreferences files and then restores when the app is reinstalled again. So the current workaround would be to clear the SharedPreferences upon a user signOut besides what the SDK does.

@mutablealligator mutablealligator added the pending-community-response Issue is pending response from the issue requestor label Jun 6, 2019
@alphamu
Copy link

alphamu commented Jun 6, 2019 via email

@alphamu
Copy link

alphamu commented Jun 6, 2019 via email

@eax32
Copy link
Author

eax32 commented Jun 7, 2019
edited
Loading

Please correct my understanding: When autoBackup is enabled, Android backs up the SharedPreferences files and then restores when the app is reinstalled again. So the current workaround would be to clear the SharedPreferences upon a user signOut besides what the SDK does.

@kvasukib our workaround is to clear shared prefs before signin.

@palpatim palpatim removed the pending-community-response Issue is pending response from the issue requestor label Jun 24, 2019
@palpatim palpatim mentioned this issue Jun 25, 2019
Closed
@mutablealligator
Copy link
Contributor

I am closing this issue and linking to the main issue #937 where we track this bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mutablealligator mutablealligator

Labels
cognito Issues with the AWS Android SDK for Cognito question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@palpatim @alphamu @desokroshan @eax32 @mutablealligator