-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
id token doesn't contain ClientMetadata after refresh #13379
Comments
Hi @rashidwiizb, react-native is actually part of the |
Hello, @rashidwiizb 👋. I think we may need to understand how your Auth flow is structured to better help here. How are you persisting the |
We are facing the same issue. When providing the ClientMetadata to the signIn method, we are getting the right JWT token from Cognito (adding a claim, depending on the ClientMetadata, to the token via the PreTokenGeneration trigger in Cognito). But when doing the fetchAuthSession({ forceRefresh: true }); via Amplify, the ClientMetadata is not provided to the PreTokenGeneration trigger and thus, this information is missing in the JWT token provided by the fetchAuthSession call. We are using the latest "aws-amplify" version 6.3.2. |
Hi @mattcreaser thanks for the reply. @cwomack my pre-token lambda triggers is const handler = async (event, context,callback) => {
}; export { handler }; when I signin I pass the roleType in ClientMetadata and I get that roletype in idtoken,but when the idtoken is expires amplify itself refresh and get the new idtoken and access token but in that id token the roleType is empty strings "", that mean when refreshing the lambda doesn't get the ClientMetadata . Is there any way to fix this ? |
hello everyone. Passing |
Hi @israx I am configuring AWS Amplify with different user pools and client IDs according to the role I pass to the amplify_Config function. This works correctly, and Amplify is configured with the appropriate pool ID and client ID based on the role. When I first select the "Student" role, it configures for the student, and then the sign-in happens successfully, and the user is logged in. However, after the current user logs out, if I choose another role and call amplify_Config in useEffect again, it reconfigures correctly. Then, when I call sign-in, Amplify tries to sign in with the previously configured user pool and client ID, resulting in an error. But when I reload the page after selecting the role and configuring Amplify, it works fine. Is there a way to achieve this without reloading the page? my amplify_Config export const amplify_Config = async (role) => {
} the useeffect and reload in signIn page after selecting role const reload = () => { setTimeout(function () { |
Hello @rashidwiizb . Can you try the following ?
If that doesn't work. Can you open a different GH issue regarding the problem with |
Hi @israx first I call signOut for current logged user and then I reconfigured the amplify according with passed role after configuring I call Amplify.getConfigure and this gives the new configuration , but after that I call signIn it uses the previous configured client id and userpool id for signing; Amplify.configure({
|
this way I m using signIn
"@aws-amplify/react-native": "^1.1.1",
"aws-amplify": "^6.3.1",
"react-native": "0.73.2",
const userSignIn = await signIn({
username: userName,
password: password,
options: {
clientMetadata: {
roleType: "Student"
}
}
});
I already attache pre token lambda trigger on Cognito for customise the id token . so I get the roleType in it on idTojeb when signing success . But when this idToken expires I get the new id token from amplify itself so in that idToken I didn't get this roleType
The text was updated successfully, but these errors were encountered: