New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When I launch the app while the wifi is turned OFF, and turn ON the wifi, an unauthorized log message displayed #2323
Comments
Thanks for opening this issue @medhatIbsais-Harri. I see you opened a similar issue #2167, and that we're tracking this here #2152 as well. The main difference here is that the app is launched without network connectivity then toggled on, which is resulting in an unauthorized error. Whereas in your previous issue, the app was launched with network connectivity, then turned off, then on again. Is that correct? |
@atierian Yes, that is correct |
Thanks for confirming. We'll investigate and come back to you here with any updates. |
@atierian Thank you |
@medhatIbsais-Harri could you share your GraphQL schema, appsync authorization types, and whether multi auth is enabled in your datastore config so that we can reproduce the issue with the same setup? |
Hello @chrisbonifacio, thanks for responding, I'm working at Harri and we have an enterprise account on AWS, can you get the info from the system or should I open a support ticket on AWS? |
Hi @medhatIbsais-Harri, please go ahead and open a support ticket, thank you! |
Hello @lawmicha, just to follow up, I have opened a support ticket, and this is the case ID: 10874796681 |
Hello @medhatIbsais-Harri 👋🏼, thank you for opening the support ticket! I'm actively trying to reproduce the issue with your given |
Hi @medhatIbsais-Harri, please check the updated support ticket, i'll add some info here publiclly with the schema details redacted, feel free to update us here or there. There are two logging contexts that may be helpful to debug, please use the latest Without dealing with network connectivity issues, please ensure that the app can successfully establish the subscriptions. Unauthorized is expected when the user is signed out. By signing in the user and calling DataStore.start, DataStore should successfully establish the subscriptions. If you can test the app without network connectivity scenarios, are you able to successfully start DataStore? The “InitializeSubscription” logs should show that the subscriptions are connected and moving onto “performInitialSync” We attempted to reproduce network connectivity issue and were able to get back
This is expected since network connectivity issues causes the websocket connections to break and puts DataStore into a stopped state. The system will eventually recover when any of the DataStore operations kick off the sync process, the logs to watch out for while debugging should be the “Lifecycle event” such as
You can additionally use the Hub to react to these events if you are looking to hook logic into your app that depends on a particular model to be fully synchronized or for when DataStore is ready (https://docs.amplify.aws/lib/datastore/datastore-events/q/platform/ios/) I'm looking to consolidate that issues that you have raised in this repo:
|
@manaswi223 let's try this out as well. if there's no network, and launching the app (assuming DataStore.start is called) then the subscription connection shouldn't be able to be established, are we able to reproduce this to get Unauthorized? Unauthorized from the subscription can happen in two places, if the token cannot be retrieved, then the subscription request fails fast and returns an Unauthorized sourced from the client or If the token can be retrieved but the request is determined to be Unauthorized by AppSync. |
Hello @lawmicha, thanks for helping us here, |
Hi @medhatIbsais-Harri , can you clarify how you are refreshing the tokens when the network connection is back? Are you reacting to Network Framework events then calling For the second problem, I believe this is the current behavior of DataStore, it is not reacting to the connection going back up again so there is a delayed recovery of data synchronization. I don't believe there is a data issue here, however eventual / delayed synchronization of data, and a clear feature request we'd like to tackle. If you could share some of the code snippets you are doing to achieve what you want, we can take a look to see how we can better optimize the system or further explore whether there's a bug in the system. |
Hello @lawmicha, this code snippet we added to avoid the unauthorized error until you solve this problem, so as you can see in the code below, we refresh our token, and then sync data store by calling,
|
Thanks for the code snippet, I believe what you are doing is optimistically restarting the sync process whenever the app detects that its connected to the internet. Once the PR is merged, you can update the code in |
Hi @lawmicha, the above code snippet that is responsible for refreshing the ID tokens, and thats for to avoid the unauthorized error that it returns when you launch the app without network connectivity and then turn ON the wifi, so when you fix this problem we can remove the refreshing the ID tokens when the network connection is back again. |
Thank you for providing us the details of your use case. DataStore relies on the Auth plugin to provide the auth info when making requests to AppSync. When the access to the GraphQL model's is controlled by OIDC/Cognito User Pool auth then DataStore will retrieve the auth token from Auth plugin, and add that to the request to AppSync. For Cognito User Pool, by default it will use the access token. We should be able to test by waiting for the access token to expire, and then call I think DataStore can pre-emptively refresh the session during the sync process by calling fetchAuthSession. I'm assuming this is a low-cost API to call, such that if the session is valid, it will just return the session. However, if the requests are still unauthorized, it may be the scenario where the user is actually not authorized to access that data. They may be a guest user or the model's access control does not allow read operation. Before doing this, I need a better understanding of ID Token and access token, what is the expected behavior of the Auth plugin? Shouldn't the access token be refreshed automatically? cc @royjit - when the access token expires after 1 hr, how to refresh it or how does it get refreshed? Are developers expected to refresh the access token themselves? |
Auth plugin should automatically refresh the token when it is expired as along as the refresh token is valid. If the refresh token is not valid, auth plugin will return a sessionExpired error and the user needs to signIn again. |
Thank you @royjit, but the DataStore doesn’t automatically refresh the tokens, each time you call |
Hi @medhatIbsais-Harri, can you clarify, each time |
Hi @lawmicha, Yes exactly. |
@medhatIbsais-Harri, how are you setting up your auth provider? are you using OIDC provider and providing your own If we wait an hour for the access token to expire, then call |
Hello @lawmicha, yes we are using this |
Hi @medhatIbsais-Harri , that sounds the problem is in the custom implementation of retrieving the token. Can you show us what your implementation of |
Hello @lawmicha we are using the |
Hey @medhatIbsais-Harri I have some questions for this use case
Feel free to respond in your support ticket if there are details that you'd like to keep private. |
Hello @lawmicha, I can confirm that this issue solved on Amplify version |
@lawmicha can you please check it with your team to ensure that it's resolved? |
Hi @medhatIbsais-Harri, glad to hear that the latest version is working for you. The problem as I understand it is that the user is unauthorized when using the token from In iOS SDK AWSMobileClient 2.28.0, there's at least this AWSMobileClient change related to a race condition for getToken https://github.com/aws-amplify/aws-sdk-ios/releases/tag/2.28.0 aws-amplify/aws-sdk-ios#4290 I can't say for certain if this is the problem you were seeing without more information from your repro and more context on the impact of that issue that was fixed. The issue that was fixed is related to a crash, which doesn't sound like what you're seeing. If you check your dependencies version for It doesn't appear to be any changes in I'd recommend comparing your app runtime against In Amplify 2.x.x, we have fully rewritten the Amplify.Auth against the new Swift SDK, and recommend trying this out as well. |
Hello @lawmicha, it doesn’t work on version
I received this error in the logs:
|
Hi @medhatIbsais-Harri , is the first error expected? The |
Hello @lawmicha, the first one is expected yes, never mind, but if you can see the other returned logs |
If the first request is unauthorized and is expected, I would also expect that the syncQuery operation is also unauthorized if your token is missing the |
Hello @lawmicha, even after solving this issue, if I turned OFF the wifi after launching the app, then wait in offline mode until the token expires, then after turning it ON again, the data store will not start even if you called |
Hi @medhatIbsais-Harri, DataStore will not start successfully if the token has expired. DataStore will not refresh the token for you. See some of the earlier questions, those should narrow down problems with your token refresh mechanism:
|
Describe the bug
When I launch the app while the wifi is turned OFF, and turn ON the wifi while I’m inside the app, an unauthorized log message displayed.
Steps To Reproduce
Expected behavior
To start syncing data normally
Amplify Framework Version
1.28.0
Amplify Categories
DataStore
Dependency manager
Cocoapods
Swift version
5.0
CLI version
Not Installed
Xcode version
13.3.1
Relevant log output
Is this a regression?
Yes
Regression additional context
No response
Device
iPad 5th generation
iOS Version
15.5
Specific to simulators
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: