fix(AWSCredentialsProvider): validate credentials have access-, secre…

…t-, sessionKey (#4379)
aws-amplify · Nov 4, 2022 · 2280a97 · 2280a97
1 parent badf0e3
commit 2280a97
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/AWSCore/Authentication/AWSCredentialsProvider.m b/AWSCore/Authentication/AWSCredentialsProvider.m
@@ -111,7 +111,10 @@ - (BOOL)isValid {
     // Returns cached credentials when all of the following conditions are true:
     // 1. The cached credentials are not nil.
     // 2. The credentials do not expire within 10 minutes.
-    return ([self.expiration compare:[NSDate dateWithTimeIntervalSinceNow:10 * 60]] == NSOrderedDescending);
+    return (self.accessKey != nil &&
+            self.secretKey != nil &&
+            self.sessionKey != nil &&
+            [self.expiration compare:[NSDate dateWithTimeIntervalSinceNow:10 * 60]] == NSOrderedDescending);
 }
 
 @end

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+### Bug Fixes
+
+- **AWSCore/AWSCredentialsProvider**
+    - Fixed an issue where `getAWSCredentials` thinks it has valid credentials despite them being potentially invalidated through a concurrent call to `invalidateCachedTemporaryCredentials`. (See [PR #4379](https://github.com/aws-amplify/aws-sdk-ios/pull/4379))
+
 ### Misc. Updates
 
 - Model updates for the following services