Method to refresh credentials for AWSAppSyncClient

[klsmithphd]

I'm using this library in tandem with aws-amplify and Cognito User Pools / Identity Pools, with the Identity Pool setting IAM credentials. Since the changes in #5, my constructor looks like:

import { Auth } from 'aws-amplify';
import AWSAppSyncClient from 'aws-appsync';
import { AUTH_TYPE } from 'aws-appsync/lib/link/auth-link';
import config from 'config';

const appSyncClient = new AWSAppSyncClient({
      url: config.appsync.URL,
      region: config.appsync.REGION,
      auth: {
        type: AUTH_TYPE.AWS_IAM,
        credentials: () => Auth.currentCredentials() }
    });

An issue that I've encountered is that if a user leaves the browser session open for an hour, the credentials will have expired, and any graphql queries will fail. My solution to this right now (in a React app) is to schedule a refresh when the component mounts via setInterval, like this:

class Home extends Component {
  state = {
    appSyncClient: null,
    timer: null
  }

  setAppSyncClient = () => {
    logger.debug("Creating AppSyncClient");
    const appSyncClient = new AWSAppSyncClient({
      url: config.appsync.URL,
      region: config.appsync.REGION,
      auth: {
        type: AUTH_TYPE.AWS_IAM,
        credentials: () => Auth.currentCredentials() }
    });
    this.setState({appSyncClient})
  }

  componentWillMount = () => {
    this.setAppSyncClient();
    const interval = 50 * 60 * 1000 // 50 minutes
    const timer = setInterval(this.setAppSyncClient, interval);
    this.setState({timer});
  }

  componentWillUnmount = () => {
    clearInterval(this.state.timer);
  }

  render() {
    const {appSyncClient} = this.state;
    if (!appSyncClient) {
      return null
    } else {
      return (
        <ApolloProvider client={appSyncClient}>
          <Rehydrated>
            {/* the rest of my app */}
          </Rehydrated>
        </ApolloProvider>
      )
    }
  }
}

This feels clunky to me --- given that the AWSAppSyncClient can take a function for credentials, it seems like it'd be nice if the refresh trigger could be internal to the client. The Auth class in aws-amplify should ensure that invoking Auth.currentCredentials() refreshes the credentials if they're due to expire, so it seems like all that's required is just something to re-invoke that function. I can see an argument in favor of that being an application concern that this lib shouldn't need to worry about, but it also seems like using short-lived credentials/tokens is likely to be a common concern of consumers of the lib.

[undefobj]

@Ken-2scientists can you check the latest version of Amplify and see if you still have this problem? There was a fix merged earlier this week for something that this seems to be related to.

[Jun711]

@undefobj
If the problem is solved, is doing this enough to have no problem with credentials expiring problem?

import { Auth } from 'aws-amplify';
import AWSAppSyncClient from 'aws-appsync';
import { AUTH_TYPE } from 'aws-appsync/lib/link/auth-link';
import config from 'config';

const appSyncClient = new AWSAppSyncClient({
      url: config.appsync.URL,
      region: config.appsync.REGION,
      auth: {
        type: AUTH_TYPE.AWS_IAM,
        credentials: () => Auth.currentCredentials() }
    });

thanks

[undefobj]

@Jun711 credentials refresh is handled by the Amplify library which is why credentials are passed as a function. Amplify handles credentials refreshing but if you're having issues they monitor the issues on that repo pretty actively and can assist.