-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
401 Unauthorized Errors Due to missing token in Amplify iOS SDK (Version 2.33.6) #3926
Comments
How long do you think a while is? Is it possible the refresh token expired? How long are refresh token's set to be valid on your account? Once a refresh token is expired, the user will have to logout and back in. I do not believe the referenced issue you pointed to would be related. |
@tylerjroach we set the validity of the refresh token to 10 years and the access token to 15 minutes. Our app has only been live for more than a year, so we expect the user to remain logged in even after they update the app. |
@jerfranco-deloitte Some of the cases where a refresh token could be invalidated are:
I have a few other questions:
Did this also include an update the Amplify library? Any other info you could provide that could narrow down the investigation? |
@jerfranco-deloitte Can you try a small change and see if that works?
Just change your above code to something as below and see if that resolved the issue?
Looking forward to your feedback, thanks. |
@harish-suthar, here are the answers to your questions:
We're using the same app client ID
Device tracking is turned off in Cognito User Pools
Here's my configuration file: {
"UserAgent": "aws-amplify-cli/2.0",
"Version": "1.0",
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"UserAgent": "aws-amplify-cli/0.1.0",
"Version": "0.1.0",
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "ap-southeast-2:REDACTED",
"Region": "ap-southeast-2"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "ap-southeast-2_REDACTED",
"AppClientId": "REDACTED",
"Region": "ap-southeast-2",
}
}
}
}
}
}
This issue started to happen after we upgraded to 2.33.6
Users can log into the app via email and password, but we still can't determine which type of users are encountering this issue. |
@jerfranco-deloitte Are you somehow able to grab the verbose logs when this issue happens? |
@harsh62 How do you access amplify verbose logs? |
You can enable verbose logging to the console by doing this before calling
|
@harsh62 I mean is there any way I can send these verbose logs to a logging service, to see the production logs as this issue is not reproducible easily and we are getting reports of this from production app for some users. |
You will need to setup the logging category to send the logs to AWSCloudWatch. The setup guide is available here: https://docs.amplify.aws/swift/build-a-backend/add-aws-services/logging/set-up-logging/. |
@harish-suthar @harsh62 Thanks for the advice. This might help since we can't easily reproduce the production issue in our non-prod environments. @harsh62, do we need to set |
@jerfranco-deloitte No need to do it like this there is config file in which you can specify check below link for the same. |
@jerfranco-deloitte Sorry for losing track of the issue. Yes verbose logs would be the best at detecting what really happened to the app. |
Hello, this is also happening in version 2.43.0, in the last few weeks the reports from users with this problem have increased. At first we noticed that it happened more to users with poor connectivity, but this week it happened to users with good connectivity too. Even with a user who had signed in a few minutes ago, i.e. the token refresh was valid. We have some logs that we believe are related to this problem because they are in the same trace as when we received a 401, we also activated
|
@luananalonvoid Want to understand the user impact here, does this error resolve when retried? The underlying error still seems to be around unstable network.
I would be concerned if the user is not able to retry or is stuck in some state. |
Hello @harsh62 . The impact is significant, because when this problem occurs and the app receives a 401, the user is logged out, i.e. the user is sent out of the app and redirected to the login, but it has already happened that when trying to sign in afterwards, the service error is received, and the user is only able to sign in after a few attempts, which causes inconvenience. As amplify doesn't have its own mechanism for sending the user out of the app if they receive a 401, we sign them out and redirect them to the login so that new valid tokens can be obtained. Regarding the unstable network problem, normally when the user has a network-related problem, or is not connected to the internet, when a request is made to the API, the app receives this specific network error through the framework we use to handle requests, only in this case the error received is the 401, and there have also been cases where the connection was stable and the error was received anyway. |
@luananalonvoid Would you be able to provide answers to some of the following questions.
|
Describe the bug
We are experiencing intermittent 401 Unauthorized errors in our iOS app using AWS Amplify SDK version 2.33.6. The issue seems to be affecting some users but not all, and we have been unable to replicate the problem internally. The errors appear to be related to missing or invalid tokens, with most server logs indicating missing tokens as the primary cause.
Steps To Reproduce
Expected behavior
The fetchAuthSession() method should automatically refresh expired tokens or provide valid tokens, preventing 401 errors due to missing or invalid tokens.
Amplify Framework Version
2.33.6
Amplify Categories
Auth
Dependency manager
Swift PM
Swift version
5
CLI version
2
Xcode version
16.1
Relevant log output
Missing tokens
Is this a regression?
Yes
Regression additional context
No response
Platforms
iOS
OS Version
18.1, 17.4
Device
iPhone 16, iPhone 12
Specific to simulators
No response
Additional context
The text was updated successfully, but these errors were encountered: