Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWSCognitoAuth.m log out issue #5451

Open
dcristolovean opened this issue Oct 16, 2024 · 1 comment
Open

AWSCognitoAuth.m log out issue #5451

dcristolovean opened this issue Oct 16, 2024 · 1 comment
Labels
auth bug Something isn't working open-for-contribution Good for contributors

Comments

@dcristolovean
Copy link

Describe the bug
This has been going on for quite a while for us and affects the log out feature of AWSMobileClient. We are using 3rd parties SSOs configured in cognito to login our users. Everything is configured correctly and works (almost) for years. Login is always OK.
But, log out has some issues as follows:

Observed Behavior

If I call AWSMobileClient.default().signOut(options: SignOutOptions(signOutGlobally: true, invalidateTokens: true)) { error in .... }, it never returns back from aws code. It gets stuck somewhere on the way and app doesn't log out correctly.

I started to dig deeper into AWS code and try to find out where it gets stuck. Everything boils downto AWSCognitoAuth.m, around line 918 in the current version.
It's a method (old ObjectiveC) called processURL that has this condition:

elseif [urlLowerCaseString hasPrefix:signOutRedirectLowerCaseString]) { ... } . This is the if-else branch where it should go when logging out.

The problem is that the condition is false so the entire function returns NO, thus blocking everything and not returning any answer to AWSMobileClient (that's a problem in itself, even if the elseif is wrong, it should never get stuck).

Now the reason why that else if condition is wrong is because my values are something like this:

urlLowerCaseString = prod-XXX://signout
signOutRedirectLowerCaseString = https%3a%2f%2flogin.XXX.fr%2XYZ%2fauth-ui%2flogout%3fclient_id%3YYYYYYY%26post_logout_redirect_uri%3dprod-XXX%3a%2f%2fsignout (i masked out the actual ids)

So as you can see the else if will never be true and it will never execute the logout code.

Everytime I do a pod install, I have to manually change the else if to:

else if ([signOutRedirectLowerCaseString containsString:[self fullEncodeObjc:urlLowerCaseString]]) { ...}

and create a func myself:

  • (NSString *)fullEncodeObjc:(NSString *)str {
    NSCharacterSet *customAllowedCharacterSet = [[NSCharacterSet characterSetWithCharactersInString:@":=/?&"] invertedSet];

    NSString *encodedString = [str stringByAddingPercentEncodingWithAllowedCharacters:[NSCharacterSet URLQueryAllowedCharacterSet]];
    return [[encodedString stringByAddingPercentEncodingWithAllowedCharacters:customAllowedCharacterSet] lowercaseString];
    }

Our configuration is correct and it WORKS in the Android SDK.

Can you please explain what's happening and why the logout condition is 'wrong' ?

Expected Behavior
signOut should return in the callback, not get stuck in aws code.

Areas of the SDK you are using (AWSMobileClient, Cognito, Pinpoint, IoT, etc)?
Cognito, AWSMobileClient

Environment(please complete the following information):
Doesn't really matter, it happens for at least 1+ years, with various AWS versions (including last) and various iOS/XCode

Log Messages
INSERT LOG MESSAGES HERE
@github-actions github-actions bot added pending-triage Issue is pending triage pending-maintainer-response Issue is pending response from an Amplify team member labels Oct 16, 2024
@harsh62
Copy link
Member

harsh62 commented Oct 17, 2024

@dcristolovean Do you want to open a PR with that fix? And our team will look into it.

@harsh62 harsh62 added bug Something isn't working auth labels Oct 17, 2024
@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 17, 2024
@sebaland sebaland added open-for-contribution Good for contributors and removed pending-triage Issue is pending triage labels Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth bug Something isn't working open-for-contribution Good for contributors
Projects
None yet
Development

No branches or pull requests

3 participants