From b29ea207d71f68b159a3ed5e1deccc4ea5bec56c Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Wed, 13 Sep 2023 18:59:56 -0700
Subject: [PATCH 01/11] Updating directory for new page
---
src/directory/directory.mjs | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/directory/directory.mjs b/src/directory/directory.mjs
index fed0d273e7a..62800978471 100644
--- a/src/directory/directory.mjs
+++ b/src/directory/directory.mjs
@@ -267,6 +267,11 @@ export const directory = {
route: '/lib/auth/getting-started',
filters: ['android', 'flutter', 'ios', 'js', 'react-native']
},
+ {
+ title: 'Manage user session and credentials',
+ route: '/lib/auth/manage-session',
+ filters: ['js']
+ },
{
title: 'Enable sign-up, sign-in, and sign-out',
route: '/lib/auth/emailpassword',
From 33b0cd4743463006e2344844dd8ffb5444f9926a Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Wed, 13 Sep 2023 19:04:52 -0700
Subject: [PATCH 02/11] Adding new page for managing user sessions
---
.../manage-session/q/platform/[platform].mdx | 209 ++++++++++++++++++
1 file changed, 209 insertions(+)
create mode 100644 src/pages/lib/auth/manage-session/q/platform/[platform].mdx
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
new file mode 100644
index 00000000000..66a747f1f92
--- /dev/null
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -0,0 +1,209 @@
+export const meta = {
+ title: `Manage user session and credentials`,
+ description: `Learn how to manage user sessions and credentials.`,
+};
+
+
+
+[comment]: # (source content from lib/auth/manageusers/q/platform/js/#retrieve-current-session ; src/fragments/lib/auth/js/manageusers.mdx)
+
+Amplify Auth provides access to current user sessions and tokens to help you retrieve your customer's information to determine if they are logged in with a valid session and control their access to your app. You can manage tokens and expiration times and revoke sessions. In this guide we will review how to retrieve your user’s session and understand what token management options are available.
+
+Before you begin you will need:
+- Sign-up set up
+- A test user signed in
+
+## Retrieve my current authenticated user
+
+You can use the `Auth.currentAuthenticatedUser()` API which returns the full `CognitoUser` object. This object contains information about the currently authenticated user including the session and user attributes.
+
+To call `Auth.currentAuthenticatedUser()` to get the current authenticated user object:
+
+
+
+
+```ts
+import { Auth } from 'aws-amplify';
+
+async function currentAuthenticatedUser() {
+ try {
+ const user = await Auth.currentAuthenticatedUser({
+ bypassCache: false // Optional, By default is false. If set to true, this call
+ // will send a request to Cognito to get the latest user data.
+ });
+ console.log(user);
+ } catch(err) {
+ console.log(err);
+ }
+};
+```
+
+
+
+```javascript
+import { Auth } from 'aws-amplify';
+
+async function currentAuthenticatedUser() {
+ try {
+ const user = Auth.currentAuthenticatedUser({
+ bypassCache: false // Optional, By default is false. If set to true, this call
+ // will send a request to Cognito to get the latest user data.
+ });
+ } catch(err) {
+ console.log(err);
+ }
+};
+```
+
+
+
+This method can be used to check if a user is signed in when the page is loaded. It will throw an error if there is no user signed in. This method should be called after the `Auth` module is configured or the user is signed in. To ensure that you can listen on the auth events `configured` or `signIn`. [Learn how to listen on auth events.](/lib/utilities/hub#authentication-events)
+
+## Retrieve my user’s session
+
+If you only need the session details you can use `Auth.currentSession()` which returns a `CognitoUserSession` object which contains the JWT (JSON Web Token). Credentials are exchanged for temporary access tokens when your users sign in. You can access these tokens to get user information to validate user access or perform actions unique to that user.
+
+
+
+This secure information in the `CognitoUserSession` object includes:
+- `idToken` - A JWT that contains user identity information like username and email. It is used to authenticate the user.
+- `accessToken` - A JWT used to access protected AWS resources and APIs. It contains the authorized scope.
+- `refreshToken` - This a longer-lived token used to refresh expired access tokens by generating new ID and access tokens.
+- `expiresIn` - Identifies token expiration time in seconds.
+
+Amazon Cognito tokens work by generating temporary access and ID tokens with an expiration time at user sign-in. The tokens are validated against the user pool to authorize access until they expire.
+
+
+
+
+
+
+
+**Note:** This method will automatically refresh the `accessToken` and `idToken` if tokens are expired and a valid `refreshToken` presented. So you can use this method to refresh the session if needed.
+
+
+
+
+
+
+```ts
+import { Auth } from 'aws-amplify';
+
+Auth.currentSession()
+ .then((session) => {
+ const { accessToken, idToken, refreshToken } = session;
+ // Use the tokens to call AWS services
+ })
+ .catch((err) => console.log(err));
+```
+
+
+
+
+```javascript
+import { Auth } from 'aws-amplify';
+
+async function currentSession() {
+ try {
+ const data = await Auth.currentSession();
+ console.log(data);
+ } catch(err) {
+ console.log(err);
+ }
+};
+```
+
+
+
+
+## Understand token management options
+
+Token keys are automatically rotated for you for added security but you can update how they are stored, customize the refresh rate and expiration times, and revoke tokens on sign out.
+
+### Update your token-saving mechanism
+
+You can update the storage mechanism to choose where and how tokens are persisted in your application. The default `BrowserLocalStorage` is suitable for most use cases, but you may want to use a different option for security or user experience reasons.
+
+#### Browser Local Storage
+
+In Amplify the `BrowserLocalStorage` is the default storage mechanism. It saves the tokens in the browser's `localStorage`. This local storage will persist across browser sessions and tabs. You can update to this storage by calling:
+
+```javascript
+Auth.configure({
+ storage: Auth.storage.BrowserLocalStorage
+});
+```
+
+#### Browser Session Storage
+
+`BrowserSessionStorage` saves the tokens in the browser's `sessionStorage` and these tokens will clear when a tab is closed. The benefit to this storage mechanism is that the session only lasts as long as the browser is open and you can sign out users when they close the tab. You can update to this storage by calling:
+
+```javascript
+Auth.configure({
+ storage: Auth.storage.BrowserSessionStorage
+});
+```
+
+#### Memory
+
+`Memory` stores the tokens in memory only. These tokens will be lost when the page is refreshed. You can update to this storage by calling:
+
+```javascript
+Auth.configure({
+ storage: Auth.storage.Memory
+});
+```
+
+#### Custom Storage
+
+You can implement your own custom storage mechanism by creating a class that implements the storage interface. Then update to use your custom storage by calling:
+
+```javascript
+Auth.configure({
+ storage: MyCustomStorage
+});
+```
+
+When you get the current user session, the tokens will be saved in your custom location.
+
+### Update token refresh duration and expiration
+
+You can set expiration and refresh rates for a user session tokens with Amplify Auth using the `setSignInUserSessionData` method. Shorter sessions will provide better security as it limits the window for subsequent API calls after a user signs out. Setting these values also allows you to customize the user experience for your app by controlling how often a user has to re-authenticate.
+
+For example, to set a session expiration of 1 hour (3600 seconds) and a refresh interval of 30 minutes (1800 seconds), you would:
+
+```javascript
+Auth.setSignInUserSessionData({
+ expiresIn: 3600, // Session expiration in seconds
+ refreshInterval: 1800 // Session refresh interval in seconds
+});
+```
+
+This will set the expiration and refresh behavior for the current authenticated user's session. The `expiresIn` value determines how long the session will last before the user has to sign in again. The `refreshInterval` value determines how often the session will be automatically refreshed with new access and ID tokens. By default, the session is refreshed 15 minutes before expiration.
+
+
+
+**Note:** You can also update token expiration times in the Amazon Cognito User Pool settings. Set the token expiration time in the Cognito User Pools console under "App integration" > "App client" settings.
+
+
+
+### Revoke tokens
+
+You can enable token revocation in Amazon Cognito. This will revoke refresh and access tokens when a user signs out, preventing them from being used to generate new tokens. Token revocation is enabled by default in new Cognito User Pools, but must be enabled for existing pools.
+
+Additionally, if you set up global sign-out with `Auth.signOut({ global: true })` to globally sign out your users, this will revoke all refresh and access tokens, invalidating them immediately.
+
+You can now change the user experience for your app by updating how and where your tokens are saved and managed.
+
+## Conclusion
+
+Congratulations! You finished the **Manage user session and credentials** guide. In this guide, you learned how to retrieve you current authenticated user, the user's session details, and reviewed several ways you can manage these user credentials.
+
+## Next steps
+
+Now that you updated how your credentials are managed you may also want to further refine the sing-in and sign-out workflows as well as update how you listen for these Auth events. We recommend you learn more about:
+
+- [Enable sign-up, sign-in, and sign-out](/lib/auth/emailpassword/q/platform/js/)
+- [Auth events](/lib/auth/auth-events/q/platform/js/)
+
+
From b9348c8a80b01ade086823146e8190fe1dccadb5 Mon Sep 17 00:00:00 2001
From: Dan Kiuna
Date: Tue, 26 Sep 2023 14:17:57 -0500
Subject: [PATCH 03/11] additional clarifications
---
.../manage-session/q/platform/[platform].mdx | 58 ++++++++-----------
1 file changed, 24 insertions(+), 34 deletions(-)
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index 66a747f1f92..0eeb4c84280 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -45,10 +45,11 @@ import { Auth } from 'aws-amplify';
async function currentAuthenticatedUser() {
try {
- const user = Auth.currentAuthenticatedUser({
+ const user = await Auth.currentAuthenticatedUser({
bypassCache: false // Optional, By default is false. If set to true, this call
// will send a request to Cognito to get the latest user data.
});
+ console.log(user);
} catch(err) {
console.log(err);
}
@@ -57,7 +58,7 @@ async function currentAuthenticatedUser() {
-This method can be used to check if a user is signed in when the page is loaded. It will throw an error if there is no user signed in. This method should be called after the `Auth` module is configured or the user is signed in. To ensure that you can listen on the auth events `configured` or `signIn`. [Learn how to listen on auth events.](/lib/utilities/hub#authentication-events)
+This method can be used to check if a user is signed as it will throw an error if there is no current user signed in. Be sure to call this method after the `Auth` module is configured.
## Retrieve my user’s session
@@ -69,7 +70,7 @@ This secure information in the `CognitoUserSession` object includes:
- `idToken` - A JWT that contains user identity information like username and email. It is used to authenticate the user.
- `accessToken` - A JWT used to access protected AWS resources and APIs. It contains the authorized scope.
- `refreshToken` - This a longer-lived token used to refresh expired access tokens by generating new ID and access tokens.
-- `expiresIn` - Identifies token expiration time in seconds.
+- `clockDrift` - Identifies the difference between the clock on the local machine and what is maintained by Cognito. This value is in microseconds ****.
Amazon Cognito tokens work by generating temporary access and ID tokens with an expiration time at user sign-in. The tokens are validated against the user pool to authorize access until they expire.
@@ -89,12 +90,14 @@ Amazon Cognito tokens work by generating temporary access and ID tokens with an
```ts
import { Auth } from 'aws-amplify';
-Auth.currentSession()
- .then((session) => {
- const { accessToken, idToken, refreshToken } = session;
- // Use the tokens to call AWS services
- })
- .catch((err) => console.log(err));
+async function currentSession() {
+ try {
+ const { accessToken, idToken, refreshToken } = await Auth.currentSession();
+ } catch(err) {
+ console.log(err);
+ }
+};
+
```
@@ -105,8 +108,7 @@ import { Auth } from 'aws-amplify';
async function currentSession() {
try {
- const data = await Auth.currentSession();
- console.log(data);
+ const { accessToken, idToken, refreshToken } = await Auth.currentSession();
} catch(err) {
console.log(err);
}
@@ -122,28 +124,30 @@ Token keys are automatically rotated for you for added security but you can upda
### Update your token-saving mechanism
-You can update the storage mechanism to choose where and how tokens are persisted in your application. The default `BrowserLocalStorage` is suitable for most use cases, but you may want to use a different option for security or user experience reasons.
+
+You can update the storage mechanism to choose where and how tokens are persisted in your application. The default `localStorage` is suitable for most use cases, but you may want to use a different option for security or user experience reasons.
#### Browser Local Storage
-In Amplify the `BrowserLocalStorage` is the default storage mechanism. It saves the tokens in the browser's `localStorage`. This local storage will persist across browser sessions and tabs. You can update to this storage by calling:
+In Amplify the `localStorage` is the default storage mechanism. It saves the tokens in the browser's `localStorage`. This local storage will persist across browser sessions and tabs. You can implicitly set to this storage by calling:
```javascript
Auth.configure({
- storage: Auth.storage.BrowserLocalStorage
+ storage: localStorage
});
```
#### Browser Session Storage
-`BrowserSessionStorage` saves the tokens in the browser's `sessionStorage` and these tokens will clear when a tab is closed. The benefit to this storage mechanism is that the session only lasts as long as the browser is open and you can sign out users when they close the tab. You can update to this storage by calling:
+`sessionStorage` saves the tokens in the browser's `sessionStorage` and these tokens will clear when a tab is closed. The benefit to this storage mechanism is that the session only lasts as long as the browser is open and you can sign out users when they close the tab. You can update to this storage by calling:
```javascript
Auth.configure({
- storage: Auth.storage.BrowserSessionStorage
+ storage: sessionStorage
});
```
+? ---
#### Memory
`Memory` stores the tokens in memory only. These tokens will be lost when the page is refreshed. You can update to this storage by calling:
@@ -153,6 +157,7 @@ Auth.configure({
storage: Auth.storage.Memory
});
```
+? ----
#### Custom Storage
@@ -166,32 +171,17 @@ Auth.configure({
When you get the current user session, the tokens will be saved in your custom location.
-### Update token refresh duration and expiration
-
-You can set expiration and refresh rates for a user session tokens with Amplify Auth using the `setSignInUserSessionData` method. Shorter sessions will provide better security as it limits the window for subsequent API calls after a user signs out. Setting these values also allows you to customize the user experience for your app by controlling how often a user has to re-authenticate.
-
-For example, to set a session expiration of 1 hour (3600 seconds) and a refresh interval of 30 minutes (1800 seconds), you would:
-
-```javascript
-Auth.setSignInUserSessionData({
- expiresIn: 3600, // Session expiration in seconds
- refreshInterval: 1800 // Session refresh interval in seconds
-});
-```
-
-This will set the expiration and refresh behavior for the current authenticated user's session. The `expiresIn` value determines how long the session will last before the user has to sign in again. The `refreshInterval` value determines how often the session will be automatically refreshed with new access and ID tokens. By default, the session is refreshed 15 minutes before expiration.
-
-**Note:** You can also update token expiration times in the Amazon Cognito User Pool settings. Set the token expiration time in the Cognito User Pools console under "App integration" > "App client" settings.
+**Note:** You can also update token expiration times depending on how you configured your Amazon Cognito User Pool. If you used the Amplify CLI, you can run `amplify update auth` to do so. If not, you can also go through the Amazon Cognito User Pool console under "App integration" > "App client" settings or update the appropriate parameters via the AWS CLI or CDK.
### Revoke tokens
-You can enable token revocation in Amazon Cognito. This will revoke refresh and access tokens when a user signs out, preventing them from being used to generate new tokens. Token revocation is enabled by default in new Cognito User Pools, but must be enabled for existing pools.
+Token revocation is enabled by default in new Cognito User Pool Clients, however you you are using an existing client, you may need to enable it. This allows for all access tokens that were previously issued by that refresh token to become invalid. However, other refresh tokens issued to the user are not affected.
-Additionally, if you set up global sign-out with `Auth.signOut({ global: true })` to globally sign out your users, this will revoke all refresh and access tokens, invalidating them immediately.
+To revoke tokens you can set up global sign-out with `Auth.signOut({ global: true })` to globally sign out your user, which will invalidate them immediately. Additionally, you can also invoke the [`RevokeToken`](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) API or [Revoke endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html) directly.
You can now change the user experience for your app by updating how and where your tokens are saved and managed.
From 932501935fc304ba19c31bd6745d245e7f7c4714 Mon Sep 17 00:00:00 2001
From: Dan Kiuna
Date: Tue, 26 Sep 2023 16:17:21 -0500
Subject: [PATCH 04/11] additional clarifications
---
.../manage-session/q/platform/[platform].mdx | 38 +++++++++++--------
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index 0eeb4c84280..250f13d1228 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -70,7 +70,7 @@ This secure information in the `CognitoUserSession` object includes:
- `idToken` - A JWT that contains user identity information like username and email. It is used to authenticate the user.
- `accessToken` - A JWT used to access protected AWS resources and APIs. It contains the authorized scope.
- `refreshToken` - This a longer-lived token used to refresh expired access tokens by generating new ID and access tokens.
-- `clockDrift` - Identifies the difference between the clock on the local machine and what is maintained by Cognito. This value is in microseconds ****.
+- `clockDrift` - Identifies the Clock Drift.
Amazon Cognito tokens work by generating temporary access and ID tokens with an expiration time at user sign-in. The tokens are validated against the user pool to authorize access until they expire.
@@ -147,25 +147,33 @@ Auth.configure({
});
```
-? ---
-#### Memory
-
-`Memory` stores the tokens in memory only. These tokens will be lost when the page is refreshed. You can update to this storage by calling:
-
-```javascript
-Auth.configure({
- storage: Auth.storage.Memory
-});
-```
-? ----
-
#### Custom Storage
-You can implement your own custom storage mechanism by creating a class that implements the storage interface. Then update to use your custom storage by calling:
+You can implement your own custom storage mechanism by creating a class that implements the storage interface. Here is an example of using custom storage that uses memory storage:
```javascript
+export class MyCustomStorage {
+
+ storageObject = {};
+
+ setItem(key, value) {
+ this.storageObject[key] = value
+ }
+ getItem(key) {
+ return this.storageObject[key]
+ }
+ removeItem(key) {
+ delete this.storageObject[key]
+ }
+
+ clear() {
+ storageObject = {};
+ return storageObject;
+ }
+}
+
Auth.configure({
- storage: MyCustomStorage
+ storage: new MyCustomStorage()
});
```
From 97c16c2050ce4401227dc7bc9cf3897280ca0bef Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Mon, 16 Oct 2023 09:08:00 -0700
Subject: [PATCH 05/11] Removed mrkdwn comment and minor edits
---
.../manage-session/q/platform/[platform].mdx | 21 ++++++++-----------
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index 250f13d1228..92b21fd1a8b 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -5,9 +5,7 @@ export const meta = {
-[comment]: # (source content from lib/auth/manageusers/q/platform/js/#retrieve-current-session ; src/fragments/lib/auth/js/manageusers.mdx)
-
-Amplify Auth provides access to current user sessions and tokens to help you retrieve your customer's information to determine if they are logged in with a valid session and control their access to your app. You can manage tokens and expiration times and revoke sessions. In this guide we will review how to retrieve your user’s session and understand what token management options are available.
+Amplify Auth provides access to current user sessions and tokens to help you retrieve your user's information to determine if they are signed in with a valid session and control their access to your app. You can manage tokens and expiration times and revoke sessions. In this guide we will review how to retrieve your user’s session and understand what token management options are available.
Before you begin you will need:
- Sign-up set up
@@ -17,7 +15,7 @@ Before you begin you will need:
You can use the `Auth.currentAuthenticatedUser()` API which returns the full `CognitoUser` object. This object contains information about the currently authenticated user including the session and user attributes.
-To call `Auth.currentAuthenticatedUser()` to get the current authenticated user object:
+You can call `Auth.currentAuthenticatedUser()` and get the current authenticated user object:
@@ -28,7 +26,7 @@ import { Auth } from 'aws-amplify';
async function currentAuthenticatedUser() {
try {
const user = await Auth.currentAuthenticatedUser({
- bypassCache: false // Optional, By default is false. If set to true, this call
+ bypassCache: false // Optional and is false by default. If set to true, this call
// will send a request to Cognito to get the latest user data.
});
console.log(user);
@@ -46,7 +44,7 @@ import { Auth } from 'aws-amplify';
async function currentAuthenticatedUser() {
try {
const user = await Auth.currentAuthenticatedUser({
- bypassCache: false // Optional, By default is false. If set to true, this call
+ bypassCache: false // Optional and is false by default. If set to true, this call
// will send a request to Cognito to get the latest user data.
});
console.log(user);
@@ -58,11 +56,11 @@ async function currentAuthenticatedUser() {
-This method can be used to check if a user is signed as it will throw an error if there is no current user signed in. Be sure to call this method after the `Auth` module is configured.
+This method can be used to check if a user is signed in as it will throw an error if there is no current user signed in. Be sure to call this method after the `Auth` module is configured.
## Retrieve my user’s session
-If you only need the session details you can use `Auth.currentSession()` which returns a `CognitoUserSession` object which contains the JWT (JSON Web Token). Credentials are exchanged for temporary access tokens when your users sign in. You can access these tokens to get user information to validate user access or perform actions unique to that user.
+If you only need the session details, you can use `Auth.currentSession()` which returns a `CognitoUserSession` object which contains the JWT (JSON Web Token). Credentials are exchanged for temporary access tokens when your users sign in. You can access these tokens to get user information to validate user access or perform actions unique to that user.
@@ -120,11 +118,10 @@ async function currentSession() {
## Understand token management options
-Token keys are automatically rotated for you for added security but you can update how they are stored, customize the refresh rate and expiration times, and revoke tokens on sign out.
+Token keys are automatically rotated for you for added security but you can update how they are stored, customize the refresh rate and expiration times, and revoke tokens on sign-out.
### Update your token-saving mechanism
-
You can update the storage mechanism to choose where and how tokens are persisted in your application. The default `localStorage` is suitable for most use cases, but you may want to use a different option for security or user experience reasons.
#### Browser Local Storage
@@ -181,13 +178,13 @@ When you get the current user session, the tokens will be saved in your custom l
-**Note:** You can also update token expiration times depending on how you configured your Amazon Cognito User Pool. If you used the Amplify CLI, you can run `amplify update auth` to do so. If not, you can also go through the Amazon Cognito User Pool console under "App integration" > "App client" settings or update the appropriate parameters via the AWS CLI or CDK.
+**Note:** You can also update token expiration times depending on how you configured your Amazon Cognito User Pool. If you used the Amplify CLI, you can run `amplify update auth` to do so. If not, you can also go through the Amazon Cognito User Pool console under *App integration* > *App client* settings or update the appropriate parameters via the AWS CLI or CDK.
### Revoke tokens
-Token revocation is enabled by default in new Cognito User Pool Clients, however you you are using an existing client, you may need to enable it. This allows for all access tokens that were previously issued by that refresh token to become invalid. However, other refresh tokens issued to the user are not affected.
+Token revocation is enabled by default in new Cognito User Pool Clients, however, if you are using an existing client, you may need to enable it. This allows for all access tokens that were previously issued by that refresh token to become invalid. However, other refresh tokens issued to the user are not affected.
To revoke tokens you can set up global sign-out with `Auth.signOut({ global: true })` to globally sign out your user, which will invalidate them immediately. Additionally, you can also invoke the [`RevokeToken`](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) API or [Revoke endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html) directly.
From 2f09a6cb2b4ebbfbc7de40edd4b3b9867f865441 Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Mon, 16 Oct 2023 14:15:05 -0700
Subject: [PATCH 06/11] Fixing directory
---
src/directory/directory.mjs | 150 ++----------------------------------
1 file changed, 5 insertions(+), 145 deletions(-)
diff --git a/src/directory/directory.mjs b/src/directory/directory.mjs
index b64e78faa67..20f68365435 100644
--- a/src/directory/directory.mjs
+++ b/src/directory/directory.mjs
@@ -87,6 +87,11 @@ export const directory = {
route: '/lib/auth/getting-started',
filters: ['android', 'flutter', 'ios', 'js', 'react-native']
},
+ {
+ title: 'Manage user session and credentials',
+ route: '/lib/auth/manage-session',
+ filters: ['js']
+ },
{
title: 'Enable sign-up, sign-in, and sign-out',
route: '/lib/auth/emailpassword',
@@ -399,151 +404,6 @@ export const directory = {
}
]
},
- auth: {
- title: 'Authentication',
- items: [
- {
- title: 'Set up Amplify Auth',
- route: '/lib/auth/getting-started',
- filters: ['android', 'flutter', 'ios', 'js', 'react-native']
- },
- {
- title: 'Manage user session and credentials',
- route: '/lib/auth/manage-session',
- filters: ['js']
- },
- {
- title: 'Enable sign-up, sign-in, and sign-out',
- route: '/lib/auth/emailpassword',
- filters: ['js', 'react-native']
- },
- {
- title: 'Social sign-in (OAuth)',
- route: '/lib/auth/social',
- filters: ['js', 'react-native']
- },
- {
- title: 'Multi-factor authentication',
- route: '/lib/auth/mfa',
- filters: ['js', 'react-native']
- },
- {
- title: 'Password & user management',
- route: '/lib/auth/manageusers',
- filters: ['js', 'react-native']
- },
- {
- title: 'Switching authentication flows',
- route: '/lib/auth/switch-auth',
- filters: ['js', 'react-native']
- },
- {
- title: 'Advanced workflows',
- route: '/lib/auth/advanced',
- filters: ['js', 'react-native']
- },
- {
- title: 'Sign in',
- route: '/lib/auth/signin',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Switching authentication flows',
- route: '/lib/auth/switch-auth',
- filters: ['ios', 'android']
- },
- {
- title: 'Sign in with custom flow',
- route: '/lib/auth/signin_with_custom_flow',
- filters: ['ios', 'android', 'flutter']
- },
- {
- title: 'Sign in with web UI',
- route: '/lib/auth/signin_web_ui',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Social sign-in (OAuth)',
- route: '/lib/auth/social',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Multi-factor authentication',
- route: '/lib/auth/mfa',
- filters: ['ios', 'flutter', 'android']
- },
- {
- title: 'SMS flows',
- route: '/lib/auth/sms_flows',
- filters: ['flutter', 'ios', 'android']
- },
- {
- title: 'Sign in next steps',
- route: '/lib/auth/signin_next_steps',
- filters: ['ios', 'android', 'flutter']
- },
- {
- title: 'Guest access',
- route: '/lib/auth/guest_access',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Auth events',
- route: '/lib/auth/auth-events',
- filters: ['android', 'flutter', 'ios', 'js', 'react-native']
- },
- {
- title: 'User attributes',
- route: '/lib/auth/user-attributes',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Remember a device',
- route: '/lib/auth/device_features',
- filters: ['android', 'ios', 'js', 'flutter', 'react-native']
- },
- {
- title: 'Password management',
- route: '/lib/auth/password_management',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Sign out',
- route: '/lib/auth/signOut',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Accessing credentials',
- route: '/lib/auth/access_credentials',
- filters: ['android', 'flutter', 'ios']
- },
- {
- title: 'Managing credentials',
- route: '/lib/auth/managing_credentials',
- filters: ['flutter']
- },
- {
- title: 'Delete user',
- route: '/lib/auth/delete_user',
- filters: ['android', 'flutter', 'ios', 'js', 'react-native']
- },
- {
- title: 'Escape hatch',
- route: '/lib/auth/escapehatch',
- filters: ['android', 'ios']
- },
- {
- title: 'Advanced workflows',
- route: '/lib/auth/advanced',
- filters: ['android', 'ios', 'flutter']
- },
- {
- title: 'Under the hood',
- route: '/lib/auth/overview',
- filters: ['android', 'ios', 'js', 'react-native']
- }
- ]
- },
datastore: {
title: 'DataStore',
items: [
From baee81a3b5c7ae00bd07a1b0adef9dc84eba308b Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Wed, 25 Oct 2023 11:26:36 -0700
Subject: [PATCH 07/11] Updating from feedback and adding react-native
---
src/directory/directory.mjs | 2 +-
.../manage-session/q/platform/[platform].mdx | 32 +++++++++++++------
2 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/src/directory/directory.mjs b/src/directory/directory.mjs
index 20f68365435..d1758194195 100644
--- a/src/directory/directory.mjs
+++ b/src/directory/directory.mjs
@@ -90,7 +90,7 @@ export const directory = {
{
title: 'Manage user session and credentials',
route: '/lib/auth/manage-session',
- filters: ['js']
+ filters: ['js', 'react-native']
},
{
title: 'Enable sign-up, sign-in, and sign-out',
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index 92b21fd1a8b..33e3072613c 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -3,15 +3,16 @@ export const meta = {
description: `Learn how to manage user sessions and credentials.`,
};
-
+
Amplify Auth provides access to current user sessions and tokens to help you retrieve your user's information to determine if they are signed in with a valid session and control their access to your app. You can manage tokens and expiration times and revoke sessions. In this guide we will review how to retrieve your user’s session and understand what token management options are available.
Before you begin you will need:
-- Sign-up set up
+- An Amplify project with the Auth category configured
+- The Amplify libraries installed and configured
- A test user signed in
-## Retrieve my current authenticated user
+## Retrieve your current authenticated user
You can use the `Auth.currentAuthenticatedUser()` API which returns the full `CognitoUser` object. This object contains information about the currently authenticated user including the session and user attributes.
@@ -56,11 +57,13 @@ async function currentAuthenticatedUser() {
-This method can be used to check if a user is signed in as it will throw an error if there is no current user signed in. Be sure to call this method after the `Auth` module is configured.
+This method can be used to check if a user is signed in as it will throw an error if there is no current user signed in.
+
+## Retrieve your user’s session
-## Retrieve my user’s session
+Your user's session is their signed-in state which grants them access to your app. When your users sign in their credentials are exchanged for temporary access tokens. You can get session details to access these tokens and use this information to validate user access or perform actions unique to that user.
-If you only need the session details, you can use `Auth.currentSession()` which returns a `CognitoUserSession` object which contains the JWT (JSON Web Token). Credentials are exchanged for temporary access tokens when your users sign in. You can access these tokens to get user information to validate user access or perform actions unique to that user.
+If you only need the session details, you can use `Auth.currentSession()` which returns a `CognitoUserSession` object which contains the JWT (JSON Web Token).
@@ -78,7 +81,7 @@ Amazon Cognito tokens work by generating temporary access and ID tokens with an
-**Note:** This method will automatically refresh the `accessToken` and `idToken` if tokens are expired and a valid `refreshToken` presented. So you can use this method to refresh the session if needed.
+**Note:** The `Auth.currentSession()` method will automatically refresh the `accessToken` and `idToken` if tokens are expired and a valid `refreshToken` presented. So you can use this method to refresh the session if needed.
@@ -184,9 +187,9 @@ When you get the current user session, the tokens will be saved in your custom l
### Revoke tokens
-Token revocation is enabled by default in new Cognito User Pool Clients, however, if you are using an existing client, you may need to enable it. This allows for all access tokens that were previously issued by that refresh token to become invalid. However, other refresh tokens issued to the user are not affected.
+Token revocation is enabled by default in new Cognito User Pool Clients, however, if you are using an existing client, you may need to enable it. This allows for all access tokens that were previously issued by that refresh token to become invalid.
-To revoke tokens you can set up global sign-out with `Auth.signOut({ global: true })` to globally sign out your user, which will invalidate them immediately. Additionally, you can also invoke the [`RevokeToken`](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) API or [Revoke endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html) directly.
+To revoke tokens you can set up global sign-out with Auth.signOut({ global: true }) to globally sign out your user from all of their devices.
You can now change the user experience for your app by updating how and where your tokens are saved and managed.
@@ -198,7 +201,18 @@ Congratulations! You finished the **Manage user session and credentials** guide.
Now that you updated how your credentials are managed you may also want to further refine the sing-in and sign-out workflows as well as update how you listen for these Auth events. We recommend you learn more about:
+
+
- [Enable sign-up, sign-in, and sign-out](/lib/auth/emailpassword/q/platform/js/)
- [Auth events](/lib/auth/auth-events/q/platform/js/)
+
+
+
+- [Enable sign-up, sign-in, and sign-out](/lib/auth/emailpassword/q/platform/react-native/)
+- [Auth events](/lib/auth/auth-events/q/platform/react-native/)
+
+
+
+
From 2825fc494d6bb1b4c6d946fe189d749d62385ce4 Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Wed, 25 Oct 2023 11:33:33 -0700
Subject: [PATCH 08/11] Adding index page for new page
---
src/pages/lib/auth/manage-session/index.mdx | 12 ++++++++++++
1 file changed, 12 insertions(+)
create mode 100644 src/pages/lib/auth/manage-session/index.mdx
diff --git a/src/pages/lib/auth/manage-session/index.mdx b/src/pages/lib/auth/manage-session/index.mdx
new file mode 100644
index 00000000000..9883c4bf54d
--- /dev/null
+++ b/src/pages/lib/auth/manage-session/index.mdx
@@ -0,0 +1,12 @@
+import ChooseFilterPage from '@/components/ChooseFilterPage';
+
+import { INTEGRATION_FILTER_OPTIONS } from '@/utils/filter-data.ts';
+
+
From d3e82f77c6485d7860c8b5468971f1ff624ab202 Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Wed, 25 Oct 2023 13:25:52 -0700
Subject: [PATCH 09/11] Punctuation edits
---
src/pages/lib/auth/manage-session/q/platform/[platform].mdx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index 33e3072613c..e319470c3a7 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -59,7 +59,7 @@ async function currentAuthenticatedUser() {
This method can be used to check if a user is signed in as it will throw an error if there is no current user signed in.
-## Retrieve your user’s session
+## Retrieve a user session
Your user's session is their signed-in state which grants them access to your app. When your users sign in their credentials are exchanged for temporary access tokens. You can get session details to access these tokens and use this information to validate user access or perform actions unique to that user.
@@ -189,7 +189,7 @@ When you get the current user session, the tokens will be saved in your custom l
Token revocation is enabled by default in new Cognito User Pool Clients, however, if you are using an existing client, you may need to enable it. This allows for all access tokens that were previously issued by that refresh token to become invalid.
-To revoke tokens you can set up global sign-out with Auth.signOut({ global: true }) to globally sign out your user from all of their devices.
+To revoke tokens you can set up global sign-out with `Auth.signOut({ global: true })` to globally sign out your user from all of their devices.
You can now change the user experience for your app by updating how and where your tokens are saved and managed.
From b738d46e0ebad3568803597aae3ab4151cc817d1 Mon Sep 17 00:00:00 2001
From: Heather Pundt <119376175+heatheramz@users.noreply.github.com>
Date: Thu, 26 Oct 2023 08:59:38 -0700
Subject: [PATCH 10/11] Updating header and feedback
---
.../manage-session/q/platform/[platform].mdx | 21 ++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index e319470c3a7..2106435c20b 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -1,6 +1,25 @@
export const meta = {
title: `Manage user session and credentials`,
description: `Learn how to manage user sessions and credentials.`,
+ filterKey: 'platform',
+ supportedPlatforms: INTEGRATION_FILTER_OPTIONS
+};
+
+import { generateStaticPaths } from '@/utils/generateStaticPaths.tsx';
+
+import { INTEGRATION_FILTER_OPTIONS } from '@/utils/filter-data.ts';
+
+export const getStaticPaths = () => {
+ return generateStaticPaths(meta.filterKey, meta.supportedPlatforms);
+};
+
+export const getStaticProps = (context) => {
+ return {
+ props: {
+ platform: context.params.platform,
+ filterKind: meta.filterKey
+ }
+ };
};
@@ -57,7 +76,7 @@ async function currentAuthenticatedUser() {
-This method can be used to check if a user is signed in as it will throw an error if there is no current user signed in.
+This method can be used to check if a user is signed. It returns an error if user is not signed in.
## Retrieve a user session
From 23b4519602e7ca454077673474fe0e77d965bc34 Mon Sep 17 00:00:00 2001
From: Chris Womack <67726635+cwomack@users.noreply.github.com>
Date: Mon, 30 Oct 2023 13:57:05 -0600
Subject: [PATCH 11/11] Update
src/pages/lib/auth/manage-session/q/platform/[platform].mdx
Update the `clear()` example to include use of `this` reference.
---
src/pages/lib/auth/manage-session/q/platform/[platform].mdx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
index 2106435c20b..7a3b0363e8d 100644
--- a/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
+++ b/src/pages/lib/auth/manage-session/q/platform/[platform].mdx
@@ -186,8 +186,8 @@ export class MyCustomStorage {
}
clear() {
- storageObject = {};
- return storageObject;
+ this.storageObject = {};
+ return this.storageObject;
}
}