-
Notifications
You must be signed in to change notification settings - Fork 130
fix(auth): Consistent device metadata storage key across auth flows #3288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
harsh62
wants to merge
10
commits into
main
Choose a base branch
from
fix/device-key-persistence-across-auth-flows
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
1eafd6b
fix(auth): Use original user input as device metadata storage key
harsh62 6a0075b
Merge branch 'main' into fix/device-key-persistence-across-auth-flows
harsh62 2fb7263
fix(auth): Resolve CognitoUserPoolTokens overload ambiguity in tests
harsh62 7074d68
fix(auth): Update feature test fixtures with inputUsername field
harsh62 e20ee00
chore: retrigger CI
harsh62 5eea904
Merge branch 'main' into fix/device-key-persistence-across-auth-flows
harsh62 8cd9f71
Merge branch 'main' into fix/device-key-persistence-across-auth-flows
harsh62 5111641
fix(auth): Fix ktlint violations in new test and source files
harsh62 6caf0ba
fix(auth): Normalize device metadata storage key to lowercase
harsh62 c4b5841
fix(auth): Send DEVICE_KEY in USER_PASSWORD_AUTH InitiateAuth request
harsh62 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
173 changes: 173 additions & 0 deletions
173
...oidTest/java/com/amplifyframework/auth/cognito/DeviceKeyPersistenceInstrumentationTest.kt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,173 @@ | ||
| /* | ||
| * Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"). | ||
| * You may not use this file except in compliance with the License. | ||
| * A copy of the License is located at | ||
| * | ||
| * http://aws.amazon.com/apache2.0 | ||
| * | ||
| * or in the "license" file accompanying this file. This file is distributed | ||
| * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | ||
| * express or implied. See the License for the specific language governing | ||
| * permissions and limitations under the License. | ||
| */ | ||
|
|
||
| package com.amplifyframework.auth.cognito | ||
|
|
||
| import android.content.Context | ||
| import android.util.Log | ||
| import androidx.test.core.app.ApplicationProvider | ||
| import androidx.test.ext.junit.runners.AndroidJUnit4 | ||
| import com.amplifyframework.auth.cognito.options.AWSCognitoAuthSignInOptions | ||
| import com.amplifyframework.auth.cognito.options.AuthFlowType | ||
| import com.amplifyframework.auth.cognito.testutils.Credentials | ||
| import com.amplifyframework.auth.options.AuthSignInOptions | ||
| import com.amplifyframework.core.Amplify | ||
| import com.amplifyframework.core.InitializationStatus | ||
| import com.amplifyframework.hub.HubChannel | ||
| import com.amplifyframework.testutils.DeviceFarmTestBase | ||
| import com.amplifyframework.testutils.assertAwait | ||
| import com.amplifyframework.testutils.sync.SynchronousAuth | ||
| import java.util.concurrent.CountDownLatch | ||
| import java.util.concurrent.TimeUnit | ||
| import org.junit.Assert.assertEquals | ||
| import org.junit.Before | ||
| import org.junit.BeforeClass | ||
| import org.junit.Test | ||
| import org.junit.runner.RunWith | ||
|
|
||
| /** | ||
| * Integration tests for device key persistence across different auth flows. | ||
| * | ||
| * Validates that once a device is remembered, the same device key is reused | ||
| * across sign-out/sign-in cycles regardless of which auth flow is used | ||
| * (USER_PASSWORD_AUTH, USER_SRP_AUTH). The device count should always remain 1. | ||
| * | ||
| * Prerequisites: | ||
| * - Cognito User Pool with Device Tracking set to "Always Remember" | ||
| * - USER_PASSWORD_AUTH and USER_SRP_AUTH both enabled on the app client | ||
| * - Valid test credentials in credentials.json | ||
| */ | ||
| @RunWith(AndroidJUnit4::class) | ||
| class DeviceKeyPersistenceInstrumentationTest : DeviceFarmTestBase() { | ||
|
|
||
| companion object { | ||
| val auth = AWSCognitoAuthPlugin() | ||
| val syncAuth = SynchronousAuth.delegatingTo(auth) | ||
|
|
||
| @BeforeClass | ||
| @JvmStatic | ||
| fun setUp() { | ||
| try { | ||
| Amplify.addPlugin(auth) | ||
| Amplify.configure(ApplicationProvider.getApplicationContext()) | ||
| val latch = CountDownLatch(1) | ||
| Amplify.Hub.subscribe(HubChannel.AUTH) { event -> | ||
| when (event.name) { | ||
| InitializationStatus.SUCCEEDED.toString(), | ||
| InitializationStatus.FAILED.toString() -> | ||
| latch.countDown() | ||
| } | ||
| } | ||
| latch.assertAwait(20, TimeUnit.SECONDS) | ||
| } catch (ex: Exception) { | ||
| Log.i("DeviceKeyPersistenceTest", "Error initializing", ex) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| @Before | ||
| fun setup() { | ||
| signOut() | ||
| } | ||
|
|
||
| /** | ||
| * Sign in with USER_PASSWORD_AUTH, remember device (1 device). | ||
| * Sign out, sign in with USER_SRP_AUTH — device count should stay 1, same device key. | ||
| * Sign out, sign in with USER_PASSWORD_AUTH again — still 1, same key. | ||
| * Sign out, sign in with USER_SRP_AUTH again — still 1, same key. | ||
| */ | ||
| @Test | ||
| fun deviceKey_stays_consistent_across_alternating_auth_flows() { | ||
| val context = ApplicationProvider.getApplicationContext<Context>() | ||
| val (username, password) = Credentials.load(context) | ||
|
|
||
| // Step 1: Sign in with USER_PASSWORD_AUTH and remember device | ||
| signIn(username, password, AuthFlowType.USER_PASSWORD_AUTH) | ||
| syncAuth.rememberDevice() | ||
|
|
||
| val initialDevices = syncAuth.fetchDevices() | ||
| assertEquals("Should have exactly 1 device after initial sign-in", 1, initialDevices.size) | ||
| val originalDeviceId = initialDevices[0].id | ||
|
|
||
| // Step 2: Sign out, sign in with USER_SRP_AUTH — same device | ||
| signOut() | ||
| signIn(username, password, AuthFlowType.USER_SRP_AUTH) | ||
|
|
||
| var devices = syncAuth.fetchDevices() | ||
| assertEquals("Should still have 1 device after SRP sign-in", 1, devices.size) | ||
| assertEquals("Device ID should match after SRP sign-in", originalDeviceId, devices[0].id) | ||
|
|
||
| // Step 3: Sign out, sign in with USER_PASSWORD_AUTH — same device | ||
| signOut() | ||
| signIn(username, password, AuthFlowType.USER_PASSWORD_AUTH) | ||
|
|
||
| devices = syncAuth.fetchDevices() | ||
| assertEquals("Should still have 1 device after second PASSWORD sign-in", 1, devices.size) | ||
| assertEquals("Device ID should match after second PASSWORD sign-in", originalDeviceId, devices[0].id) | ||
|
|
||
| // Step 4: Sign out, sign in with USER_SRP_AUTH — same device | ||
| signOut() | ||
| signIn(username, password, AuthFlowType.USER_SRP_AUTH) | ||
|
|
||
| devices = syncAuth.fetchDevices() | ||
| assertEquals("Should still have 1 device after second SRP sign-in", 1, devices.size) | ||
| assertEquals("Device ID should match after second SRP sign-in", originalDeviceId, devices[0].id) | ||
|
|
||
| // Clean up | ||
| syncAuth.forgetDevice() | ||
| } | ||
|
|
||
| /** | ||
| * Same-flow baseline: sign in with USER_SRP_AUTH, remember device, | ||
| * sign out, sign in with USER_SRP_AUTH — device count stays 1. | ||
| */ | ||
| @Test | ||
| fun deviceKey_persists_across_same_flow_signIn_signOut() { | ||
| val context = ApplicationProvider.getApplicationContext<Context>() | ||
| val (username, password) = Credentials.load(context) | ||
|
|
||
| signIn(username, password, AuthFlowType.USER_SRP_AUTH) | ||
| syncAuth.rememberDevice() | ||
|
|
||
| val initialDevices = syncAuth.fetchDevices() | ||
| assertEquals("Should have exactly 1 device", 1, initialDevices.size) | ||
| val originalDeviceId = initialDevices[0].id | ||
|
|
||
| signOut() | ||
| signIn(username, password, AuthFlowType.USER_SRP_AUTH) | ||
|
|
||
| val devices = syncAuth.fetchDevices() | ||
| assertEquals("Should still have 1 device after re-sign-in", 1, devices.size) | ||
| assertEquals("Device ID should be the same", originalDeviceId, devices[0].id) | ||
|
|
||
| // Clean up | ||
| syncAuth.forgetDevice() | ||
| } | ||
|
|
||
| private fun signIn(username: String, password: String, flowType: AuthFlowType) { | ||
| val options: AuthSignInOptions = AWSCognitoAuthSignInOptions.builder() | ||
| .authFlowType(flowType) | ||
| .build() | ||
| syncAuth.signIn(username, password, options) | ||
| } | ||
|
|
||
| private fun signOut() { | ||
| try { | ||
| syncAuth.signOut() | ||
| } catch (e: Exception) { | ||
| // Ignore errors during sign-out | ||
| } | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mattcreaser the test steps that are failing on
main.