The Setup:
On the clientside, we are using Amplify's Auth library. On login, we are setting some clientMetadata by simply:
async function login(username, password, metadataValue) {
try {
Auth.configure({clientMetadata: { metadataKey: metadataValue }})
await Auth.signIn(username, password)
} catch(e){
console.log(e)
}
}
This works as expected and we get the clientMetadata in our PreTokenGeneration Lambda in the event.request.clientMetadata. We use that data to dynamically generate our token's claims and things are good (we set the metadata in Auth.configure() so Amplify will send it with subsequent token refresh requests).
The Problem:
After 1 hour (token expiration), token refresh triggers. Now in the request that Amplify is making to refresh our tokens, we can see that the clientMetadata is indeed being sent as part of the refresh token request (in fact, it looks like this was recently resolved by the Amplify team).
So because the metadata is being sent as expected, this does not appear to be an issue with Amplify.
However, the clientMetadata does not appear as part of the request in our PreTokenGeneration Lambda that is triggered by the refresh, and therefore our token does not contain the expected claims.
Any help with this would be tremendously appreciated.
Note:
This stackoverflow post is related, however, it appears to have been the result of an Amplify bug that has since been resolved.
