4

It is easy to sign into an AWS Cognito session either via username and password or federated identity using { Auth } from 'aws-amplify' by

Auth.signIn({ username: email, password: password})

or

Auth.federatedSignIn({ provider: 'Google' }); // or 'SignInWithApple' || 'Facebook'

and it is easy to sign out of a Cognito session via

Auth.signOut();

Possibly worth noting that we are using expo-web-browser to launch in-app browser sessions, and not directing out to an external safari / chrome window.

The problem is that the Auth.signOut() call does not revoke the token from the Google / Apple / Facebook session, so whenever Auth.federatedSignIn({ provider: 'Google' }); is called again, the user is already signed in.

This is suboptimal, because it means that if a user logs in via Google / Facebook / Apple, they lose the ability to sign in using a different Google / Facebook / Apple account. It also makes it very difficult to debug issues happening on the first login from federated providers, since it will not let the tester change accounts.

Has anyone found a valid solution in the most recent version of Expo? (35 as of time of writing this)

This is a similar question, unanswered and not providing a lot of context

This documentation suggests to call

GET https://mydomain.auth.{region}.amazoncognito.com/logout?
client_id={CLIENT_ID}&
logout_uri=https://myclient/logout

but I have not had luck with this method in my app when calling

fetch('https://{MY_DOMAIN}.auth.us-west-2.amazoncognito.com/logout?client_id={CLIENT_ID}&redirect_uri=exp://127.0.0.1:19000&response_type=code', {
        method: 'GET',
        //Request Type
    })

from my logout button

This thread mentions that they were thinking about adding a clear cookies for the expo-web-browser package, but it doesnt look like that ever made it through code review.

Notably, even while on a development server and running expo r -c the Federated Auth identity cookies will still push you through without a sign in.

Any suggestions on how to clear out the Google / Facebook / Apple federated login session that Cognito looks at?

Shep Sims
  • 698
  • 9
  • 27
  • Hi @ShepSims - did you find a way forward on this? We're also using Apple Sign In with Cognito and unsure how to revoke the tokens from Apple on sign out (or user deletion). – Kohanz Aug 18 '22 at 14:08
  • 1
    Not yet... it's one of those pesky bugs that has been hanging in our backlog for longer than out team would like to admit – Shep Sims Aug 18 '22 at 22:35
  • is there any solution to this problem ? – micronyks Dec 09 '22 at 07:29

0 Answers0