Will not repeat the documents. Just some research notes.
API Reference: https://aws-amplify.github.io/amplify-js/api/classes/authclass.html
How to find initial login state?
Auth.currentSession()
.then(user => this.stateChange('signIn'))
.catch(err => this.stateChange('signOut'));
Refresh Cognito Tokens
Storage
Tokens are stored in browser localStorage, meaning even browser close re-open session still valid. To change this behaviour, either implement a storage class and provide an instance to configuration, or use window.sessionStorage which is a storage instance.
Auth object:
SUMMARY of the "currentXXXs" in Auth object
currentAuthenticatedUser
- returns (as tested): CognitoUser, with attributes assembled as "attributes" property
- calls:
- Cache.getItem('federatedInfo').user; otherwise
- currentUserPoolUser(); otherwise 'not authenticated'
- then userAttributes(user)
- this.user = user + attributes
- renew session: yes (currentUserPoolUser)
currentCredentials
- returns: (as tested)
- return'No Cognito Federated Identity pool provided' when identityPoolId not provided in config
- CognitoIdentityCredentials when id pool configured
- if previously currentUserCredentials() called, the previous credential, otherwise a new one.
- calls:
- Credentials.get()... then don't know what it actually do
- renew session: yes, obtain new ID pool ID, not sure about what if userpool ID expired though
currentSession
- returns (as tested): CognitoUserSession (3 tokens)
- calls:
- this.userPool.getCurrentUser(); otherwise reject
- this.userSession(user)
- renew session: yes (by this.userSession(user))
currentUserCredentials
- returns: (as tested) :
- 'No Cognito Federated Identity pool provided' - no identityPoolId provided
- CognitoIdentityCredentials - always a new credential freshly obtained even currentCredentials() just called, expires in 1 hour
- calls:
- Cache.getItem('federatedInfo');
- then return token, refresh if necessary
- otherwise (no cached):
- currentSession(), then set and return
- otherwise no session, as guest
- renew session: yes
currentUserInfo
- returns (as tested): assembled user info {id: identityId if ID pool defined, username: , attributes: }including user attributes and credentials, guarantee user.getSession() for user pool user
- calls:
- Credentials.getCredSource - aws, userPool or federated
- aws or userPool, then:
- currentUserPoolUser; otherwise null
- assemble attributes from Auth.userAttributes, credentials from Auth.currentCredentials
- federated, then just return
- renew session: yes
currentUserPoolUser
- returns: (as tested) CognitoUser object, the current user from the user pool, guarantee getSession()
- calls:
- this.userPool, otherwise reject
- somewhere previous, this.userPool = new CognitoUserPool(userPoolData);
- this.userPool.getCurrentUser()
- then user.getSession() then resolve user, otherwise reject
- renew session: yes
userSession(user) - user is CognitoUser object
- returns: session (3 tokens)
- may call:
- renew session: yes if necessary
SUMMARY of SUMMARY of the 6 'current' methods:
- All methods do necessary renewal or obtain token (id pool) when necessary
- Returns ID pool credential: currentCredentials (cached, network travel optional, perhaps returns other credential as well such as IAM) & currentUserCredentials (always freshly obtained, always network travel)
- Return CognitoUserSession(3 tokens) from user pool & the user pool's current user: currentSession (always network trip 'GetUser')
- Return CognitoUser from the user pool & current user: currentUserPoolUser(always a network trip call 'GetUser'), currentAuthenticatedUser(with attribute assembled as 'attributes' property, always a network trip 'GetUser' to fetch user attributes)
- Return a user info object with properties (id, username, attributes): currentUserInfo (first time 5 network requests: 2 OPTION, 2 AWSCognitoIdentityProviderService.InitiateAuth REFRESH_TOKEN_AUTH, 1 GetUser, then 2 network requests GetUserX2)