Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session issue : No cached session #3572

Open
lolucosmin opened this issue May 11, 2024 · 5 comments
Open

Session issue : No cached session #3572

lolucosmin opened this issue May 11, 2024 · 5 comments
Labels
bug Something isn't working cognito Issues with the AWS Android SDK for Cognito

Comments

@lolucosmin
Copy link

lolucosmin commented May 11, 2024
edited

Describe the bug
Hello, in our project we are using AWS Mobile client version 2.75.0 and lately we have a weird issue on Huawei devices.
We have a weird session error: No cached session, the the strange thing is the user has a valid state:
User State: SIGNED_IN
User Session: will expire at 5/11/24 5:25 PM
If I interogate the SDK about user state and sign in state all looks ok, but in logs I see a lot of warnings, I will post here all the
details.

@tylerjroach can you help us with this weird error, for us is a major issue.

Environment Information (please complete the following information):

  • AWS Android SDK Version: [2.75.0]
  • Device: [all huawei devices]
  • Android Version: [7 and above]
  • Specific to simulators: [No]

Additional context
----------Log 1----------
Error in decrypting data. javax.crypto.AEADBadTagException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)
at com.amazonaws.internal.keyvaluestore.AWSKeyValueStore.decrypt(AWSKeyValueStore.java:435)
at com.amazonaws.internal.keyvaluestore.AWSKeyValueStore.get(AWSKeyValueStore.java:252)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.readCachedTokens(CognitoUser.java:2762)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getCachedSession(CognitoUser.java:1293)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1023)
at com.amazonaws.mobile.client.AWSMobileClient$12.run(AWSMobileClient.java:2030)
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1996)
at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1120)
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:900)
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:897)
at com.amazonaws.mobile.client.internal.ReturningRunnable.await(ReturningRunnable.java:31)
at com.amazonaws.mobile.client.AWSMobileClient.currentUserState(AWSMobileClient.java:879)
at com.bfan.sso.logic.services.aws.auth.AmazonAuthService.isSessionExpired(AmazonAuthService.java:132)
at com.bfan.sso.logic.server.BaseObsParams.lambda$getSessionStateObserver$1(BaseObsParams.java:52)
at com.bfan.sso.logic.server.BaseObsParams$$ExternalSyntheticLambda0.subscribe(D8$$SyntheticClass:0)
at io.reactivex.rxjava3.internal.operators.observable.ObservableCreate.subscribeActual(ObservableCreate.java:41)
at io.reactivex.rxjava3.core.Observable.subscribe(Observable.java:13173)
at io.reactivex.rxjava3.internal.operators.observable.ObservableFlatMap.subscribeActual(ObservableFlatMap.java:52)
at io.reactivex.rxjava3.core.Observable.subscribe(Observable.java:13173)
at io.reactivex.rxjava3.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:644)
at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65)
at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:929)
Caused by: android.security.KeyStoreException: Signature/MAC verification failed
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1593)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:386)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
at javax.crypto.Cipher.doFinal(Cipher.java:2055) 
at com.amazonaws.internal.keyvaluestore.AWSKeyValueStore.decrypt(AWSKeyValueStore.java:435) 
at com.amazonaws.internal.keyvaluestore.AWSKeyValueStore.get(AWSKeyValueStore.java:252) 
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.readCachedTokens(CognitoUser.java:2762) 
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getCachedSession(CognitoUser.java:1293) 
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1023) 
at com.amazonaws.mobile.client.AWSMobileClient$12.run(AWSMobileClient.java:2030) 
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115) 
at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1996) 
at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1120) 
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:900) 
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:897) 
at com.amazonaws.mobile.client.internal.ReturningRunnable.await(ReturningRunnable.java:31) 
at com.amazonaws.mobile.client.AWSMobileClient.currentUserState(AWSMobileClient.java:879) 
at com.bfan.sso.logic.services.aws.auth.AmazonAuthService.isSessionExpired(AmazonAuthService.java:132) 
at com.bfan.sso.logic.server.BaseObsParams.lambda$getSessionStateObserver$1(BaseObsParams.java:52) 
at com.bfan.sso.logic.server.BaseObsParams$$ExternalSyntheticLambda0.subscribe(D8$$SyntheticClass:0) 
at io.reactivex.rxjava3.internal.operators.observable.ObservableCreate.subscribeActual(ObservableCreate.java:41) 
at io.reactivex.rxjava3.core.Observable.subscribe(Observable.java:13173) 
at io.reactivex.rxjava3.internal.operators.observable.ObservableFlatMap.subscribeActual(ObservableFlatMap.java:52) 
at io.reactivex.rxjava3.core.Observable.subscribe(Observable.java:13173) 
at io.reactivex.rxjava3.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96) 
at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:644) 
at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65) 
at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56) 
at java.util.concurrent.FutureTask.run(FutureTask.java:266) 
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 
at java.lang.Thread.run(Thread.java:929) 

----------Log 2----------

Tokens are invalid, please sign-in again.
java.lang.Exception: No cached session.
at com.amazonaws.mobile.client.AWSMobileClient$12$1.signalTokensNotAvailable(AWSMobileClient.java:2079)
at com.amazonaws.mobile.client.AWSMobileClient$12$1.getAuthenticationDetails(AWSMobileClient.java:2049)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1036)
at com.amazonaws.mobile.client.AWSMobileClient$12.run(AWSMobileClient.java:2030)
at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1996)
at com.amazonaws.mobile.client.AWSMobileClient.getUserStateDetails(AWSMobileClient.java:1120)
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:900)
at com.amazonaws.mobile.client.AWSMobileClient$5.run(AWSMobileClient.java:897)
at com.amazonaws.mobile.client.internal.ReturningRunnable.await(ReturningRunnable.java:31)
at com.amazonaws.mobile.client.AWSMobileClient.currentUserState(AWSMobileClient.java:879)
at com.bfan.sso.logic.services.aws.auth.AmazonAuthService.isSessionExpired(AmazonAuthService.java:132)
at com.bfan.sso.logic.server.BaseObsParams.lambda$getSessionStateObserver$1(BaseObsParams.java:52)
at com.bfan.sso.logic.server.BaseObsParams$$ExternalSyntheticLambda0.subscribe(D8$$SyntheticClass:0)
at io.reactivex.rxjava3.internal.operators.observable.ObservableCreate.subscribeActual(ObservableCreate.java:41)
at io.reactivex.rxjava3.core.Observable.subscribe(Observable.java:13173)
at io.reactivex.rxjava3.internal.operators.observable.ObservableFlatMap.subscribeActual(ObservableFlatMap.java:52)
at io.reactivex.rxjava3.core.Observable.subscribe(Observable.java:13173)
at io.reactivex.rxjava3.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
at io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:644)
at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65)
at io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:929)
@lolucosmin
Copy link
Author

lolucosmin commented May 11, 2024
edited

If I interogate the SDK like this after I get that error and warnings I have this results:

AWSMobileClient.getInstance().getUsername() - same like before getting the error
AWSMobileClient.getInstance().isSignedIn() - true
AWSMobileClient.getInstance().getIdentityId() - another identity

@lolucosmin
Copy link
Author

lolucosmin commented May 13, 2024
edited

I have more information about this issue:
-appear after 1H when the aws should refresh the session.
-in UserStateDetails there is a exception but that method is protected and you can not interogate the skd
to see if is null or not.

Screenshot 2024-05-13 160750

As you can see in image the state for user is SIGNED_IN but there no good session also
if I as for AWSMobileClient.getInstance().getIdentityId() now I have a new one instead the real one.
What I see here the SDK is not changing the user state into GUEST or SIGNED_OUT.

I tried also to intercept that exception but is not working:

public boolean isSessionExpired() {
UserStateDetails userState;
try {
userState = AWSMobileClient.getInstance().currentUserState();
} catch (Exception ex) {
return true;
}
........

Is weird because in SDK there is a catch
@workerthread
public UserStateDetails currentUserState() {
try {
return _currentUserState().await();
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve user state.", e);
}
}
but is not going into catch block.

So I have no idea how to manage this situation @tylerjroach, do you have a suggestion for me?

@yuhengshs
Copy link
Contributor

Hi @lolucosmin ,

Thanks for reaching out, we will take a look into the issue and provide updates here.

@yuhengshs yuhengshs added bug Something isn't working cognito Issues with the AWS Android SDK for Cognito labels May 13, 2024
@tylerjroach
Copy link
Contributor

@lolucosmin Huewei devices may be tricky.Are these older devices with Google Play Services, or the newer Huewei devices withouth Google support.

I'm afraid these devices look like they do not appear to have proper Android KeyStore implementations.

Error in decrypting data. javax.crypto.AEADBadTagException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)```

This crash is coming directly from OS KeyStore implementation.

@lolucosmin
Copy link
Author

@lolucosmin Huewei devices may be tricky.Are these older devices with Google Play Services, or the newer Huewei devices withouth Google support.

I'm afraid these devices look like they do not appear to have proper Android KeyStore implementations.

Error in decrypting data. javax.crypto.AEADBadTagException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)```

This crash is coming directly from OS KeyStore implementation.

Indeed, there are 2 types with Google Services and without, I tested on devices(4 devices) without Google Services and on all of them I have same issue, the sign in is successful but after 1h no session refresh.

But I have a question related to AWSMobileClient SDK.
Why there int this function is a catch if you want to throw that exception? Also why that exception from my image above is not
in state of user? At least if it will be in state of user we can check that variable.
@workerthread
public UserStateDetails currentUserState() {
try {
return _currentUserState().await();
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve user state.", e);
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working cognito Issues with the AWS Android SDK for Cognito
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tylerjroach @lolucosmin @yuhengshs