Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] Auto sign in for a multiple logins with the same user #4616

Closed
4 tasks done
dcp3450 opened this issue Oct 31, 2023 · 4 comments
Closed
4 tasks done

[FR] Auto sign in for a multiple logins with the same user #4616

dcp3450 opened this issue Oct 31, 2023 · 4 comments
Labels
feature-request Request a new feature

Comments

@dcp3450
Copy link

dcp3450 commented Oct 31, 2023
edited
Loading

Before creating a new issue, please confirm:

On which framework/platform are you having an issue?

Angular

Which UI component?

Authenticator

How is your app built?

custom-webpack 16

What browsers are you seeing the problem on?

No response

Which region are you seeing the problem in?

No response

Please describe your bug.

I have 5 applications that use the @aws-amplify/ui-angular package. Sign up / login works as expected. However, when a user logs into one application and attempts to view another they have to login again. All users are on the same userpool and identity pool. they are also on the same domain/subdomain as the route determines the app:

company.myapp.com/app1
company.myapp.com/app2
company.myapp.com/app3
...

It was my understanding (based on an AWS doc I read somewhere) that if the user has logged in at one location via their cognito login and the domain was the same, they would be auto signed in.

If I need to grab an ID stored in a cookie and verify the user that way, that makes sense but the docs don't seem to suggest this.

What's the expected behaviour?

When the user logs in at one location with userpool creds and attempts to access a second location they don't have to login again. Their previous login at the same domain should allow them to go forward.

Help us reproduce the bug!

have to apps with the same domain/subdomain but different routes.

Code Snippet

// Put your code below this line.

Console log output

No response

Additional information and screenshots

No response
@github-actions github-actions bot added the pending-triage Issue is pending triage label Oct 31, 2023
@calebpollman calebpollman added feature-request Request a new feature and removed pending-triage Issue is pending triage labels Oct 31, 2023
@calebpollman calebpollman changed the title Auto sign in for a multiple logins with the same user [FR] Auto sign in for a multiple logins with the same user Oct 31, 2023
@calebpollman
Copy link
Member

Hi @dcp3450. To clarify the ask here, can you confirm whether the expectation is that if an end user has two apps open in the same browser instance (App A, App B) that signing in to App A will "refresh" App B automatically?

@dcp3450
Copy link
Author

dcp3450 commented Oct 31, 2023

@calebpollman No, they don't need to talk in that way. I see instances of what I'm trying to do:

  1. They login to App A -> open App B in a new tab and they are auto authenticated and allowed access
  2. Both apps are open, they login to one of them, manual refresh the other and it lets them in since they are already logged in

What confuses me is all apps have the exact same subdomain/domain. So when the user logs in at one location (App A) it creates the local storage and cookies. When they access App B, it requires a log in even though they are the same domain and have access to the same local storage and cookies. Logging in at the second app creates a other set of storage and cookies.

I verify the user is logged in via:

  constructor(
    ...
    public authenticator: AuthenticatorService,
    ...
  ) {}

  ...
    this.authenticator.subscribe(() => {
      const { route } = this.authenticator;
      if (route === 'authenticated') {
      }
    });
  ...

This is called when the user attempts to access a page that requires auth. If they aren't authenticated, then it kicks them out to the login.

@dcp3450
Copy link
Author

dcp3450 commented Oct 31, 2023

@calebpollman I looked over my code again and noticed, this is the code checking if the user is already authenticated:

...
import Auth from '@aws-amplify/auth';
...
  canActivate(... ): Promise<boolean> {
    return Auth.currentAuthenticatedUser()
      .then(user => {
        ...
        return true;
      })
      .catch(() => {
        console.error('Must be signed in');
        ...
        return false;
      });
  }

The problem and assumptions still remain. The domains are the same just the code base at the route /appA , /appB, etc is different. If the domains are the same and each application has access to the same local storage and cookies, what magic sauce am I missing?

@dcp3450
Copy link
Author

dcp3450 commented Nov 1, 2023

All the apps had the same user pool and identity pool IDs but they had different web client IDs. I gave them the same web client ID and login works as expected.

@dcp3450 dcp3450 closed this as completed Nov 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Request a new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcp3450 @calebpollman