[ AWSCognitoIdentityProvider] Error Domain=com.amazonaws.AWSCognitoIdentityProviderErrorDomain Code=-1000

[PrinceDev920]

Issue description:
Once user is logged in and after the token expires, it is not getting refreshed. It was working a week before.

Steps to reproduce the behavior:

1. Installed the latest AWSCognitoIdentityProvider and AWSCore from pods
2. Login with a valid user
3. After token expired try to generate new token using -(AWSTask<AWSCognitoIdentityUserSession*> *) getSession
4. Function call on task based return a failure result with error Domain=com.amazonaws.AWSCognitoIdentityProviderErrorDomain Code=-1000 .

Observed Behavior
User is authenticated and logged in. After some days on call of getSession() method defined in AWSCognitoIdentityProvider gives error with domain com.amazonaws.AWSCognitoIdentityProviderErrorDomain and code -1000

Expected Behavior
If user is once authenticated and logged in after token expires, it should get refreshed on call of getSession() method

Code Snippet

// 1. Setting of user pool in the init

func setUserPool() {
        let config = userDefaultsManager.getConfigDetails()
        let serviceConfiguration = AWSServiceConfiguration(
            region: AWSRegionType.regionTypeForString(regionString: config.cloudRegion), // Set your region
            credentialsProvider: nil
        )

        let poolConfiguration = AWSCognitoIdentityUserPoolConfiguration(
            clientId: config.appClientId,
            clientSecret: nil,
            poolId: config.userPoolId
        )

        AWSCognitoIdentityUserPool.register(
            with: serviceConfiguration,
            userPoolConfiguration: poolConfiguration,
            forKey: "UserPool"
        )

        userPool = AWSCognitoIdentityUserPool(forKey: "UserPool")
        currentUser = userPool?.currentUser()
    }

// During login delegate was set to the AWSCognitoIdentityUserPool
//Also there is no issue during login process either with password or otp

  user.getSession().continueWith { task in

                    if let error = task.error {   // since error is throw by the sdk
                        if !isInternetError(error as NSError) { // and if its not due to internet
                            self.userAuthSession.sessionInvalid() // causes my user to logout
                        }
                        continuation.resume(returning: "")
                        return nil
                    }

                    if let session = task.result {
                        Task {
                            await myCognitoSession.setSession(session)
                            continuation.resume(returning: session.idToken?.tokenString ?? "")
                        }
                    } else {
                        continuation.resume(returning: "")
                    }

                    return nil
                }

Device Information (please complete the following information):
Most of iOS phones with iOS version 16.0 above

[thisisabhash]

Thank you for posting this. Our team will take a look and respond with updates.

[PrinceDev920]

Hi, just checking if anyone had a chance to look at this issue. Happy to provide more details if needed.

[harsh62]

@PrinceDev920 You shouldn't be using this repo.. Please migrate to using Amplify Swift. Let me know if you need any help with Amplify Swift.

If this used to work before:

• We have not made changes to the Auth logic for years, so I would first start with looking into if you made any changes in your codebase? Or made any other updates to the dependency.
• Did you update any Cognito related configuraiton, i.e. may be changed the Refresh Token validity period, or anything similar.

If you just started using the SDK:

• The SDK is not receiving any updates and there could be that latest Cognito features are no longer working in the SDK.

Also refer the Migration Guide.

[PrinceDev920]

We had increased Cognito Refresh token validity but its was increased instead of decreasing the validity period. Also it was done quite long back.

Secondly not everyone is facing this issue its happening randomly.

As @harsh62 suggest to use Amplify, Does Amplify underneath uses AWSCognitoIdentityProvider?

I suspect since AWSCognitoIdentityProvider uses keychain and can it be possible under certain circumstances keychain is not accessible then this issue is happening?

[harsh62]

@PrinceDev920 AWSCognitoIdentityProvideris not something that is used in Amplify. We definitely use keychain in both Amplify and AWS SDK for iOS, and if it would have been a keychain related error, you wouldn't have been able to perform any operations.

The other thing to keep in mind is that did you recently enabled the Refresh token rotation feature of Cognito, which could trigger failures because now a new refresh token would be issued which is not something that is supported in AWS SDK for iOS.

If recently you have not made any changes to your AWS implementation on the iOS app, it would almost certainly be that something changed in Cognito or something that is managing Cognito.