Active (logged in) user cannot be deleted or globally signedout
velociwabbit opened this issue · 11 comments
I am trying to either globalSignOut or deleteUser on a cognito user that has been logged in.
I have not been able to accomplish either tasks as the deleteUser and globalSignOut functions requires a signInUserSession . The problem is that the getCurrentUser() function from CognitoUserPool retrieves the username but then assigns null to the signInUserSession and Session.
The example only provides the syntax for globalSignOut and deleteUser with an already instantiated cognitoUser.deleteUser
The way the example reads my solution should work... therefore even if I am doing it incorrectly the examples need to change as they are misleading.
Also as we are coming onto 2018 I would naturally hope that an async or yield version of this api would be a top priority.
Please let me know how I can help
The example mentions that the piece of code is for an authenticated user. You would need a call to getSession after getCurrentUser.
Hmmm... i am looking at the example right now and there is no mention of what you are saying.. here is the code :
Use case 13. Deleting an authenticated user.
cognitoUser.deleteUser(function(err, result) {
if (err) {
alert(err);
return;
}
console.log('call result: ' + result);
});
Use case 14. Signing out from the application.
cognitoUser.signOut();
Use case 15. Global signout for an authenticated user(invalidates all issued tokens).
cognitoUser.globalSignOut(callback);
If i can get it to work i have built a full login, logout , delete , change password etc. class that I would be glad to submit as an example. These snippets are not context free and therefore can be inscrutable.
You pasted above that it is an authenticated user.
no that is a variable that is connected to a deleteUser function.
There are several ways to get a congnitoUser none of which seem to solve my problem.
this is the tersest version that should work but it instantiates a user without the Session info
cognitoUser = (new CognitoUser({ Username : u, Pool : this.cogpool }) }).getCurrentUser()
Yes, I mentioned above that you would need to do a call to getSession after the call to getCurrentUser
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) {
cognitoUser.getSession(function(err, session) {
if (err) {
alert(err);
return;
}
console.log('session validity: ' + session.isValid());
});
}
Just to be clear for other readers the getCurrentUser function returns a semi compete cognitoUser that requires a separate function call to fill in the rest of the data for a complete congnitoUser (getSession) so that the completed object can be used in other functions?
Would it not make more sense from an api perspective to perform the getSession function in the api and return a fully populated currentUser? ... or is this a callback/function generator issue?
Either way this is unnecessarily subtle and a bit frustrating.
Also do i need to manually populate the congnitoUser object or will the getSession call populate it for me? (this is for other users benefit as i will find out right now on my own).
It is more from the point of view of the abstractions involved since you have your user pool that has users and stores the last authenticated user.
So basically the getCurrentUser retrieves the current user stored in local storage. After that you need to do getSession to retrieve the tokens associated with that user.
After some testing here is something less 'abstract'.
This is what you have to do to cause the aws cognito api work concretely :
- Create instance of CognitoUserPool with some version of:
const cognitoUserPool= CognitoUserPool({ UserPoolId: this.UserPoolId, ClientId: this.ClientId,})
- Create an instance of CognitoUser:
const cognitoUser = new CognitoUser({ Username : u, Pool : cognitoUserPool })
- Enhance the instance of cognitoUser with the function call cognitoUser.getSession (this populates the cognitoUser with signInUserSession filled in with the needed information to make other calls work properly
cognitoUser.getSession((e,s)=> console.log(e || 'session acquired' ) )
- after these three calls one can then:
cognitoUser().deleteUser( (e, r)=> console.log( e || 'call result: ' + r))
//or
cognitoUser().globalSignOut( { onFailure: e => console.log(e)
, onSuccess: r => console.log('Logout success' + r) }) }
//or
cognitoUser().changePassword(oldP, newP(e, r)=> console.log( e || 'call result: ' + r))
Yes, that should work.