Configured event breaking change not documented

[npenin]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Angular, Not applicable

Amplify APIs

Authentication, Storage

Amplify Categories

auth, storage

Environment information

  System:
    OS: Linux 6.2 Ubuntu 22.04.3 LTS 22.04.3 LTS (Jammy Jellyfish)
    CPU: (32) x64 13th Gen Intel(R) Core(TM) i9-13900K
    Memory: 48.32 GB / 62.47 GB
    Container: Yes
    Shell: 5.1.16 - /bin/bash
  Binaries:
    Node: 18.18.2 - /tmp/xfs-705df71f/node
    Yarn: 3.5.0 - /tmp/xfs-705df71f/yarn
    npm: 9.8.1 - ~/.nvm/versions/node/v18.18.2/bin/npm
  npmGlobalPackages:
    corepack: 0.19.0
    npm: 9.8.1
    yarn: 1.22.19

Describe the bug

Before the v6, there used to be a configured event in the auth channel. There is no mention of this anywhere of this event in the migration. How can one know when she can use the storage if the auth part is not authenticated yet ?

Expected behavior

Either the Amplify.configure should return a promise or we need the configured event back or a way to know when Storage is usable

Reproduction steps

1. Setup amplify for auth and storage
2. Just after the Amplify.configure line, try to download a file from s3.
3. The runtimes throws NoCredentials: Credentials should not be empty.

Code Snippet

// Put your code below this line.

Log output

[DEBUG] 06:37.58 Hub - Dispatching to core with  {event: 'configure', data: {…}}
ConsoleLogger.mjs:86 [DEBUG] 06:37.60 Hub - Dispatching to core with  {event: 'configure', data: {…}}
13 error-handler.ts:12 NoCredentials: Credentials should not be empty.

aws-exports.js

{
Auth: {
Cognito: {
identityPoolId: env.identity_pool_id,
userPoolId: env.user_pool_id,
userPoolClientId: env.app_client_id,
signUpVerificationMethod: 'code',
loginWith: {
oauth: {
"domain": env.login_domain,
"scopes": [
"email",
"openid",
"profile",
"aws.cognito.signin.user.admin"
],
"redirectSignIn": [new URL(location.getBaseHref() + 'oauth', window.location.href).toString()],
redirectSignOut: [new URL(location.getBaseHref(), window.location.href).toString()],
"responseType": "code"
},
}
}
},
Storage: {
S3: {
bucket: env.s3_upload_bucket,
region: aws.region
}
}
}

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

[cwomack]

Hello, @npenin 👋. Just to confirm, is this happening with authenticated users of your app? Can you share the frontend code or file that is calling the getUrl API if you're trying to "download a file from S3" right after calling Amplify.configure()?

[npenin]

No this is happening for unauthenticated users. However, they have a cognito identity and an unauthenticated role assigned. The s3 policy allows such user to get files from public access level

[npenin]

I cannot easily share code as I am building an angular. The authentication flow is not as obvious as depicted here in this bug. I also reverted my code until there is a fix for this bug

[cwomack]

@npenin, understandable. Any code you can share would be very helpful to diagnose what's happening effectively, but let me try and work around that.

It sounds like as soon as your app loads, you're using the Auth configure event to send/receive some files maybe without users having to click something. That sound about right? If your app was relying on this event in v5, it's possible the app breaks in v6. Is this the event you were waiting on in v5?

amplify-js/packages/auth/src/Auth.ts

Line 267 in 848651f

'configured',

[npenin]

@cwomack yes, that's exactly the problem. I am loading a configuration file in my app to then load everything else. However without this configured event that was present in v5, I have no way to achieve the same in v6.

[cwomack]

@npenin, thanks for the confirmation. I'll label this as a bug for now then and review it with the team internally. Will provide updates via this issue as soon as I can!

[cwomack]

@npenin, I've got a potential "workaround" for you to try in v6 to see if we can resolve the problem. Can you try using the fetchAuthSession or getCurrentUser API's rather than the Hub event for Auth.configured? While in v5 there was a type of credentialUser that was tied to the user Session and rehydrated the session and dispatched the event, I think you could achieve something similar by checking for the session of an authenticated user.

The catch here is that if you are trying to use unauthenticated users, that might be an issue. For unauthenticated users, this would provide credentials (but not tokens). So fetchAuthSession in this scenario will return undefined for tokens on that authenticated user, but return the credentials would still be returned and succeed (if the app has unauthenticated users enabled).

Let me know if this helps and can be used as a workaround in v6!

[npenin]

As you mentioned, I have unauthenticated users. I had tried the fetchAuthSession, but it did not work out either.

[cwomack]

Got it, thanks for trying that @npenin. Would you mind sharing your frontend code that's making this calls and giving the issue?

[npenin]

I will do next week after the Christmas break.

[DaneDH]

@cwomack This is an issue for me as well on s3 storage. Code below. Note that guest users (UnAuthenitcated) have access to public folder.

import { getUrl, GetUrlInput } from 'aws-amplify/storage';

const someComponent = () => {
  
  useEffect(()=> {
      const urlInput: GetUrlInput = {
        key: "public/thumbnail/85c93c52-0f70-49dd-b78e-dee1c7645f32.jpg",
        options: {
          accessLevel: 'guest', // can be 'private', 'protected', or 'guest' but defaults to `guest`
          // targetIdentityId: 'XXXXXXX', // id of another user, if `accessLevel` is `guest`
          validateObjectExistence: false,  // defaults to false
          expiresIn: 300, // validity of the URL, in seconds. defaults to 900 (15 minutes) and maxes at 3600 (1 hour)
          useAccelerateEndpoint: true, // Whether to use accelerate endpoint.
        },
      }
      const fetchUrl = async () => { 
        const data = await getUrl(urlInput);
        console.log(`fetchUrl data ${JSON.stringify(data)}`)
      };

      fetchUrl().catch((e:any)=>console.log(`fetchUrl error ${e}`)) // NoCredentials: Credentials should not be empty.
  })

}

[DaneDH]

@npenin I have fixed my issue. The problem is that I was initializing Amplify(config) on the server side while handling s3 stuff on the client side. The solution was to move Amplify(config) to the client side and handle s3 stuff after that has been initialized. This was more of a nextjs structure issue for me. Not sure this might be a possible solution.

[npenin]

@DaneDH on my end, this is a pure front-end issue, but thanks for the suggestion

[cwomack]

@npenin, were you able to review that frontend code then and make a change that resolved the issue for you? Curious if making any of the changes in this comment helped.

@DaneDH, are you also unblocked then after moving Amplify(config) to the client side?

[cwomack]

After reviewing this issue further, we're going to mark this as a need for a documentation update to clarify the changes in the events emitted for the Auth channel with Hub in v6. The difference can be seen in reviewing the list of the v5 Auth events vs. the v6 Auth events, but there is no callout for this in our documentation.

The configure event that used to be in the v5 Auth events can still be listened for in the core channel for Hub. Once again, this isn't very clear based on just the v6 Hub documentation.

We'll track the updates for this clarity to be added in the associated amplify-docs issue #6848 and close out this issue within the JS repo. If there's further questions or issues with this, feel free to comment here or on the associated docs issue.

[CoonHouse]

@npenin, understandable. Any code you can share would be very helpful to diagnose what's happening effectively, but let me try and work around that.

It sounds like as soon as your app loads, you're using the Auth configure event to send/receive some files maybe without users having to click something. That sound about right? If your app was relying on this event in v5, it's possible the app breaks in v6. Is this the event you were waiting on in v5?

amplify-js/packages/auth/src/Auth.ts

Line 267 in 848651f

'configured',

My code was also relying in this event. I used i t to do some initialization when a user refreshes the page or did come back to the page while having an active session.
My problem now is, that when I refresh the page the curentUser (getCurrentUser) throws an error while i am logged in. How (and when) do I get the current user and session after a page refresh?

[CoonHouse]

In addition, I found that when delaying the getCurentUser (and/or fetchAuthSession) with 2 or 3 milliseconds, I get a positive result. I am not a fan of using timeouts for this kind of actions (what's the right amount of milliseconds. Maybe some times it takes longer then expected, but unnecessary waiting is also a waste. ).
So I would be happy if the configured event could be reimplemented again.