Amplify-js: How do I persist a logged in user in a React Native app, so that is is available in the getAuthenticatedUser method?

@oluomoniyi Persistence occurs when you use the Auth.signIn() API in amplify. It looks like you are interacting directly with the underlying Cognito SDK which i believe will by pass the persistence that's done within the Auth Class in Amplify on both web and react native. If you use Auth.signIn API your session will be persisted to AsyncStorage within React Native. To retrieve the user details you can then use Auth.currentAuthenticatedUser and/or Auth.currentSession to get JWTs.

@mlabieniec I happened to be poking around in this code today and noticed that this is true. Though it seems a bit odd that it is true. Is it intended to be true? I ask mostly because this code, imported 5 months ago, smells odd.

• It is persistent storage, but it's called MemoryStorage
• it only takes place with React-Native
• It prefixes it persistent storage key with a @MemoryStorage: key prefix
• It syncs all keys with that prefix into memory when first being used

It just feels as though those AsyncStorage calls ended up here accidentally? If a developer wants persistent storage, I'd expect they could pass a reference to a persistent backend (optionally provided by aws). The thing that feels "most" wrong about it, however, is that this storage is storing a JWT refresh token in the clear. It seems that the app developer should make that decision, i.e. if I'm working on something that has a high security requirement for tokens such as these I'd choose to store them behind a Touch-ID verification.

It seems this was the intent of the amazon-cognito-identity-js maintainers, as they provided support for it with the Storage property of ICognitoUserData. However the only time that aws-amplify calls new CognitoUser it is called such that you cannot pass a Storage implementation through.

// cc: @yuntuowang and @powerful23 - based on .github/CODEOWNERS

@mlabieniec I tried to reuse the get currentAuthenticatedUser method and this seems to work now, don't know why it didn't work before, thanks!

@nidsharm do you have any thoughts or updates on my prior comment?. I'm happy to take a shot at a refactor which keeps the current behaviour in the base case, but allows those of us that wish to control storage in our apps (specifically I want to put these creds in secure store, behind a touchID / faceID).

@ossareh yes we need to provide a storage interface to developers so you can provide your own storage object for the library to store those secure infos. I am recently working on this change and hope to bring this out ASAP. Related to #951

@powerful23 lmk if I can be helpful with this. It's currently blocking progress for me.

Can anybody provide a code example on how to use currentAuthenticatedUser to persist logged in users ?

@jtaylor1989 Amplify will cache those auth tokens into the storage object(by default is you localStorage/AsyncStorage) so that the logged in users get persisted. currentAuthenticatedUser() method is just a way to detect whether there is a current logged in user or not.