Amplify-js: Signout throws NotAuthorizedException - Access Token has been revoked

Created on 27 Jun 2019 · 2Comments · Source: aws-amplify/amplify-js

Describe the bug
I am using Authentication HOC with custom SignOut function as given below:

Auth.signOut({ global: true })
        .then(data => console.log('signed out'))
        .catch(err => console.error(err));

When I try to sign out by following the reproduction steps, I get the exception:

POST https://cognito-idp.us-west-2.amazonaws.com/ 400
{code: "NotAuthorizedException", name: "NotAuthorizedException", message: "Access Token has been revoked"}code: "NotAuthorizedException"message: "Access Token has been revoked"name: "NotAuthorizedException"__proto__: Object

To Reproduce
Open the site in two browsers, sign out from one. Now try to sign out from the browser which has user signed in, the signOut function throws this error. As a result of this error, the user cannot signout of the site and is stuck.
Even force refreshing the browser with the error doesn't do anything. I still see the logged in page.
Is there a way to force the display of the login screen?

Expected behavior
User should be signed out and taken to the login screen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: Ubuntu 19.04
Browser Chrome

Additional context
"aws-amplify": "1.1.28",
"aws-amplify-react": "2.3.8",
"react": "^16.6.0",
"react-dom": "^16.6.0",

Sample code
Given above.

Auth question

Source

jitsunen

Most helpful comment

@jitsunen Auth.signOut({ global : true }) will revoke all the access tokens issued by Cognito Service. So at the moment the second signOut was called, the access token it's using has already been revoked. You can try catch this error and if caught, use Auth.signOut() instead to sign the user out.