Amplify-js: Force refresh of credentials with updated role assignments

My mistake: re-login doesn't update credentials. Only after I re-login and re-run the app with "react-native run-android" it updates its credentials.

I found this https://github.com/aws-amplify/amplify-js/issues/446#issuecomment-481704572 suggested solution, but it doesn't work for me. The issue there is open and dealing with updating token, which is apparently not enough in this case.

I have the same issue, in my app roles and permissions of a user are changing when user make specific actions. Tried various solution form #446 and other related bugs/issues but they doesn't work. The problem is that Amplify lacks an ability/function/method to manually reload the session and get new tokens. I've checked session tokens before and after invoking various solutions from #446, but tokens remains the same.
Currently I'm using very crude solution, but looks like it works: after user actions that should change permissions I just sign out and sign in again:

async function refreshCredentials(usr, psw) {
    console.log('creds before', await Auth.currentUserCredentials());
    await Auth.signOut();
    await Auth.signIn(usr, psw);
    console.log('creds after', await Auth.currentUserCredentials());
}

This will refresh credentials(access key, secret key and session token):

Auth.currentCredentials().then((cred) => {
cred.refresh();
});

But the user will still have the same permissions.

We are dealing with the same issue!
We have policy in role for "Authenticated role" which allows invoking API gateway, and looks something like this(asterisks here only for simplicity):

  {
        "Effect": "Allow",
        "Action": [
            "execute-api:Invoke"
        ],
        "Resource": [
            "*"
        ]
    }

Then, we have a rule for "Authenticated role selection" that "says" if some user custom attribute equals true, then it should assign a different role to the user. The different role policy looks something like this:

    {
        "Effect": "Allow",
        "Action": "iot:*",
        "Resource": "*"
    }

When user logins for the first time, he has the first role("Authenticated role"), with the right permissions(can access API, but can't access IOT). After he invokes API, his custom attribute sets to true, and his role should change to the second role I presented here, in reality, nothing changes. After I re-login him, both permissions unavailable to him, and after re-build("react-native run-android") he has the right permissions.

@sammartinez
Not sure if I should open a new issue. We tried a different approach when we don't change the authenticated role in identity pool, but use the same role for all users, but, on-demand, we create IOT Policy specific for the user and attach his identity to this custom policy. This makes re-login unnecessary, but still, a refresh of the app is required. Can't use JakubRakus "hack" because we use federatedSignIn, solution https://github.com/aws-amplify/amplify-js/issues/446#issuecomment-481704572 still doesn't work.

Sorry for tagging/bugging you, don't want to create a new issue but wanted to update.

@Cayce Apologizes on circling back on this now. I do want to state that you aren't bugging me for tagging me, I appreciate the follow up and being patient with us on this. We are discussing this internally and will provide a response later this week. ETA is Friday for the follow up.

Sorry for the delay here @Cayce - to close the loop here the problem seems to be that if you change the polices after you sign-in then the existing creds will not be synced properly. At this point, we will move this to a new feature request to force refresh of credentials with updated role assignments.

@Cayce can you try with the latest unstable version [email protected]

You can force refreshing aws credentials by doing Auth.currentAuthencatedUser({ bypassCache: true})