Amplify-js: Auth.currentCredentials sometimes does not return identityId

This is a major issue and I don't see a workaround. For those that depend on credentials with identityId, the entire amplify javascript library is rendered useless until this is fixed.

Would you be able to provide some reproduction steps to show this behavior?

I used the Authenticator object from the aws-amplify-react library

After signing in with Facebook or Google using federated sign in (Cognito Identity Pool only), I see that the identity is created in my identity pool.

Then I call Auth.currentCredentials using Auth from the aws-amplify library

This works perfectly using [email protected] and [email protected]. However, using the current versions gives me only partial credentials. In the case of email and password login (i.e. Cognito User Pool + Cognito Identity Pool) there is no issue.

I am also seeing this over the last 24 hours. It happened in an app that had no updates in the last fortnight, so it seems to be a Cognito issue.

Here is my function (using typescript + observables):

export function currentUnauthenticatedSession(): Observable<GetOpenIdTokenResponse> {
  return fromPromise(Auth.currentCredentials()).pipe(
    mergeMap((credentials: ICredentials) => {
      // credentials exists, identityId does not
      if (!credentials || !credentials.identityId) {
        throw new Error('Unable to get credentials for unauthorised session');
      }

      const openIdParams: GetOpenIdTokenInput = {
        IdentityId: credentials.identityId
      };
      const options: CognitoIdentity.Types.ClientConfiguration = {
        region: process.env.AWS_REGION,
        credentials
      };
      const cognitoIdentity = new CognitoIdentity(options);

      return fromPromise(
        cognitoIdentity.getOpenIdToken(openIdParams).promise()
      ).pipe(
        mergeMap(
          (openIdTokenResponse: CognitoIdentity.GetOpenIdTokenResponse) => {
            return of(openIdTokenResponse);
          }
        ),
        catchError(err => throwError(err))
      );
    }),
    catchError(err => throwError(err))
  );
}

Can we please get some sort of an update? @amhinson

This was solved by reverting from aws-amplify@3x to aws-amplify@2x. We were live with 3x for a little while, so I'm not sure how the break came about, nevertheless reverting back to 2x fixes this. Thanks @maxflores

The same issue with the version 3.0.24

Also seeing this on v3.3.3, got the AWS credentials normally but no identityId anywhere. I can see in the network tab that the Cognito response returned the identityId (which I can also see in the AWS Console), so something is wrong while saving/retrieving it.

The identityId is lost when the token is refreshed. Looking at the code the identityId is not passed to the refresh function:

See: https://github.com/aws-amplify/amplify-js/blob/abb5e3605e21685c98959af67115fa6a37bf22f2/packages/core/src/Credentials.ts#L148