Aws-sdk-ios: Cached Access tokens are not removed when app is uninstalled ?

Created on 15 Oct 2019  路  2Comments  路  Source: aws-amplify/aws-sdk-ios

State your question

I am currently facing a weird issue using the AWSMobileClient SDK on iOS. The scenario is as follows:

  • User logs in to the app - everything works
  • User closes the app, not logging out
  • User uninstalls the app
  • User installs the app again
  • Calling AWSMobileClient.initialize() recognises the user as already logged in.

-> It seems the cached tokens are not removed when the application is uninstalled. Could this be the case ?

Which AWS Services are you utilizing?

  • Cognito

Provide code snippets (if applicable)

Environment(please complete the following information):

  • SDK Version: 2.11.0
  • Dependency Manager: Cocoapods
  • Swift Version : 5.0

Device Information (please complete the following information):

  • Device: iPhone 11, Simulator
  • iOS Version: iOS 13.1
mobile client question requesting info
Source
picture alexanderwe

Most helpful comment

Hi @alexanderwe,

This is expected behavior. AWSMobileClient caches its credentials in the Keychain, which is Apple's recommended way to store secure data. The Keychain is a shared system resource that persists across app installs, so when the user re-installs the app, AWSMobileClient is able to restore credentials from the Keychain.

If you wish to avoid this behavior, you can have a "firstSignIn" flag that you persist in some store that is cleared on app uninstalls (e.g., UserDefaults), and check for the existence of that flag on app startup. If the flag doesn't exist, you can force a signout with AWSMobileClient.signOut() before proceeding with app startup.

Hope this helps.

picture palpatim on 15 Oct 2019
👍2

All 2 comments

Hi @alexanderwe,

This is expected behavior. AWSMobileClient caches its credentials in the Keychain, which is Apple's recommended way to store secure data. The Keychain is a shared system resource that persists across app installs, so when the user re-installs the app, AWSMobileClient is able to restore credentials from the Keychain.

If you wish to avoid this behavior, you can have a "firstSignIn" flag that you persist in some store that is cleared on app uninstalls (e.g., UserDefaults), and check for the existence of that flag on app startup. If the flag doesn't exist, you can force a signout with AWSMobileClient.signOut() before proceeding with app startup.

Hope this helps.

palpatim picture palpatim on 15 Oct 2019
👍2

@palpatim Thanks a lot for your fast response ! I already thought it would be something like this, but I was unaware of the fact, that the keychain items are persisted even if the app is uninstalled.

I tested your recommend workaround and it works fine. Thanks for pointing me in the right direction.

Closing this ticket, since my question is answered.

alexanderwe picture alexanderwe on 15 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

victorleungtw picture victorleungtw  路  4Comments
minhthuc251 picture minhthuc251  路  4Comments
thomers picture thomers  路  3Comments
kshrikant picture kshrikant  路  4Comments
bradgmueller picture bradgmueller  路  5Comments