Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some JWT tokens returned by AWSCognitoIdentityUserSession's idToken.tokenClaims are empty #5308

Open
hito1402 opened this issue Apr 30, 2024 · 1 comment
Labels
auth bug Something isn't working cognito Issues related to AWS Cognito

Comments

@hito1402
Copy link

I am using the AWSCognitoIdentityProvider on iOS to perform Cognito user logins, and I'm trying to retrieve the group name with the following code:

func getGroupName(_ callback: @escaping (String?)->()) {
    let pool = AWSCognitoIdentityUserPool(forKey: "UserPool")
    guard let user = pool?.currentUser() else {
        callback("invalid token")
        return
    }
    user.getSession().continueWith { (task) -> Any? in
        if let tokenClaims = task.result?.idToken?.tokenClaims, let groupNames = tokenClaims["cognito:groups"] as? [String], let groupName = groupNames.first {
            callback(groupName)
        } else {
            callback(nil)
        }
        return nil
    }
}

However, I'm encountering an issue where tokenClaims returns an empty dictionary, which is not the expected behavior. This issue only occurs with some users, even though I've tested it with multiple.

Upon examining the idToken payload, I noticed that the base64-encoded payload contains hyphens ("-"). According to the JWT specification, payloads are supposed to be URL-safe, but I don't see any processing in tokenClaims that replaces hyphens with pluses ("+").

I have confirmed that replacing hyphens with pluses in the payload allows it to be correctly converted into JSON data.

Here's the related code in the AWS SDK for iOS: AWSCognitoIdentityUser.m

Environment

  • AWSCognitoIdentityProvider (2.33.4):
    • AWSCognitoIdentityProviderASF (= 2.33.4)
    • AWSCore (= 2.33.4)
  • AWSCognitoIdentityProviderASF (2.33.4):
    • AWSCore (= 2.33.4)
@hito1402 hito1402 changed the title AWSCognitoIdentityUserSession idToken.tokenClaims Some JWT tokens returned by AWSCognitoIdentityUserSession's idToken.tokenClaims are empty Apr 30, 2024
@lawmicha lawmicha added cognito Issues related to AWS Cognito auth bug Something isn't working labels Apr 30, 2024
@lawmicha
Copy link
Contributor

Hi @hito1402, thank you for opening this issue. We'll investigate further and will provide an update when we can.

@lawmicha lawmicha added the pending-triage Issue is pending triage label Apr 30, 2024
@harsh62 harsh62 removed the pending-triage Issue is pending triage label Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth bug Something isn't working cognito Issues related to AWS Cognito
Projects
None yet
Development

No branches or pull requests

3 participants