Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Device with key *key* does not exist in device pool *pool* #5339

Open
SeifAhli opened this issue May 16, 2024 · 2 comments
Open

Device with key *key* does not exist in device pool *pool* #5339

SeifAhli opened this issue May 16, 2024 · 2 comments
Labels
mobile client Issues related to AWSMobileClient question General question

Comments

@SeifAhli
Copy link

first time reporting a bug on a github repo so excuse any confusion. I'll try to get the idea across

Describe the bug
It's an extreme case but might occur non the less with no solution other than a hard reset or nuking the keychain

To Reproduce
the user has to be signed in on the device prior, any change to the device key in the cognito user pool would most likely be resolved when the user attempts to sign in agin or reset password.

To reproduce this case the user refresh token has to be invalidated. so that user is unable to login, unable to reset password, and the aws getSession function is unable to fetch expirationTokenKey.

Observed Behavior
upon login, user gets the error stated in the title with error code: 24

no way to resolve this issue

Expected Behavior
user should be able to either register a new device upon reinstalling the app at least but due to persistDevice function in AWSCognitoIdentityUser. the user credentials stored in the keychain don't get reset. and attempting to call forgetDevice() or forgetDevice(deviceID) fail due to the user session not being verified by aws. solution is to simply call the forgetDeviceInternal function, however it's inaccessible from outside the library and the attempting to get the keychain keys used by amazon is not a viable solution, nor is it easy or persistent for long term.

Areas of the SDK you are using (AWSMobileClient, Cognito, Pinpoint, IoT, etc)?
AWSCognitoIdentityUser

Environment(please complete the following information):

  • AWSCognitoIdentityProvider (2.30.4):
  • Cocoapods
  • Swift Version :5.0
  • Xcode Version: 15.2

Device Information (please complete the following information):

  • Device: iphone 12 mini (irrelevant)
  • iOS Version: 17.4.1

Additional context
it's not a case that would occur in most scenarios. but to make it easie to resolve such issue, provide the sdk a method for the developer to purge the keychain used by AWS cognito libraries

also what is the use of redundant deviceID storage in asfDeviceId as well?

@SeifAhli
Copy link
Author

basically bricks the phone for the user until either the phone is formatted. extreme case but a nice QOL improvement would be a way to remove stored keychain credentials without having to go through AWS authentication (as a developer)

tested on same device with different users and got no issues.
tested other device with same user and got no issues.

confident problem is user and device specific as changing the app bundle also allows the user to login on the bricked device.

@thisisabhash thisisabhash added question General question mobile client Issues related to AWSMobileClient labels May 16, 2024
@thisisabhash
Copy link
Member

Thank you for posting this. Our team will investigate and post updates on this ticket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
mobile client Issues related to AWSMobileClient question General question
Projects
None yet
Development

No branches or pull requests

2 participants