Merge pull request #1917 from dnys1/fix/auth/multiple-hosted-ui-attempts

feat(auth): Allow multiple Hosted UI sign-in attempts

Author: dnys1

packages/amplify_authenticator/lib/amplify_authenticator.dart

@@ -598,7 +598,7 @@ class _AuthenticatorState extends State<Authenticator> {
     _exceptionSub.cancel();
     _infoSub.cancel();
     _successSub.cancel();
-    _stateMachineBloc.dispose();
+    _stateMachineBloc.close();
     _hubSubscription?.cancel();
     super.dispose();
   }

packages/amplify_authenticator/lib/src/blocs/auth/auth_bloc.dart

@@ -21,18 +21,25 @@ import 'package:amplify_authenticator/src/blocs/auth/auth_data.dart';
 import 'package:amplify_authenticator/src/services/amplify_auth_service.dart';
 import 'package:amplify_authenticator/src/state/auth_state.dart';
 import 'package:amplify_flutter/amplify_flutter.dart';
+import 'package:async/async.dart';
+import 'package:stream_transform/stream_transform.dart';
 
 part 'auth_event.dart';
 
 /// {@template amplify_authenticator.state_machine_bloc}
 /// Internal state machine for the authenticator. Listens to authentication events
 /// and maps them to appropriate state transitions.
 /// {@endtemplate}
-class StateMachineBloc {
+class StateMachineBloc
+    with AWSDebuggable, AmplifyLoggerMixin
+    implements Closeable {
   final AuthService _authService;
   final bool preferPrivateSession;
   final AuthenticatorStep initialStep;
 
+  @override
+  String get runtimeTypeName => 'StateMachineBloc';
+
   /// State controller.
   final StreamController<AuthState> _authStateController =
       StreamController<AuthState>.broadcast();
@@ -63,18 +70,28 @@ class StateMachineBloc {
     required this.preferPrivateSession,
     this.initialStep = AuthenticatorStep.signIn,
   }) : _authService = authService {
-    _subscription =
-        _authEventStream.asyncExpand(_eventTransformer).listen((state) {
-      _controllerSink.add(state);
-      _currentState = state;
-    });
+    final blocStream = _authEventStream.asyncExpand(_eventTransformer);
+    final hubStream =
+        _authService.hubEvents.map(_mapHubEvent).whereType<AuthState>();
+    final mergedStream = StreamGroup<AuthState>()
+      ..add(blocStream)
+      ..add(hubStream)
+      ..close();
+    _subscription = mergedStream.stream.listen(_emit);
   }
 
   /// Adds an event to the Bloc.
   void add(AuthEvent event) {
     _authEventController.add(event);
   }
 
+  /// Emits a new state to the bloc.
+  void _emit(AuthState state) {
+    logger.debug('Emitting next state: $state');
+    _controllerSink.add(state);
+    _currentState = state;
+  }
+
   /// Manages exception events separate from the bloc's state.
   final StreamController<AuthenticatorException> _exceptionController =
       StreamController<AuthenticatorException>.broadcast();
@@ -119,6 +136,27 @@ class StateMachineBloc {
     }
   }
 
+  /// Listens for asynchronous events which occurred outside the control of the
+  /// [Authenticator] and [StateMachineBloc].
+  AuthState? _mapHubEvent(AuthHubEvent event) {
+    logger.debug('Handling hub event: ${event.type}');
+    switch (event.type) {
+      case AuthHubEventType.signedIn:
+        if (_currentState is! AuthenticatedState) {
+          return const AuthenticatedState();
+        }
+        break;
+      case AuthHubEventType.signedOut:
+      case AuthHubEventType.sessionExpired:
+      case AuthHubEventType.userDeleted:
+        if (_currentState is AuthenticatedState) {
+          return UnauthenticatedState(step: initialStep);
+        }
+        break;
+    }
+    return null;
+  }
+
   Stream<AuthState> _authLoad() async* {
     yield const LoadingState();
     await Amplify.asyncConfig;
@@ -246,62 +284,77 @@ class StateMachineBloc {
     _infoMessageController.add(MessageResolverKey.codeSent(destination));
   }
 
+  Future<void> _processSignInResult(
+    SignInResult result, {
+    required bool isSocialSignIn,
+  }) async {
+    switch (result.nextStep!.signInStep) {
+      case 'CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE':
+        _notifyCodeSent(result.nextStep?.codeDeliveryDetails?.destination);
+        _emit(UnauthenticatedState.confirmSignInMfa);
+        break;
+      case 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE':
+        _emit(ConfirmSignInCustom(
+          publicParameters:
+              result.nextStep?.additionalInfo ?? <String, String>{},
+        ));
+        break;
+      case 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD':
+        _emit(UnauthenticatedState.confirmSignInNewPassword);
+        break;
+      case 'RESET_PASSWORD':
+        _emit(UnauthenticatedState.confirmResetPassword);
+        break;
+      case 'CONFIRM_SIGN_UP':
+        _notifyCodeSent(result.nextStep?.codeDeliveryDetails?.destination);
+        _emit(UnauthenticatedState.confirmSignUp);
+        break;
+      case 'DONE':
+        if (isSocialSignIn) {
+          _emit(const AuthenticatedState());
+        } else {
+          await for (final state in _checkUserVerification()) {
+            _emit(state);
+          }
+        }
+        break;
+      default:
+        break;
+    }
+  }
+
   Stream<AuthState> _signIn(AuthSignInData data) async* {
     try {
       // Make sure no user is signed in before calling the sign in method
       if (await _authService.isLoggedIn) {
         await _authService.signOut();
       }
 
-      final SignInResult result;
-
-      final bool isSocialSignIn = data is AuthSocialSignInData;
-
       if (data is AuthUsernamePasswordSignInData) {
-        result = await _authService.signIn(
+        final result = await _authService.signIn(
           data.username,
           data.password,
         );
+        await _processSignInResult(result, isSocialSignIn: false);
       } else if (data is AuthSocialSignInData) {
-        result = await _authService.signInWithProvider(
-          data.provider,
-          preferPrivateSession: preferPrivateSession,
-        );
+        // Do not await a social sign-in since multiple sign-in attempts
+        // can occur.
+        _authService
+            .signInWithProvider(
+              data.provider,
+              preferPrivateSession: preferPrivateSession,
+            )
+            .then(
+              (result) => _processSignInResult(result, isSocialSignIn: true),
+            )
+            .onError<Exception>((error, stackTrace) {
+          final log =
+              error is UserCancelledException ? logger.info : logger.error;
+          log('Error signing in', error, stackTrace);
+        });
       } else {
         throw StateError('Bad sign in data: $data');
       }
-
-      switch (result.nextStep!.signInStep) {
-        case 'CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE':
-          _notifyCodeSent(result.nextStep?.codeDeliveryDetails?.destination);
-          yield UnauthenticatedState.confirmSignInMfa;
-          break;
-        case 'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE':
-          yield ConfirmSignInCustom(
-            publicParameters:
-                result.nextStep?.additionalInfo ?? <String, String>{},
-          );
-          break;
-        case 'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD':
-          yield UnauthenticatedState.confirmSignInNewPassword;
-          break;
-        case 'RESET_PASSWORD':
-          yield UnauthenticatedState.confirmResetPassword;
-          break;
-        case 'CONFIRM_SIGN_UP':
-          _notifyCodeSent(result.nextStep?.codeDeliveryDetails?.destination);
-          yield UnauthenticatedState.confirmSignUp;
-          break;
-        case 'DONE':
-          if (isSocialSignIn) {
-            yield const AuthenticatedState();
-          } else {
-            yield* _checkUserVerification();
-          }
-          break;
-        default:
-          break;
-      }
     } on UserNotConfirmedException catch (e) {
       _exceptionController.add(AuthenticatorException(
         e.message ?? 'An unknown error occurred',
@@ -446,7 +499,8 @@ class StateMachineBloc {
     yield* const Stream.empty();
   }
 
-  Future<void> dispose() {
+  @override
+  Future<void> close() {
     return Future.wait<void>([
       _subscription.cancel(),
       _authStateController.close(),

packages/amplify_authenticator/lib/src/services/amplify_auth_service.dart

@@ -72,6 +72,8 @@ abstract class AuthService {
   Future<AmplifyConfig> waitForConfiguration();
 
   Future<void> rememberDevice();
+
+  Stream<AuthHubEvent> get hubEvents;
 }
 
 class AmplifyAuthService implements AuthService {
@@ -264,6 +266,10 @@ class AmplifyAuthService implements AuthService {
   Future<AmplifyConfig> waitForConfiguration() {
     return Amplify.asyncConfig;
   }
+
+  @override
+  Stream<AuthHubEvent> get hubEvents =>
+      Amplify.Hub.availableStreams[HubChannel.Auth]!.cast();
 }
 
 class GetAttributeVerificationStatusResult {

packages/amplify_authenticator/lib/src/state/authenticator_state.dart

@@ -382,11 +382,8 @@ class AuthenticatorState extends ChangeNotifier {
 
   /// Perform sicial sign in with the given provider
   Future<void> signInWithProvider(AuthProvider provider) async {
-    _setIsBusy(true);
     final signInData = AuthSocialSignInData(provider: provider);
     _authBloc.add(AuthSignIn(signInData));
-    await nextBlocEvent();
-    _setIsBusy(false);
   }
 
   /// Sign out the currecnt user

packages/amplify_authenticator/pubspec.yaml

@@ -12,6 +12,7 @@ dependencies:
   amplify_auth_cognito: ">=0.3.0 <0.6.0"
   amplify_core: ">=0.3.0 <0.6.0"
   amplify_flutter: ">=0.3.0 <0.6.0"
+  async: ^2.8.0
   aws_common: ^0.1.0
   collection: ^1.15.0
   flutter:
@@ -21,6 +22,7 @@ dependencies:
   intl: ^0.17.0
   meta: ^1.7.0
   smithy: ^0.1.0
+  stream_transform: ^2.0.0
 
 dev_dependencies:
   amplify_lints:

packages/amplify_authenticator/test/ui/tab_view_test.dart

@@ -248,15 +248,20 @@ void main() {
 
 class MockAuthViewModel extends Mock implements AuthenticatorState {}
 
-class MockBloc implements StateMachineBloc {
+class MockBloc
+    with AWSDebuggable, AmplifyLoggerMixin
+    implements StateMachineBloc {
+  @override
+  String get runtimeTypeName => 'MockBloc';
+
   @override
   void add(AuthEvent event) {}
 
   @override
   AuthState get currentState => UnauthenticatedState.signIn;
 
   @override
-  Future<void> dispose() async {}
+  Future<void> close() async {}
 
   @override
   Stream<AuthenticatorException> get exceptions => const Stream.empty();

packages/amplify_core/lib/src/config/auth/auth_config.dart

@@ -31,6 +31,34 @@ class AuthConfig extends AmplifyPluginConfigMap {
   factory AuthConfig.fromJson(Map<String, Object?> json) =>
       _$AuthConfigFromJson(json);
 
+  /// Creates an [AuthConfig] with the given Cognito configurations.
+  factory AuthConfig.cognito({
+    CognitoUserPoolConfig? userPoolConfig,
+    CognitoIdentityPoolConfig? identityPoolConfig,
+    CognitoOAuthConfig? hostedUiConfig,
+  }) =>
+      AuthConfig(
+        plugins: {
+          CognitoPluginConfig.pluginKey: CognitoPluginConfig(
+            auth: hostedUiConfig == null
+                ? null
+                : AWSConfigMap.withDefault(
+                    CognitoAuthConfig(oAuth: hostedUiConfig)),
+            cognitoUserPool: userPoolConfig == null
+                ? null
+                : AWSConfigMap.withDefault(userPoolConfig),
+            credentialsProvider: identityPoolConfig == null
+                ? null
+                : CredentialsProviders(
+                    AWSConfigMap({
+                      CognitoIdentityCredentialsProvider.configKey:
+                          AWSConfigMap.withDefault(identityPoolConfig),
+                    }),
+                  ),
+          ),
+        },
+      );
+
   /// The AWS Cognito plugin configuration, if available.
   @override
   CognitoPluginConfig? get awsPlugin =>

packages/amplify_core/lib/src/config/auth/cognito/credentials_provider.dart

@@ -17,6 +17,8 @@ import 'package:amplify_core/amplify_core.dart';
 
 part 'credentials_provider.g.dart';
 
+typedef CognitoIdentityPoolConfig = CognitoIdentityCredentialsProvider;
+
 class CredentialsProviders extends AWSConfigMap {
   const CredentialsProviders(
     Map<String, AWSSerializable> providers,
@@ -31,7 +33,7 @@ class CredentialsProviders extends AWSConfigMap {
           '${value.runtimeType} is not a Map',
         );
       }
-      if (key == 'CognitoIdentity') {
+      if (key == CognitoIdentityCredentialsProvider.configKey) {
         final configs = AWSConfigMap.fromJson(
           value,
           (json) =>
@@ -56,6 +58,8 @@ class CredentialsProviders extends AWSConfigMap {
 @zAwsSerializable
 class CognitoIdentityCredentialsProvider
     with AWSEquatable<CognitoIdentityCredentialsProvider>, AWSSerializable {
+  static const configKey = 'CognitoIdentity';
+
   final String poolId;
   final String region;
 

packages/amplify_core/lib/src/config/config_map.dart

@@ -71,10 +71,6 @@ class AWSConfigMap<T extends AWSSerializable> extends ConfigMap<T> {
   /// {@macro amplify_core.aws_config_map}
   const AWSConfigMap(this.configs);
 
-  /// All configurations.
-  @JsonKey(name: 'configs')
-  final Map<String, T> configs;
-
   factory AWSConfigMap.fromJson(
     Map<String, Object?> json,
     T Function(Object? json) fromJsonT,
@@ -84,8 +80,19 @@ class AWSConfigMap<T extends AWSSerializable> extends ConfigMap<T> {
         fromJsonT,
       );
 
+  /// Creates an [AWSConfigMap] with a single, default, [value].
+  factory AWSConfigMap.withDefault(T value) => AWSConfigMap({
+        _defaultKey: value,
+      });
+
+  static const _defaultKey = 'Default';
+
+  /// All configurations.
+  @JsonKey(name: 'configs')
+  final Map<String, T> configs;
+
   @override
-  T? get default$ => this['Default'];
+  T? get default$ => this[_defaultKey];
 
   @override
   AWSConfigMap<T> copy() => AWSConfigMap(Map.of(configs));