release(required): Amplify JS release (#14271)

Author: HuiSF

packages/auth/__tests__/providers/cognito/credentialsProvider.test.ts renamed to packages/auth/__tests__/providers/cognito/credentialsProvider/credentialsProvider.test.ts

@@ -11,18 +11,17 @@ import {
 import {
 	CognitoAWSCredentialsAndIdentityIdProvider,
 	DefaultIdentityIdStore,
-} from '../../../src/providers/cognito';
-import { AuthError } from '../../../src/errors/AuthError';
-
-import { authAPITestParams } from './testUtils/authApiTestParams';
+} from '../../../../src/providers/cognito';
+import { AuthError } from '../../../../src/errors/AuthError';
+import { authAPITestParams } from '../testUtils/authApiTestParams';
 
 jest.mock('@aws-amplify/core', () => ({
 	...jest.requireActual('@aws-amplify/core'),
 	getCredentialsForIdentity: jest.fn(),
 }));
 
 jest.mock(
-	'./../../../src/providers/cognito/credentialsProvider/IdentityIdProvider',
+	'./../../../../src/providers/cognito/credentialsProvider/IdentityIdProvider',
 	() => ({
 		cognitoIdentityIdProvider: jest
 			.fn()
@@ -70,18 +69,20 @@ describe('Guest Credentials', () => {
 
 	describe('Happy Path Cases:', () => {
 		beforeEach(() => {
+			const identityIdStore = new DefaultIdentityIdStore(sharedInMemoryStorage);
+			identityIdStore.setAuthConfig(validAuthConfig.Auth!);
 			cognitoCredentialsProvider =
-				new CognitoAWSCredentialsAndIdentityIdProvider(
-					new DefaultIdentityIdStore(sharedInMemoryStorage),
-				);
+				new CognitoAWSCredentialsAndIdentityIdProvider(identityIdStore);
 			credentialsForIdentityIdSpy.mockImplementationOnce(async () => {
 				return authAPITestParams.CredentialsForIdentityIdResult as GetCredentialsForIdentityOutput;
 			});
 		});
+
 		afterEach(() => {
 			cognitoCredentialsProvider.clearCredentials();
 			credentialsForIdentityIdSpy?.mockReset();
 		});
+
 		test('Should call identityIdClient with no logins to obtain guest creds', async () => {
 			const res = await cognitoCredentialsProvider.getCredentialsAndIdentityId({
 				authenticated: false,
@@ -138,6 +139,7 @@ describe('Guest Credentials', () => {
 		afterAll(() => {
 			credentialsForIdentityIdSpy?.mockReset();
 		});
+
 		test('Should not throw AuthError when allowGuestAccess is false in the config', async () => {
 			expect(
 				await cognitoCredentialsProvider.getCredentialsAndIdentityId({
@@ -146,6 +148,7 @@ describe('Guest Credentials', () => {
 				}),
 			).toBe(undefined);
 		});
+
 		test('Should not throw AuthError when there is no Cognito object in the config', async () => {
 			expect(
 				await cognitoCredentialsProvider.getCredentialsAndIdentityId({
@@ -161,31 +164,47 @@ describe('Primary Credentials', () => {
 	let cognitoCredentialsProvider: CognitoAWSCredentialsAndIdentityIdProvider;
 	describe('Happy Path Cases:', () => {
 		beforeEach(() => {
+			const identityIdStore = new DefaultIdentityIdStore(sharedInMemoryStorage);
+			identityIdStore.setAuthConfig(validAuthConfig.Auth!);
 			cognitoCredentialsProvider =
-				new CognitoAWSCredentialsAndIdentityIdProvider(
-					new DefaultIdentityIdStore(sharedInMemoryStorage),
-				);
+				new CognitoAWSCredentialsAndIdentityIdProvider(identityIdStore);
 			credentialsForIdentityIdSpy.mockImplementation(async () => {
 				return authAPITestParams.CredentialsForIdentityIdResult as GetCredentialsForIdentityOutput;
 			});
 		});
+
 		afterEach(() => {
 			cognitoCredentialsProvider.clearCredentials();
 			credentialsForIdentityIdSpy?.mockReset();
 		});
+
 		test('Should call identityIdClient with the logins map to obtain primary creds', async () => {
 			const res = await cognitoCredentialsProvider.getCredentialsAndIdentityId({
 				authenticated: true,
 				authConfig: validAuthConfig.Auth!,
 				tokens: authAPITestParams.ValidAuthTokens,
 			});
-			expect(res?.credentials.accessKeyId).toEqual(
-				authAPITestParams.CredentialsForIdentityIdResult.Credentials
-					.AccessKeyId,
-			);
+			expect(res).toMatchObject({
+				credentials: {
+					accessKeyId:
+						authAPITestParams.CredentialsForIdentityIdResult.Credentials
+							.AccessKeyId,
+					expiration:
+						authAPITestParams.CredentialsForIdentityIdResult.Credentials
+							.Expiration,
+					secretAccessKey:
+						authAPITestParams.CredentialsForIdentityIdResult.Credentials
+							.SecretKey,
+					sessionToken:
+						authAPITestParams.CredentialsForIdentityIdResult.Credentials
+							.SessionToken,
+				},
+				identityId: authAPITestParams.CredentialsForIdentityIdResult.IdentityId,
+			});
 
 			expect(credentialsForIdentityIdSpy).toHaveBeenCalledTimes(1);
 		});
+
 		test('in-memory primary creds are returned if not expired and not past TTL', async () => {
 			await cognitoCredentialsProvider.getCredentialsAndIdentityId({
 				authenticated: true,
@@ -212,6 +231,7 @@ describe('Primary Credentials', () => {
 			// expecting to be called only once becasue in-memory creds should be returned
 			expect(credentialsForIdentityIdSpy).toHaveBeenCalledTimes(1);
 		});
+
 		test('Should get new credentials when tokens have changed', async () => {
 			await cognitoCredentialsProvider.getCredentialsAndIdentityId({
 				authenticated: true,
@@ -240,19 +260,23 @@ describe('Primary Credentials', () => {
 			expect(credentialsForIdentityIdSpy).toHaveBeenCalledTimes(2);
 		});
 	});
+
 	describe('Error Path Cases:', () => {
 		beforeEach(() => {
 			cognitoCredentialsProvider =
 				new CognitoAWSCredentialsAndIdentityIdProvider(
 					new DefaultIdentityIdStore(sharedInMemoryStorage),
 				);
 		});
+
 		afterEach(() => {
 			cognitoCredentialsProvider.clearCredentials();
 		});
+
 		afterAll(() => {
 			credentialsForIdentityIdSpy?.mockReset();
 		});
+
 		test('Should throw AuthError if either Credentials, accessKeyId or secretKey is absent in the response', async () => {
 			credentialsForIdentityIdSpy.mockImplementationOnce(async () => {
 				return authAPITestParams.NoAccessKeyCredentialsForIdentityIdResult as GetCredentialsForIdentityOutput;

packages/auth/__tests__/providers/cognito/identityIdProvider.test.ts renamed to packages/auth/__tests__/providers/cognito/credentialsProvider/identityIdProvider.test.ts

@@ -8,17 +8,18 @@ import {
 } from '@aws-amplify/core/internals/aws-clients/cognitoIdentity';
 import { CognitoIdentityPoolConfig } from '@aws-amplify/core/internals/utils';
 
-import { DefaultIdentityIdStore } from '../../../src/providers/cognito/credentialsProvider/IdentityIdStore';
-import { cognitoIdentityIdProvider } from '../../../src/providers/cognito/credentialsProvider/IdentityIdProvider';
-
-import { authAPITestParams } from './testUtils/authApiTestParams';
+import { DefaultIdentityIdStore } from '../../../../src/providers/cognito/credentialsProvider/IdentityIdStore';
+import { cognitoIdentityIdProvider } from '../../../../src/providers/cognito/credentialsProvider/IdentityIdProvider';
+import { authAPITestParams } from '../testUtils/authApiTestParams';
 
 jest.mock('@aws-amplify/core', () => ({
 	...jest.requireActual('@aws-amplify/core'),
 	getId: jest.fn(),
 }));
 jest.mock('@aws-amplify/core/internals/aws-clients/cognitoIdentity');
-jest.mock('../../../src/providers/cognito/credentialsProvider/IdentityIdStore');
+jest.mock(
+	'../../../../src/providers/cognito/credentialsProvider/IdentityIdStore',
+);
 
 const ampConfig: ResourcesConfig = {
 	Auth: {
@@ -140,4 +141,59 @@ describe('Cognito IdentityId Provider Happy Path Cases:', () => {
 		).toBe(authAPITestParams.PrimaryIdentityId.id);
 		expect(mockGetId).toHaveBeenCalledTimes(1);
 	});
+	test('Should return the identityId irresspective of the type if present', async () => {
+		mockDefaultIdentityIdStoreInstance.loadIdentityId.mockImplementationOnce(
+			async () => {
+				return authAPITestParams.PrimaryIdentityId as Identity;
+			},
+		);
+		expect(
+			await cognitoIdentityIdProvider({
+				tokens: authAPITestParams.ValidAuthTokens,
+				authConfig: {
+					identityPoolId: 'XXXXXXXXXXXXXXXXX',
+				},
+				identityIdStore: mockDefaultIdentityIdStoreInstance,
+			}),
+		).toBe(authAPITestParams.PrimaryIdentityId.id);
+
+		mockDefaultIdentityIdStoreInstance.loadIdentityId.mockImplementationOnce(
+			async () => {
+				return authAPITestParams.GuestIdentityId as Identity;
+			},
+		);
+		expect(
+			await cognitoIdentityIdProvider({
+				tokens: authAPITestParams.ValidAuthTokens,
+				authConfig: {
+					identityPoolId: 'XXXXXXXXXXXXXXXXX',
+				},
+				identityIdStore: mockDefaultIdentityIdStoreInstance,
+			}),
+		).toBe(authAPITestParams.GuestIdentityId.id);
+		expect(mockGetId).toHaveBeenCalledTimes(0);
+	});
+	test('Should fetch from Cognito when there is no identityId cached', async () => {
+		mockDefaultIdentityIdStoreInstance.loadIdentityId.mockImplementationOnce(
+			async () => {
+				return undefined;
+			},
+		);
+		mockDefaultIdentityIdStoreInstance.storeIdentityId.mockImplementationOnce(
+			async (identity: Identity) => {
+				expect(identity.id).toBe(authAPITestParams.PrimaryIdentityId.id);
+				expect(identity.type).toBe(authAPITestParams.PrimaryIdentityId.type);
+			},
+		);
+		expect(
+			await cognitoIdentityIdProvider({
+				tokens: authAPITestParams.ValidAuthTokens,
+				authConfig: {
+					identityPoolId: 'us-east-1:test-id',
+				},
+				identityIdStore: mockDefaultIdentityIdStoreInstance,
+			}),
+		).toBe(authAPITestParams.PrimaryIdentityId.id);
+		expect(mockGetId).toHaveBeenCalledTimes(1);
+	});
 });

packages/auth/__tests__/providers/cognito/testUtils/authApiTestParams.ts

@@ -149,6 +149,8 @@ export const authAPITestParams = {
 			SessionToken: 'SessionToken',
 			Expiration: new Date('2023-07-29'),
 		},
+		IdentityId:
+			'I am expected to be returned as a part of the result as I am the source of truth',
 		$metadata: {},
 	},
 	NoAccessKeyCredentialsForIdentityIdResult: {

packages/auth/__tests__/providers/cognito/utils/oauth/completeOAuthFlow.test.ts

@@ -151,6 +151,8 @@ describe('completeOAuthFlow', () => {
 				token_type: 'token_type',
 				expires_in: 'expires_in',
 			};
+			const executionOrder: string[] = [];
+
 			mockValidateState.mockReturnValueOnce('myState-valid_state');
 			(oAuthStore.loadPKCE as jest.Mock).mockResolvedValueOnce('pkce23234a');
 			const mockJsonMethod = jest.fn(() => Promise.resolve(expectedTokens));
@@ -162,6 +164,12 @@ describe('completeOAuthFlow', () => {
 			mockFetch.mockResolvedValueOnce({
 				json: mockJsonMethod,
 			});
+			mockReplaceState.mockImplementation((..._args) =>
+				executionOrder.push('replaceState'),
+			);
+			mockHubDispatch.mockImplementation(() =>
+				executionOrder.push('hubDispatch'),
+			);
 
 			await completeOAuthFlow(testInput);
 
@@ -180,17 +188,27 @@ describe('completeOAuthFlow', () => {
 				TokenType: expectedTokens.token_type,
 				ExpiresIn: expectedTokens.expires_in,
 			});
+
+			expect(oAuthStore.clearOAuthData).toHaveBeenCalledTimes(1);
+			expect(oAuthStore.storeOAuthSignIn).toHaveBeenCalledWith(true, undefined);
+
+			expect(mockResolveAndClearInflightPromises).toHaveBeenCalledTimes(1);
+
 			expect(mockReplaceState).toHaveBeenCalledWith(
 				'http://localhost:3000/?code=aaaa-111-222&state=aaaaa',
 				'',
 				testInput.redirectUri,
 			);
 
-			expect(oAuthStore.clearOAuthData).toHaveBeenCalledTimes(1);
-			expect(oAuthStore.storeOAuthSignIn).toHaveBeenCalledWith(true, undefined);
-
 			expect(mockHubDispatch).toHaveBeenCalledTimes(3);
-			expect(mockResolveAndClearInflightPromises).toHaveBeenCalledTimes(1);
+
+			// Verify we replace browser tab location before dispatching hub events
+			expect(executionOrder).toEqual([
+				'replaceState',
+				'hubDispatch',
+				'hubDispatch',
+				'hubDispatch',
+			]);
 		});
 
 		it('throws when `fetch` call resolves error', async () => {

packages/auth/src/providers/cognito/credentialsProvider/IdentityIdProvider.ts

@@ -1,7 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-import { AuthTokens, ConsoleLogger, Identity, getId } from '@aws-amplify/core';
+import { AuthTokens, Identity, getId } from '@aws-amplify/core';
 import { CognitoIdentityPoolConfig } from '@aws-amplify/core/internals/utils';
 
 import { AuthError } from '../../../errors/AuthError';
@@ -11,7 +11,6 @@ import { GetIdException } from '../types/errors';
 import { IdentityIdStore } from './types';
 import { formLoginsMap } from './utils';
 
-const logger = new ConsoleLogger('CognitoIdentityIdProvider');
 /**
  * Provides a Cognito identityId
  *
@@ -33,46 +32,22 @@ export async function cognitoIdentityIdProvider({
 	identityIdStore.setAuthConfig({ Cognito: authConfig });
 
 	// will return null only if there is no identityId cached or if there is an error retrieving it
-	let identityId: Identity | null = await identityIdStore.loadIdentityId();
+	const identityId: Identity | null = await identityIdStore.loadIdentityId();
 
-	// Tokens are available so return primary identityId
-	if (tokens) {
-		// If there is existing primary identityId in-memory return that
-		if (identityId && identityId.type === 'primary') {
-			return identityId.id;
-		} else {
-			const logins = tokens.idToken
-				? formLoginsMap(tokens.idToken.toString())
-				: {};
-
-			const generatedIdentityId = await generateIdentityId(logins, authConfig);
-
-			if (identityId && identityId.id === generatedIdentityId) {
-				logger.debug(
-					`The guest identity ${identityId.id} has become the primary identity.`,
-				);
-			}
-			identityId = {
-				id: generatedIdentityId,
-				type: 'primary',
-			};
-		}
-	} else {
-		// If there is existing guest identityId cached return that
-		if (identityId && identityId.type === 'guest') {
-			return identityId.id;
-		} else {
-			identityId = {
-				id: await generateIdentityId({}, authConfig),
-				type: 'guest',
-			};
-		}
+	if (identityId) {
+		return identityId.id;
 	}
+	const logins = tokens?.idToken
+		? formLoginsMap(tokens.idToken.toString())
+		: {};
+	const generatedIdentityId = await generateIdentityId(logins, authConfig);
+	// Store generated identityId
+	identityIdStore.storeIdentityId({
+		id: generatedIdentityId,
+		type: tokens ? 'primary' : 'guest',
+	});
 
-	// Store in-memory or local storage depending on guest or primary identityId
-	identityIdStore.storeIdentityId(identityId);
-
-	return identityId.id;
+	return generatedIdentityId;
 }
 
 async function generateIdentityId(