fix(Auth): Refactor the expires in logic of the authentication result (#3114)

Author: harsh62

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/RefreshAuthorizationSession/UserPool/RefreshHostedUITokens.swift

@@ -97,13 +97,12 @@ struct RefreshHostedUITokens: Action {
             throw FetchSessionError.service(error)
 
         } else if let idToken = json["id_token"] as? String,
-                  let accessToken = json["access_token"] as? String,
-                  let expiresIn = json["expires_in"] as? Int {
+                  let accessToken = json["access_token"] as? String {
             let userPoolTokens = AWSCognitoUserPoolTokens(
                 idToken: idToken,
                 accessToken: accessToken,
                 refreshToken: existingSignedIndata.cognitoUserPoolTokens.refreshToken,
-                expiresIn: expiresIn)
+                expiresIn: json["expires_in"] as? Int)
             return SignedInData(
                 signedInDate: existingSignedIndata.signedInDate,
                 signInMethod: existingSignedIndata.signInMethod,

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/HostedUI/FetchHostedUISignInToken.swift

@@ -81,13 +81,12 @@ struct FetchHostedUISignInToken: Action {
 
         } else if let idToken = json["id_token"] as? String,
                   let accessToken = json["access_token"] as? String,
-                  let refreshToken = json["refresh_token"] as? String,
-                  let expiresIn = json["expires_in"] as? Int {
+                  let refreshToken = json["refresh_token"] as? String {
             let userPoolTokens = AWSCognitoUserPoolTokens(
                 idToken: idToken,
                 accessToken: accessToken,
                 refreshToken: refreshToken,
-                expiresIn: expiresIn)
+                expiresIn: json["expires_in"] as? Int)
             let signedInData = SignedInData(
                 signedInDate: Date(),
                 signInMethod: .hostedUI(result.options),

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Models/AWSCognitoUserPoolTokens.swift

@@ -16,8 +16,10 @@ public struct AWSCognitoUserPoolTokens: AuthCognitoTokens {
 
     public let refreshToken: String
 
+    @available(*, deprecated, message: "Use of `expiration` is deprecated, use `exp` claim in the `idToken` or `accessToken` for expiries")
     public let expiration: Date
 
+    @available(*, deprecated, message: "Use of `init(idToken,accessToken,refreshToken:expiresIn)` is deprecated, use `exp` claim in the `idToken` or `accessToken` instead")
     public init(idToken: String,
                 accessToken: String,
                 refreshToken: String,
@@ -28,6 +30,7 @@ public struct AWSCognitoUserPoolTokens: AuthCognitoTokens {
         self.expiration = Date().addingTimeInterval(TimeInterval(expiresIn))
     }
 
+    @available(*, deprecated, message: "Use of `init(idToken,accessToken,refreshToken:expiration)` is deprecated, use `exp` claim in the `idToken` or `accessToken` instead")
     public init(idToken: String,
                 accessToken: String,
                 refreshToken: String,
@@ -38,6 +41,37 @@ public struct AWSCognitoUserPoolTokens: AuthCognitoTokens {
         self.expiration = expiration
     }
 
+    init(idToken: String,
+         accessToken: String,
+         refreshToken: String,
+         expiresIn: Int? = nil) {
+
+        self.idToken = idToken
+        self.accessToken = accessToken
+        self.refreshToken = refreshToken
+
+        if let expiresIn =  expiresIn {
+            self.expiration = Date().addingTimeInterval(TimeInterval(expiresIn))
+        } else {
+            let expirationDoubleValue: Double
+            let idTokenExpiration = try? AWSAuthService().getTokenClaims(tokenString: idToken).get()["exp"]?.doubleValue
+            let accessTokenExpiration = try? AWSAuthService().getTokenClaims(tokenString: accessToken).get()["exp"]?.doubleValue
+
+            switch (idTokenExpiration, accessTokenExpiration) {
+            case (.some(let idTokenValue), .some(let accessTokenValue)):
+                expirationDoubleValue = min(idTokenValue, accessTokenValue)
+            case (.none, .some(let accessTokenValue)):
+                expirationDoubleValue = accessTokenValue
+            case (.some(let idTokenValue), .none):
+                expirationDoubleValue = idTokenValue
+            case (.none, .none):
+                expirationDoubleValue = 0
+            }
+
+            self.expiration = Date().addingTimeInterval(TimeInterval((expirationDoubleValue ?? 0)))
+        }
+    }
+    
 }
 
 extension AWSCognitoUserPoolTokens: Equatable { }

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/Mocks/MockData/AWSCognitoUserPoolTokens+Mock.swift

@@ -6,7 +6,7 @@
 //
 
 import Foundation
-import AWSCognitoAuthPlugin
+@testable import AWSCognitoAuthPlugin
 
 extension AWSCognitoUserPoolTokens {
 
@@ -40,4 +40,17 @@ extension AWSCognitoUserPoolTokens {
             refreshToken: "refreshToken",
             expiresIn: 121)
     }
+
+    static var testDataWithoutExp: AWSCognitoUserPoolTokens {
+        let tokenDataWithoutExp = [
+            "sub": "1234567890",
+            "username": "John Doe",
+            "iat": "1516239022"
+        ]
+        return AWSCognitoUserPoolTokens(
+            idToken: CognitoAuthTestHelper.buildToken(for: tokenDataWithoutExp),
+            accessToken: CognitoAuthTestHelper.buildToken(for: tokenDataWithoutExp),
+            refreshToken: "refreshToken",
+            expiresIn: nil)
+    }
 }

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/TaskTests/HostedUITests/AWSAuthHostedUISignInTests.swift

@@ -88,6 +88,60 @@ class AWSAuthHostedUISignInTests: XCTestCase {
         XCTAssertTrue(result.isSignedIn)
     }
 
+    @MainActor
+    func testSuccessfulSignIn_missingExpiresIn() async throws {
+        mockTokenResult = ["id_token": AWSCognitoUserPoolTokens.testData.idToken,
+                           "access_token": AWSCognitoUserPoolTokens.testData.accessToken,
+                           "refresh_token": AWSCognitoUserPoolTokens.testData.refreshToken] as [String: Any]
+        mockJson = try! JSONSerialization.data(withJSONObject: mockTokenResult)
+        MockURLProtocol.requestHandler = { _ in
+            return (HTTPURLResponse(), self.mockJson)
+        }
+
+        mockHostedUIResult = .success([
+            .init(name: "state", value: mockState),
+            .init(name: "code", value: mockProof)
+        ])
+        let result = try await plugin.signInWithWebUI(presentationAnchor: ASPresentationAnchor(), options: nil)
+        XCTAssertTrue(result.isSignedIn)
+    }
+
+    @MainActor
+    func testSuccessfulSignIn_missingExpiresIn_testTokenMissingExp() async throws {
+        mockTokenResult = ["id_token": AWSCognitoUserPoolTokens.testDataWithoutExp.idToken,
+                           "access_token": AWSCognitoUserPoolTokens.testData.accessToken,
+                           "refresh_token": AWSCognitoUserPoolTokens.testData.refreshToken] as [String: Any]
+        mockJson = try! JSONSerialization.data(withJSONObject: mockTokenResult)
+        MockURLProtocol.requestHandler = { _ in
+            return (HTTPURLResponse(), self.mockJson)
+        }
+
+        mockHostedUIResult = .success([
+            .init(name: "state", value: mockState),
+            .init(name: "code", value: mockProof)
+        ])
+        let result = try await plugin.signInWithWebUI(presentationAnchor: ASPresentationAnchor(), options: nil)
+        XCTAssertTrue(result.isSignedIn)
+    }
+
+    @MainActor
+    func testSuccessfulSignIn_missingExpiresIn_testBothTokenMissingExp() async throws {
+        mockTokenResult = ["id_token": AWSCognitoUserPoolTokens.testDataWithoutExp.idToken,
+                           "access_token": AWSCognitoUserPoolTokens.testDataWithoutExp.accessToken,
+                           "refresh_token": AWSCognitoUserPoolTokens.testData.refreshToken] as [String: Any]
+        mockJson = try! JSONSerialization.data(withJSONObject: mockTokenResult)
+        MockURLProtocol.requestHandler = { _ in
+            return (HTTPURLResponse(), self.mockJson)
+        }
+
+        mockHostedUIResult = .success([
+            .init(name: "state", value: mockState),
+            .init(name: "code", value: mockProof)
+        ])
+        let result = try await plugin.signInWithWebUI(presentationAnchor: ASPresentationAnchor(), options: nil)
+        XCTAssertTrue(result.isSignedIn)
+    }
+
     @MainActor
     func testUserCancelSignIn() async {
         mockHostedUIResult = .failure(.cancelled)