chore(auth): Refresh Token Rotation Test Fix (#4055)

* removed usage of old refresh token, updated test case to properly check for invalidTokens error in case the API returns a null token

* updated authfetchsigninsession tests to use GetTokenFromRefreshToken in mock clients

* updated further tests to use new API as well as auth hub event handler tests

* updated RefreshUserPoolTokens to use GetTokensFromRefreshToken API to enable refresh token rotation, also updated test mock clients and added unit tests

* removed refreshAuth function from initiateAuthInput

* reintroduced ternary operator to fallback to previous token if a null token is returned

* fixed ternary operator location

* removed unnecessary test since we don't set tokens to nil anymore

Author: ekjotmultani

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/RefreshAuthorizationSession/UserPool/RefreshUserPoolTokens.swift

@@ -62,8 +62,7 @@ struct RefreshUserPoolTokens: Action {
 
             guard let authenticationResult = response?.authenticationResult,
                 let idToken = authenticationResult.idToken,
-                let accessToken = authenticationResult.accessToken,
-                let refreshToken = authenticationResult.refreshToken
+                let accessToken = authenticationResult.accessToken
             else {
                 let event = RefreshSessionEvent(eventType: .throwError(.invalidTokens))
                 await dispatcher.send(event)
@@ -74,7 +73,7 @@ struct RefreshUserPoolTokens: Action {
             let userPoolTokens = AWSCognitoUserPoolTokens(
                 idToken: idToken,
                 accessToken: accessToken,
-                refreshToken: refreshToken
+                refreshToken: authenticationResult.refreshToken ?? existingTokens.refreshToken
             )
 
             let signedInData = SignedInData(

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/ActionTests/FetchAuthSession/FetchUserPoolTokens/RefreshUserPoolTokensTests.swift

@@ -185,43 +185,6 @@ class RefreshUserPoolTokensTests: XCTestCase {
                 userPoolFactory: identityProviderFactory)
         )
 
-        await fulfillment(
-            of: [expectation],
-            timeout: 0.1
-        )
-    }
-    func testRefreshTokenMissing() async {
-
-        let expectation = expectation(description: "refreshTokenMissing")
-        let identityProviderFactory: BasicSRPAuthEnvironment.CognitoUserPoolFactory = {
-            MockIdentityProvider(
-                mockGetTokensFromRefreshTokenResponse: { _ in
-                    return GetTokensFromRefreshTokenOutput(
-                        authenticationResult: .init(
-                            accessToken: "accessTokenNew",
-                            expiresIn: 100,
-                            idToken: "idTokenNew",
-                            refreshToken: nil))
-                }
-            )
-        }
-
-        let action = RefreshUserPoolTokens(existingSignedIndata: .testData)
-
-        await action.execute(
-            withDispatcher: MockDispatcher { event in
-
-                if let userPoolEvent = event as? RefreshSessionEvent,
-                    case let .throwError(error) = userPoolEvent.eventType
-                {
-                    XCTAssertEqual(error, .invalidTokens)
-                    expectation.fulfill()
-                }
-            },
-            environment: Defaults.makeDefaultAuthEnvironment(
-                userPoolFactory: identityProviderFactory)
-        )
-
         await fulfillment(
             of: [expectation],
             timeout: 0.1