Reconfigure when fetching auth session if sharing keychain

yaroluchko · yaroluchko · commit af6f9c0010dc · 2024-08-12T16:25:20.000-07:00
diff --git a/Amplify/Categories/Auth/Request/AuthFetchSessionRequest.swift b/Amplify/Categories/Auth/Request/AuthFetchSessionRequest.swift
@@ -12,10 +12,14 @@ public struct AuthFetchSessionRequest: AmplifyOperationRequest {
 
     /// Extra request options defined in `AuthFetchSessionRequest.Options`
     public var options: Options
+    
+    /// forceReconfigure flag when true will reconfigure the auth state machine.
+    /// Should be used when sharing credentials via access group
+    public let forceReconfigure: Bool
 
-    public init(options: Options) {
-
+    public init(options: Options, forceReconfigure: Bool = false) {
         self.options = options
+        self.forceReconfigure = forceReconfigure
     }
 }
 
diff --git a/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/ClientBehavior/AWSCognitoAuthPlugin+ClientBehavior.swift b/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/ClientBehavior/AWSCognitoAuthPlugin+ClientBehavior.swift
@@ -112,9 +112,9 @@ extension AWSCognitoAuthPlugin: AuthCategoryBehavior {
     }
 
     public func fetchAuthSession(options: AuthFetchSessionRequest.Options?) async throws -> AuthSession {
-        let options = options ?? AuthFetchSessionRequest.Options()
-        let request = AuthFetchSessionRequest(options: options)
-        let task = AWSAuthFetchSessionTask(request, authStateMachine: authStateMachine)
+        var options = options ?? AuthFetchSessionRequest.Options()
+        let request = AuthFetchSessionRequest(options: options, forceReconfigure: secureStoragePreferences?.accessGroup?.name != nil)
+        let task = AWSAuthFetchSessionTask(request, authStateMachine: authStateMachine, configuration: authConfiguration)
         return try await taskQueue.sync {
             return try await task.value
         } as! AuthSession
diff --git a/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Models/AWSCognitoSecureStoragePreferences.swift b/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Models/AWSCognitoSecureStoragePreferences.swift
@@ -12,11 +12,8 @@ public struct AWSCognitoSecureStoragePreferences {
 
     /// The access group that the keychain will use for auth items
     public let accessGroup: AccessGroup?
-    
-    public let migrateKeychainItemsOfUserSession: Bool
 
-    public init(accessGroup: AccessGroup? = nil, migrateKeychainItemsOfUserSession: Bool = true) {
+    public init(accessGroup: AccessGroup? = nil) {
         self.accessGroup = accessGroup
-        self.migrateKeychainItemsOfUserSession = migrateKeychainItemsOfUserSession
     }
 }
diff --git a/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/AWSAuthFetchSessionTask.swift b/AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/AWSAuthFetchSessionTask.swift
@@ -13,20 +13,28 @@ class AWSAuthFetchSessionTask: AuthFetchSessionTask, DefaultLogger {
     private let authStateMachine: AuthStateMachine
     private let fetchAuthSessionHelper: FetchAuthSessionOperationHelper
     private let taskHelper: AWSAuthTaskHelper
+    private let configuration: AuthConfiguration
 
     var eventName: HubPayloadEventName {
         HubPayload.EventName.Auth.fetchSessionAPI
     }
 
-    init(_ request: AuthFetchSessionRequest, authStateMachine: AuthStateMachine) {
+    init(_ request: AuthFetchSessionRequest, authStateMachine: AuthStateMachine, configuration: AuthConfiguration) {
         self.request = request
         self.authStateMachine = authStateMachine
         self.fetchAuthSessionHelper = FetchAuthSessionOperationHelper()
         self.taskHelper = AWSAuthTaskHelper(authStateMachine: authStateMachine)
+        self.configuration = configuration
     }
 
     func execute() async throws -> AuthSession {
         log.verbose("Starting execution")
+        let doesNeedForceReconfigure = request.forceReconfigure
+        if doesNeedForceReconfigure {
+            log.verbose("Reconfiguring for keychain sharing")
+            let event = AuthEvent(eventType: .reconfigure(configuration))
+            await authStateMachine.send(event)
+        }
         await taskHelper.didStateMachineConfigured()
         let doesNeedForceRefresh = request.options.forceRefresh
         return try await fetchAuthSessionHelper.fetch(authStateMachine,

Original file line number	Diff line number	Diff line change
`@@ -12,10 +12,14 @@ public struct AuthFetchSessionRequest: AmplifyOperationRequest {`
`12`	`12`
`13`	`13`	/// Extra request options defined in `AuthFetchSessionRequest.Options`
`14`	`14`	`public var options: Options`
	`15`	`+`
	`16`	`+ /// forceReconfigure flag when true will reconfigure the auth state machine.`
	`17`	`+ /// Should be used when sharing credentials via access group`
	`18`	`+ public let forceReconfigure: Bool`
`15`	`19`
`16`		`- public init(options: Options) {`
`17`		`-`
	`20`	`+ public init(options: Options, forceReconfigure: Bool = false) {`
`18`	`21`	`self.options = options`
	`22`	`+ self.forceReconfigure = forceReconfigure`
`19`	`23`	`}`
`20`	`24`	`}`
`21`	`25`
Original file line number	Diff line number	Diff line change
`@@ -12,11 +12,8 @@ public struct AWSCognitoSecureStoragePreferences {`
`12`	`12`
`13`	`13`	`/// The access group that the keychain will use for auth items`
`14`	`14`	`public let accessGroup: AccessGroup?`
`15`		`-`
`16`		`- public let migrateKeychainItemsOfUserSession: Bool`
`17`	`15`
`18`		`- public init(accessGroup: AccessGroup? = nil, migrateKeychainItemsOfUserSession: Bool = true) {`
	`16`	`+ public init(accessGroup: AccessGroup? = nil) {`
`19`	`17`	`self.accessGroup = accessGroup`
`20`		`- self.migrateKeychainItemsOfUserSession = migrateKeychainItemsOfUserSession`
`21`	`18`	`}`
`22`	`19`	`}`