signOut CognitoSignOutResult different behavior on iOS and Android

[lokalathlet]

Description

The "signedOutLocally" result in airplane Mode is different on iOS (false) and Android (true).
My expectation is, that I can signOut successful on both environments -> "signedOutLocally": true

See the logs for iOS and Android:
iOS:
`┌──────────────────────────────────────────────────────────────────────────────────────────────────────────────

    │ [debug] | 13:12:12 481ms | ::signOut result: CognitoSignOutResult {

    │   "exception": "NetworkException {\n  \"message\": \"The request failed due to a network error.\",\n  \"recoverySuggestion\": \"Ensure that you have an active network connection\",\n  \"underlyingException\": \"POST https://cognito-idp.eu-central-1.amazonaws.com/? failed: SocketException: Failed host lookup: 'cognito-idp.eu-central-1.amazonaws.com' (OS Error: nodename nor servname provided, or not known, errno = 8)\"\n}",

    │   "signedOutLocally": false

    │ }

    └──────────────────────────────────────────────────────────────────────────────────────────────────────────────

Android:
┌──────────────────────────────────────────────────────────────────────────────────────────────────────────────

I/flutter ( 4454): │ [debug] | 13:30:42 760ms | ::signOut result: CognitoSignOutResult {

I/flutter ( 4454): │ "hostedUiException": "HostedUiException {\n "message": "Failed to perform Hosted UI sign out",\n "recoverySuggestion": "See underlyingException for more details",\n "underlyingException": "PlatformException(CANCELLED, com.amazonaws.amplify.amplify_auth_cognito.HostedUiException$CANCELLED, Cause: null, Stacktrace: com.amazonaws.amplify.amplify_auth_cognito.HostedUiException$CANCELLED\n\tat com.amazonaws.amplify.amplify_auth_cognito.AmplifyAuthCognitoPlugin.cancelCurrentOperation(AmplifyAuthCognitoPlugin.kt:587)\n\tat com.amazonaws.amplify.amplify_auth_cognito.AmplifyAuthCognitoPlugin.onNewIntent(AmplifyAuthCognitoPlugin.kt:542)\n\tat io.flutter.embedding.engine.FlutterEngineConnectionRegistry$FlutterEngineActivityPluginBinding.onNewIntent(FlutterEngineConnectionRegistry.java:799)\n\tat io.flutter.embedding.engine.FlutterEngineConnectionRegistry.onNewIntent(FlutterEngineConnectionRegistry.java:437)\n\tat io.flutter.embedding.android.FlutterActivityAndFragmentDelegate.on

I/flutter ( 4454): │ "globalSignOutException": null,

I/flutter ( 4454): │ "revokeTokenException": "RevokeTokenException {\n "message": "Failed to revoke token",\n "recoverySuggestion": "See underlyingException for more details",\n "underlyingException": "NetworkException {\n \"message\": \"The request failed due to a network error.\",\n \"recoverySuggestion\": \"Ensure that you have an active network connection\",\n \"underlyingException\": \"POST https://cognito-idp.eu-central-1.amazonaws.com/? failed: SocketException: Failed host lookup: 'cognito-idp.eu-central-1.amazonaws.com' (OS Error: No address associated with hostname, errno = 7)\"\n}"\n}",

I/flutter ( 4454): │ "signedOutLocally": true

I/flutter ( 4454): │ }

I/flutter ( 4454): └──────────────────────────────────────────────────────────────────────────────────────────────────────────────
`

Categories

• Analytics
• API (REST)
• API (GraphQL)
• Auth
• Authenticator
• DataStore
• Notifications (Push)
• Storage

Steps to Reproduce

1. SignIn successfully
2. AirPlane Mode on
3. SignOut

Screenshots

No response

Platforms

• iOS
• Android
• Web
• macOS
• Windows
• Linux

Flutter Version

3.24.0

Amplify Flutter Version

2.3.0

Deployment Method

Amplify Gen 2

Schema

No response

[NikaHsn]

@lokalathlet Sorry that you are facing this issue and thanks for reporting it. We will look into this and get back to you when we have updates.

[NikaHsn]

@lokalathlet do you use sign-in with web UI?

[lokalathlet]

@NikaHsn, you're right. In the Android usecase we're signing in via signing with webui. In the iOS usecase WE login via passkeys finally using signin method. I will doublecheck this, in case we are using passkeys on Android, we getting the same result: signout = false , if we are offline.

[lokalathlet]

[debug] | 9:52:56 764ms | ::signOut result: CognitoSignOutResult { "hostedUiException": null, "globalSignOutException": null, "revokeTokenException": "RevokeTokenException {\n \"message\": \"Failed to revoke token\",\n \"recoverySuggestion\": \"See underlyingException for more details\",\n \"underlyingException\": \"NetworkException {\\n \\\"message\\\": \\\"The request failed due to a network error.\\\",\\n \\\"recoverySuggestion\\\": \\\"Ensure that you have an active network connection\\\",\\n \\\"underlyingException\\\": \\\"POST https://cognito-idp.eu-central-1.amazonaws.com/? failed: SocketException: Failed host lookup: 'cognito-idp.eu-central-1.amazonaws.com' (OS Error: No address associated with hostname, errno = 7)\\\"\\n}\"\n}", "signedOutLocally": true }
On Android it works as expected: sign in via passkeys, Set flight modeon, User Press logout, signedOutLocally": true

[tyllark]

Hi @lokalathlet, could you please provide a code snippet for how you are signing in with passkey on iOS.

[Equartey]

Hi @lokalathlet, if you're still experiencing this issue can you please provide a code snippet to help us reproduce the observed behavior?

[lokalathlet]

Hi Equartey, here are the simplified steps how we sign in. It's the same for iOS and Android.
It must be clear that we can't provide a minimal working example with all the components of a working Cognito instance and Lambda stuff behind it. I assume that Amazon is in a position to have a running environment where it is possible to recreate the sign-out behavior itself. Let me know if this information is helpful. We flowing the documentation for Flutter authentication from the website.

 final signInResult = await _authCategory.signIn(
      username: username,
      options: const SignInOptions(
        pluginOptions: CognitoSignInPluginOptions(
          authFlowType: AuthenticationFlowType.customAuthWithoutSrp,
        ),
      ),
    );

// platform authenticator called here

 final jsonMap = {
      'response': {
        'credentialId': request.id,
        'authenticatorData': request.authenticatorData,
        'clientDataJSON': request.clientDataJSON,
        'signature': request.signature,
      },
      'challenge': authenticateChallenge,
    };

    final confirmSignInResult = await  _authCategory.confirmSignIn(jsonEncode(jsonMap));

[NikaHsn]

@lokalathlet Amplify flutter Auth does not support signIn with passkey and based on my understanding you've implemented the signin with passkey yourself, correct me if I'm wrong.
Do you see this issue when using signin methods that are supported by Amplify Flutter Auth category rather than passkey?

[lokalathlet]

@NikaHsn you are right. We use signInWithWebUI as an alternative. I will give it a try and come back to you.

[NikaHsn]

@lokalathlet thanks for confirming. Let us know if you are facing this issue when using signInWithWebUI.

[lokalathlet]

Hi @NikaHsn,
we have further investigated the issue. We rely on the smartphone's time to be set correctly. Therefore, we continuously test scenarios that can occur due to deliberate actions by the user, such as manually changing the time, and the consequences thereof.

We have noticed that when the time is falsified in offline mode, for example, by setting the clock forward or backward, the Amplify sign-out does not work. We are interested to know if you can confirm that an incorrect time setting might possibly affect the sign-out result. In this case, the SignOut result is (same on iOS and Android):
│ [error] | 11:33:44 291ms | ::signOut failed CognitoFailedSignOut: CognitoSignOutResult { │ "exception": "NetworkException {\n \"message\": \"The request failed due to a network error.\",\n \"recoverySuggestion\": \"Ensure that you have an active network connection\",\n \"underlyingException\": \"POST https://cognito-idp.eu-central-1.amazonaws.com/? failed: SocketException: Failed host lookup: 'cognito-idp.eu-central-1.amazonaws.com' (OS Error: nodename nor servname provided, or not known, errno = 8)\"\n}", │ "signedOutLocally": false │ }

What can we, as users of the library, do to ensure that signOutLocally: true is always the outcome? Or can you invalidate the tokens locally not rely on a correct time settings of the smartphone? Thanks in advance for your feedback. BR

This is the result, when the time is set back to the correct time:
[debug] | 11:34:49 659ms | ::signOut OK CognitoPartialSignOut: CognitoSignOutResult { │ "hostedUiException": null, │ "globalSignOutException": null, │ "revokeTokenException": "RevokeTokenException {\n \"message\": \"Failed to revoke token\",\n \"recoverySuggestion\": \"See underlyingException for more details\",\n \"underlyingException\": \"NetworkException {\\n \\\"message\\\": \\\"The request failed due to a network error.\\\",\\n \\\"recoverySuggestion\\\": \\\"Ensure that you have an active network connection\\\",\\n \\\"underlyingException\\\": \\\"POST https://cognito-idp.eu-central-1.amazonaws.com/? failed: SocketException: Failed host lookup: 'cognito-idp.eu-central-1.amazonaws.com' (OS Error: nodename nor servname provided, or not known, errno = 8)\\\"\\n}\"\n}", │ "signedOutLocally": true │ }

[tyllark]

Hello @lokalathlet, thank you for the additional information. We will look into replicating this issue and will provide guidance to ensure the user is properly logged out.

[lokalathlet]

Hey @tyllark, any update on this issue?

[ekjotmultani]

Hi @lokalathlet , to clarify, you noticed this behaviour with the device time after the user has signed in with web-ui?