AWS Amplify Auth
June 16, 2022
When you call
Auth.signOut() what is Amplify abstracting away from us? How is Amplify managing our authentication state?
Amplify is doing this by manipulating values in local storage or cookies. When you successfully authenticate, 6 values get set in local storage. Then, when you sign out, these values get destroyed.
Upon successful authentication, the library adds 6 values to local storage (or cookies if you customize the config).
There are 6 token types:
accessToken— "The purpose of the access token is to authorize API operations in the context of the user in the user pool." (Source)
clockDrift— "The saved computer's clock drift or undefined to force calculation." I don't understand how this is applied. Something to do with expiry?
idToken— "contains claims about the identity of the authenticated user, such as name, email, and phone_number" (Source)
refreshToken— Credentials used to obtain access tokens. When an access token expires, the refresh token is used to get a new one without asking the user to sign in again. From the AWS docs, "You can use the refresh token to retrieve new ID and access tokens."
userData— Contains information about the user such as name, email, and username.
LastAuthUser— "needed for computing other key names"
Each of these token types is used as part of the naming convention.
The docs define the shape of the storage keys as:
Here's an example:
In this example,
2agop4ldjtnjhng1of7752uh73is the user pool client ID.
554a1dff-ab1e-4cf8-d95f-1c10b4d7700is the username.
accessTokenis the token type.