Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Auth.signIn request at the same time generate same jwt token with different accounts

See original GitHub issue

Describe the bug When submit two request to method await Auth.signIn(username, password) at the same time with different accounts, the method generate the same token (signInUserSession.accessToken.jwtToken);

To Reproduce Steps to reproduce the behavior:

  1. Use the method await Auth.signIn(username, password)
  2. Make two requests with different accounts at exactly the same time
  3. get the function’s return and go to: signInUserSession.accessToken.jwtToken
  4. and you will see that the generated token is the same for different accounts

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:5
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

5reactions
ericclemmonscommented, Dec 7, 2020

I was able to reproduce this behavior, which definitely appears to be a race-condition:

  • Signing in separately returns different tokens (e.g. even a second or two apart).
  • Signing in simultaneously returns the same jwtToken:

https://codesandbox.io/s/aws-amplifyamplify-jsissues7161-m1ps0?file=/src/App.js Kapture 2020-12-07 at 11 53 16

So we can help prioritize this issue, can you provide some detail on why two separate user accounts are being signed in simultaneously? Thanks!

0reactions
github-actions[bot]commented, Dec 11, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

Read more comments on GitHub >

github_iconTop Results From Across the Web

JSON web tokens are NOT meant for authenticating the same ...
Yes, it's the same as session tokens, which need to be stored in a database for different servers to verity the user authentication...
Read more >
Can we use single JWT token for multiple requests?
So I can get a JWT once, and then make a bunch of requests within 30 min, and if you ... same token...
Read more >
JWT is issuing the same token - java - Stack Overflow
In an authentication scheme based on tokens, the token becomes a credential of the user. Hard credentials such as username and password are ......
Read more >
JWT authentication: Best practices and when to use it
Learn how to best use JWT to trust requests by using signatures, exchanging information between parties, and preventing basic security ...
Read more >
Using JWT (JSON Web Tokens) to authorize users and protect ...
Arguably one of the largest use cases for JWT is authorization. We can generate a JWT token in the backend that is specific...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

DataStore generates invalid GQL: unrecognized token '$util' in `syncFoo` query

Next page

ConsoleLogger.ts:99 [WARN] 25:02.663 DataStore - Data won't be synchronized. No GraphQL endpoint configured. Did you forget `Amplify.configure(awsconfig)`?