Credentials immediately removed from localstorage after successful login with Hosted UI

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

Setup:

• Cognito User Pool with federated users from azuread.
• Simpl React app using withOAuth and Authenticator

With the following configuration:

Amplify.configure({
  API: {
...
  Auth: {
    region: 'eu-west-1',
    userPoolId: 'eu-west-POOL_ID',
    userPoolWebClientId: 'ClientID',
    oauth: {
      domain: 'blablabla.auth.eu-west-1.amazoncognito.com',
      scope : ['email', 'profile', 'openid'], 
      redirectSignIn : 'http://localhost:3000', 
      redirectSignOut : 'http://localhost:3000',
      responseType: 'token',
    },
  }
});

The login flow goes as follow:

Call OAuthSignIn() ➡️ Redirected to Cognito login page ➡️ Select the provider ➡️ Redirected to the provider Login Page ➡️ Login with my credentials ➡️ Redirected to http://localhost:3000/#access_token=ACCES_TOKEN=ID_TOKEN&token_type=Bearer&expires_in=3600

The Problem

When redirected with a working token (I tested it against my API) the SDK clear() the credentials in localstorage and redirect to http://localhost:3000.

The weird thing

If I remove the userPoolId from configuration and Call OAuthSignIn() again the credentials are not erased anymore however the Authenticator doesn’t log me in since userPoolId is not in the configuration anymore.

The other weird thing

If I put userPoolId back in the configuration with a filled localstorage I’m logged in.

What is the expected behavior?

SDK Should not signOut after successful OAuth login.

Which versions of Amplify, and which browser / OS are affected by this issue? Did this work in previous versions?

• "aws-amplify": "^1.0.6"
• "aws-amplify-react": "^1.0.6"

Issues #392, #1395, #1426 report similar issues related to hosted UI authentication and OAuth