Clear AWS Credentials Cache

From @jayair on Mon Apr 10 2017 01:06:07 GMT+0000 (UTC)

Link to chapter - http://serverless-stack.com/chapters/clear-aws-credentials-cache.html

Copied from original issue: https://github.com/AnomalyInnovations/serverless-stack-com/issues/50

From @d3sandoval on Mon Jul 31 2017 00:07:24 GMT+0000 (UTC)

Hi there, per my comment in https://github.com/AnomalyInnovations/serverless-stack-com/issues/55#issuecomment-318859903 I am still able to see the same “notes list” across users.

Here’s an example of me creating a note in one user and seeing it in the other:

I have followed the instructions in the chapter exactly and am still encountering this issue… could there be a problem in code outside of app.js?

After I log out, my localstorage is cleared of any references to Cognito:


Logging into a different user gives me a completely difference access token:

My package.json states that I am on aws-sdk version “^2.88.0”… Maybe it’s a problem with my API’s GET handler? list.js:

import * as dynamoDbLib from './libs/dynamodb-lib';
import { success, failure } from './libs/response-lib';

export async function main(event, context, callback) {
    const params = {
        TableName: 'notes',
        // 'KeyConditionExpression' defines the condition for the query
        // - 'userId = :userId': only return items with matching 'userId' partition key
        // 'ExpressionAttributeValues' defines the value in the condition
        // - ':userId': defines 'userId' to bthe User Pool sub of the authenticated user
        KeyConditionExpression: "userId = :userId",
        ExpressionAttributeValues: {
            ":userId": event.requestContext.identity.cognitoIdentityId,
        }
    };

    try {
        const result = await dynamoDbLib.call('query', params);
        // return the matching list of items in response body
        callback(null, success(result.Items));
    }
    catch(e) {
        callback(null, failure({status: false}));
    }
};

From @jayair on Mon Jul 31 2017 01:25:50 GMT+0000 (UTC)

@d3sandoval Do you still see the old user’s notes after you refresh the page or is it only happening right after you logout and login?

From @d3sandoval on Mon Jul 31 2017 04:59:43 GMT+0000 (UTC)

@jayair no. refreshing fixes the issue. Is there an elegant way to get this functionality to work without refreshing? If not, do you know of a good place in the app to force the user to refresh?

From @jayair on Mon Jul 31 2017 17:43:25 GMT+0000 (UTC)

@d3sandoval I think we broke it with the latest update. The simplest fix right now would be to change this line https://github.com/AnomalyInnovations/serverless-stack-demo-client/blob/master/src/App.js#L87

AWS.config.credentials.clearCachedId();

to this

delete AWS.config.credentials;

I’ll need to test it a bit more and update the tutorial.

From @d3sandoval on Tue Aug 01 2017 04:13:44 GMT+0000 (UTC)

@jayair that’s worse :confused: I get an error message after the login loop… refreshing still fixes it:

For now, I’ll just add a refresh on logout… It doesn’t look too bad! I just added window.location.reload() after the this.props.history.push('/login'); in handleLogout

From @jayair on Tue Aug 01 2017 17:20:09 GMT+0000 (UTC)

@d3sandoval I see. Yeah I’ll have to take a look and put in a better fix then.

From @jayair on Thu Aug 10 2017 22:09:40 GMT+0000 (UTC)

@d3sandoval I haven’t had a chance to update the tutorial yet but if you are still looking for a fix. Try replacing this line - https://github.com/AnomalyInnovations/serverless-stack-demo-client/blob/master/src/App.js#L87

with this.

AWS.config.credentials.clearCachedId();
AWS.config.credentials = new AWS.CognitoIdentityCredentials({ });

From @limifont on Sun Aug 13 2017 08:01:57 GMT+0000 (UTC)

Adding the new AWS.CognitoIdentityCredentials({}) seems to have fixed the issue!

From @gregt590 on Tue Aug 29 2017 20:29:54 GMT+0000 (UTC)

A related problem occurs if you first attempt to login to a user that doesn’t exist and get an
UserNotFound Exception, and then login to a valid user and attempt to create a new note with an attachment which will generate an AccessDenied error, because it was using the wrong access credentials which hadn’t expired yet and didn’t have a valid identityId defined which also causes it to attempt to create the S3 file: “undefined-1504037928967-filename.ext”.

Resetting the AWS.config.credentials as described above fixed this issue as well.

From @jayair on Tue Aug 29 2017 20:40:01 GMT+0000 (UTC)

@gregt590 Ah thats true. The update with resetting the credentials is coming out shortly.