Menu
There are many applications today, such as the G Suite family of applications, that enable rapid "identity switching" amongst federated identities that have been previously logged into.
What it looks like in a G Suite application to quick switch amongst previously authenticated identities.
Is there support in aws-amplify's Authorization library to juggle more than one concurrent login at a time? Which is to say, can I log in as User A, then also log in as User B, then have a toggle that lets me rapidly switch my session between Users A and B? The documentation seems to indicate that it supports one login session at a time, and to authenticate to User B, User A would have to be logged out, requiring re-entry of password on every rapid-switch attempt.
754
The answer is kinda.
aws-amplify works from the localstorage, and if you inspect the local storage you'll see something on the lines of this:
CognitoIdentityServiceProvider.abcdef.LastAuthUser: [email protected]
CognitoIdentityServiceProvider.abcdef.email.of.logged.in@whatever.com.accessToken: ...
CognitoIdentityServiceProvider.abcdef.email.of.another.logged.in@whatever.com.accessToken: ...
(n.b. this is copied from a cognito setup, but similar is saved for other auth approaches).
This means that by switching the key of CognitoIdentityServiceProvider.abcdef.LastAuthUser and refreshing you can cause a user-swap. If you're using a JWT based authentication method (like Cognito), as long as the refresh token is still valid, you user won't be promted to log-in again following the switch.
This does not seem to be supported by the API, however, so it's worth bearing in mind that it is effectively an exploit and you should take steps to ensure that should this approach stop working, you find out about it before your users do! (lit. testing.)
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
