From 2d9d94e42f3ee94a0bce3dc8a97a2ea6776fc25b Mon Sep 17 00:00:00 2001
From: Adrian Joshua Strutt <adjosst@amazon.com>
Date: Thu, 19 Jun 2025 11:46:13 +0200
Subject: [PATCH 1/4] fix: always remove guestIdentityId from keyValueStorage 
 on client-side

---
 .../providers/cognito/credentialsProvider/IdentityIdStore.ts  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
index 283b0e9cd3f..aac02891a19 100644
--- a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
+++ b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
@@ -80,7 +80,9 @@ export class DefaultIdentityIdStore implements IdentityIdStore {
 		} else {
 			this._primaryIdentityId = identity.id;
 			// Clear locally stored guest id
-			if (this._hasGuestIdentityId) {
+			// On the server-side we use the _hasGuestIdentityId flag to avoid caching issues
+			const serverside = typeof window === 'undefined';
+			if (this._hasGuestIdentityId || !serverside) {
 				this.keyValueStorage.removeItem(this._authKeys.identityId);
 				this._hasGuestIdentityId = false;
 			}

From 0133d83a73557e1229a1b884c818ba8e3ca14a37 Mon Sep 17 00:00:00 2001
From: Adrian Joshua Strutt <adjosst@amazon.com>
Date: Thu, 19 Jun 2025 14:23:42 +0200
Subject: [PATCH 2/4] fix: fix unit tests and add check if keyValueStore has
 guest token

---
 .../cognito/credentialsProvider/IdentityIdStore.test.ts       | 4 +++-
 .../providers/cognito/credentialsProvider/IdentityIdStore.ts  | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts b/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts
index 94475367ec3..781a4d576c7 100644
--- a/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts
+++ b/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts
@@ -47,7 +47,7 @@ describe('DefaultIdentityIdStore', () => {
 
 	afterEach(() => {
 		mockKeyValueStorage.setItem.mockClear();
-		mockKeyValueStorage.getItem.mockClear();
+		mockKeyValueStorage.getItem.mockReset();
 		mockKeyValueStorage.removeItem.mockClear();
 		mockKeyValueStorage.clear.mockClear();
 	});
@@ -73,6 +73,7 @@ describe('DefaultIdentityIdStore', () => {
 	});
 
 	it('should store primary identityId in keyValueStorage', async () => {
+		mockKeyValueStorage.getItem.mockResolvedValue(validGuestIdentityId.id);
 		defaultIdStore.storeIdentityId(validPrimaryIdentityId);
 		expect(mockKeyValueStorage.removeItem).toHaveBeenCalledWith(
 			validAuthKey.identityId,
@@ -114,6 +115,7 @@ describe('DefaultIdentityIdStore', () => {
 	});
 
 	it('should not call keyValueStorage.removeItem when there is no guest identityId to clear', async () => {
+		mockKeyValueStorage.getItem.mockReturnValue(null);
 		const refreshIdentityIdStore = new DefaultIdentityIdStore(
 			mockKeyValueStorage,
 		);
diff --git a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
index aac02891a19..a109ac7d270 100644
--- a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
+++ b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
@@ -83,7 +83,9 @@ export class DefaultIdentityIdStore implements IdentityIdStore {
 			// On the server-side we use the _hasGuestIdentityId flag to avoid caching issues
 			const serverside = typeof window === 'undefined';
 			if (this._hasGuestIdentityId || !serverside) {
-				this.keyValueStorage.removeItem(this._authKeys.identityId);
+				if (this.keyValueStorage.getItem(this._authKeys.identityId) !== null) {
+					this.keyValueStorage.removeItem(this._authKeys.identityId);
+				}
 				this._hasGuestIdentityId = false;
 			}
 		}

From baf70becdf89b6c4b2a1c0d2a70a8dfc442fe531 Mon Sep 17 00:00:00 2001
From: Adrian Joshua Strutt <adjosst@amazon.com>
Date: Fri, 20 Jun 2025 17:18:20 +0200
Subject: [PATCH 3/4] fix await

---
 .../credentialsProvider/IdentityIdStore.test.ts        | 10 +++++-----
 .../cognito/credentialsProvider/IdentityIdStore.ts     | 10 ++++------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts b/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts
index 781a4d576c7..701bcc53072 100644
--- a/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts
+++ b/packages/auth/__tests__/providers/cognito/credentialsProvider/IdentityIdStore.test.ts
@@ -47,7 +47,7 @@ describe('DefaultIdentityIdStore', () => {
 
 	afterEach(() => {
 		mockKeyValueStorage.setItem.mockClear();
-		mockKeyValueStorage.getItem.mockReset();
+		mockKeyValueStorage.getItem.mockClear();
 		mockKeyValueStorage.removeItem.mockClear();
 		mockKeyValueStorage.clear.mockClear();
 	});
@@ -57,7 +57,7 @@ describe('DefaultIdentityIdStore', () => {
 	});
 
 	it('should store guest identityId in keyValueStorage', async () => {
-		defaultIdStore.storeIdentityId(validGuestIdentityId);
+		await defaultIdStore.storeIdentityId(validGuestIdentityId);
 		expect(mockKeyValueStorage.setItem).toHaveBeenCalledWith(
 			validAuthKey.identityId,
 			validGuestIdentityId.id,
@@ -74,7 +74,7 @@ describe('DefaultIdentityIdStore', () => {
 
 	it('should store primary identityId in keyValueStorage', async () => {
 		mockKeyValueStorage.getItem.mockResolvedValue(validGuestIdentityId.id);
-		defaultIdStore.storeIdentityId(validPrimaryIdentityId);
+		await defaultIdStore.storeIdentityId(validPrimaryIdentityId);
 		expect(mockKeyValueStorage.removeItem).toHaveBeenCalledWith(
 			validAuthKey.identityId,
 		);
@@ -115,13 +115,13 @@ describe('DefaultIdentityIdStore', () => {
 	});
 
 	it('should not call keyValueStorage.removeItem when there is no guest identityId to clear', async () => {
-		mockKeyValueStorage.getItem.mockReturnValue(null);
+		mockKeyValueStorage.getItem.mockResolvedValue(null);
 		const refreshIdentityIdStore = new DefaultIdentityIdStore(
 			mockKeyValueStorage,
 		);
 		refreshIdentityIdStore.setAuthConfig(validAuthConfig.Auth!);
 
-		refreshIdentityIdStore.storeIdentityId(validPrimaryIdentityId);
+		await refreshIdentityIdStore.storeIdentityId(validPrimaryIdentityId);
 		expect(mockKeyValueStorage.removeItem).not.toHaveBeenCalled();
 	});
 });
diff --git a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
index a109ac7d270..b3b87a18f72 100644
--- a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
+++ b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
@@ -80,14 +80,12 @@ export class DefaultIdentityIdStore implements IdentityIdStore {
 		} else {
 			this._primaryIdentityId = identity.id;
 			// Clear locally stored guest id
-			// On the server-side we use the _hasGuestIdentityId flag to avoid caching issues
-			const serverside = typeof window === 'undefined';
-			if (this._hasGuestIdentityId || !serverside) {
-				if (this.keyValueStorage.getItem(this._authKeys.identityId) !== null) {
+			this.keyValueStorage.getItem(this._authKeys.identityId).then(item => {
+				if (item) {
 					this.keyValueStorage.removeItem(this._authKeys.identityId);
 				}
-				this._hasGuestIdentityId = false;
-			}
+			});
+			this._hasGuestIdentityId = false;
 		}
 	}
 

From e22d3a886afa8145c90347531302eed84bb75592 Mon Sep 17 00:00:00 2001
From: Adrian Joshua Strutt <adjosst@amazon.com>
Date: Tue, 1 Jul 2025 14:33:24 +0200
Subject: [PATCH 4/4] add isBrowser again

---
 .../cognito/credentialsProvider/IdentityIdStore.ts  | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
index b3b87a18f72..e982bc2fe21 100644
--- a/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
+++ b/packages/auth/src/providers/cognito/credentialsProvider/IdentityIdStore.ts
@@ -7,7 +7,10 @@ import {
 	Identity,
 	KeyValueStorageInterface,
 } from '@aws-amplify/core';
-import { assertIdentityPoolIdConfig } from '@aws-amplify/core/internals/utils';
+import {
+	assertIdentityPoolIdConfig,
+	isBrowser,
+} from '@aws-amplify/core/internals/utils';
 
 import { getAuthStorageKeys } from '../tokenProvider/TokenStore';
 import { AuthKeys } from '../tokenProvider/types';
@@ -80,11 +83,9 @@ export class DefaultIdentityIdStore implements IdentityIdStore {
 		} else {
 			this._primaryIdentityId = identity.id;
 			// Clear locally stored guest id
-			this.keyValueStorage.getItem(this._authKeys.identityId).then(item => {
-				if (item) {
-					this.keyValueStorage.removeItem(this._authKeys.identityId);
-				}
-			});
+			if (this._hasGuestIdentityId || isBrowser()) {
+				this.keyValueStorage.removeItem(this._authKeys.identityId);
+			}
 			this._hasGuestIdentityId = false;
 		}
 	}