fix(auth): add protected data unavailable error

Author: harsh62

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/AWSCognitoAuthPlugin+Configure.swift

@@ -16,6 +16,9 @@ import AWSClientRuntime
 @_spi(InternalHttpEngineProxy) import AWSPluginsCore
 import SmithyRetriesAPI
 import SmithyRetries
+#if canImport(UIKit)
+import UIKit
+#endif
 
 extension AWSCognitoAuthPlugin {
 
@@ -38,6 +41,15 @@ extension AWSCognitoAuthPlugin {
                 AuthPluginErrorConstants.decodeConfigurationError.recoverySuggestion)
         }
 
+#if canImport(UIKit)
+        guard UIApplication.shared.isProtectedDataAvailable else {
+            throw PluginError.pluginConfigurationError(
+                AuthPluginErrorConstants.protectedDataUnavailableError.errorDescription,
+                AuthPluginErrorConstants.protectedDataUnavailableError.recoverySuggestion,
+                AWSCognitoAuthError.protectedDataUnavailable)
+        }
+#endif
+
         let credentialStoreResolver = CredentialStoreState.Resolver().eraseToAnyResolver()
         let credentialEnvironment = credentialStoreEnvironment(authConfiguration: authConfiguration)
         let credentialStoreMachine = StateMachine(resolver: credentialStoreResolver,

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Models/Errors/AWSCognitoAuthError.swift

@@ -111,6 +111,9 @@ public enum AWSCognitoAuthError: Error {
 
     /// The WebAuthn configuration is missing or incomplete
     case webAuthnConfigurationMissing
+
+    /// Protected data is not yet available (iOS prewarming or locked state)
+    case protectedDataUnavailable
 }
 
 extension AWSCognitoAuthError: LocalizedError {
@@ -185,6 +188,8 @@ extension AWSCognitoAuthError: LocalizedError {
             message = "The relying party ID doesn't match."
         case .webAuthnConfigurationMissing:
             message = "The WebAuthn configuration is missing or incomplete."
+        case .protectedDataUnavailable:
+            message = "Protected data is not yet available."
         }
         return "\(String(describing: Self.self)).\(self): \(message)"
     }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Support/Constants/AuthPluginErrorConstants.swift

@@ -16,6 +16,11 @@ typealias AuthPluginValidationErrorString = (field: Field,
 
 enum AuthPluginErrorConstants {
 
+    static let protectedDataUnavailableError: AuthPluginErrorString = (
+        "Protected data is not yet available",
+        "Delay Amplify calls until `UIApplication.shared.isProtectedDataAvailable` returns true or listen to `UIApplication.protectedDataDidBecomeAvailableNotification`"
+    )
+
     static let decodeConfigurationError: AuthPluginErrorString = (
         "Unable to decode configuration",
         "Make sure the plugin configuration is JSONValue")

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/Protocols/AmplifyAuthTask.swift

@@ -7,6 +7,10 @@
 import Foundation
 import Amplify
 
+#if canImport(UIKit)
+import UIKit
+#endif
+
 protocol AmplifyAuthTask {
 
     associatedtype Success
@@ -30,6 +34,14 @@ extension AmplifyAuthTask where Self: DefaultLogger {
         get async throws {
             do {
                 log.info("Starting execution for \(eventName)")
+#if canImport(UIKit)
+                guard await UIApplication.shared.isProtectedDataAvailable else {
+                    throw AuthError.configuration(
+                        AuthPluginErrorConstants.protectedDataUnavailableError.errorDescription,
+                        AuthPluginErrorConstants.protectedDataUnavailableError.recoverySuggestion,
+                        AWSCognitoAuthError.protectedDataUnavailable)
+                }
+#endif
                 let valueReturned = try await execute()
                 log.info("Successfully completed execution for \(eventName) with result:\n\(valueReturned)")
                 dispatch(result: .success(valueReturned))