I currently have an AWS Amplify app (modified to work with Serverless) configured to allow third-party federation with a Cognito User Pool. Because the Cognito Hosted UI's styling can't be fully customized, I've taken to bypassing it by signing in (and signing out) like so:
Auth.federatedSignIn({ provider: 'Google' })
Auth.signOut()
When signing in, my app is able to successfully request authentication with Google, and I am prompted for my email and password. This also signs me into my Google account, which I believe is common in an OAuth 2.0 authentication flow.
The issue arises when I sign out of my Google account and my app. Upon doing so and signing into my app again, I am logged in automatically. Interestingly, I am not logged into my Google account again. It's as if my app skips the step to authenticate against Google. This still happens when I clear cookies, local storage, and restart my browser.
Surprisingly, using the Hosted UI doesn't suffer from this problem. Logging out of Google and then logging into my app requires re-authentication every time.
I am otherwise unable to figure out how my browser (Chrome, Firefox, and Safari) is able to "remember" who I am as a Google user when logging into my app. Like I mentioned, I tried clearing cookies and local data, and restarting my browser. This isn't an issue in Incognito mode. I tried looking through the source code to see where some data might be set in storage, but Amplify mostly seems to rely on local storage by default, which gets cleared on sign out.
I am wondering if anyone else bypassing the Hosted UI has seen this behavior, or if there is some specific, high-level Amplify configuration I may have made a mistake with?
