Unable to access cognito tokens, but auth session indicates signedIn as true

[dakrawczyk]

Describe the bug

Hello,

We are seeing ~2% of our users get logged out when launching our app. This is not something we've been able to reproduce internally, but we can see it occurring in our analytics.

It appears to happen on app launch, as we retrieve auth tokens to make our initial network requests. However, we only make these network requests if Amplify has been configured and has told us that the user's authSession is signed in. At this point, I would expect to be able to retrieve auth tokens without issue.

Steps To Reproduce

We are seeing ~2% of our users get logged out due to the following scenario -

1. Launch App
2. Detect that user is logged in (via a value in userDefaults)
3. Run `Amplify.configure()`
4. Wait for.. 

    private func checkUserSignedIn() async -> Bool {
        do {
            let session = try await Amplify.Auth.fetchAuthSession()
            self.isUserLoggedIn = session.isSignedIn
            return self.isUserLoggedIn
        } catch {
            error.captureFirebaseNonFatal()
            Logger.amplify.error("Fetch auth session failed with error - \(error)")
            return false
        }
    }


 5. Make network request after fetching accessTokens via: 

    func fetchSessionKeys(complete: @escaping (AuthCognitoTokens?, FetchKeysError?) -> Void) {
        Task {
            do {
                let session = try await Amplify.Auth.fetchAuthSession()

                if let cognitoTokenProvider = session as? AuthCognitoTokensProvider {
                    let tokens = try cognitoTokenProvider.getCognitoTokens().get()
                    complete(tokens, nil)
                }
            } catch {
                DispatchQueue.main.async {
                    Logger.amplify.error("AWS Fetch auth session failed with error - \(error)")

                    guard
                        let authError = error as? AuthError
                    else {
                        complete(nil, .tokenFailureLogout)
                        return
                    }
                    
                    switch authError {
                    case .service,
                            .unknown,
                            .validation:
                        complete(nil, .tokenFailureRetry)

                    case .configuration,
                            .notAuthorized,
                            .invalidState,
                            .signedOut,
                            .sessionExpired:
                        complete(nil, .tokenFailureLogout)
                    }
                }
            }
        }
    }

6. Log user out after receiving either `Amplify.AuthError.SignedOut` or `Amplify.AuthError.SessionExpired`

Expected behavior

I would expect to be able to retrieve auth tokens without issue after verifying that the user's Auth Session is signed in.

Amplify Framework Version

2.12.0

Amplify Categories

Auth

Dependency manager

Swift PM

Swift version

5.0

CLI version

NA

Xcode version

16.2

Relevant log output

Unfortunately, can't reproduce locally

Is this a regression?

No

Regression additional context

No response

Platforms

iOS

OS Version

iOS 16+

Device

All

Specific to simulators

No response

Additional context

No response