Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

using cognito refresh token

0

hi, i am using cognito (not hosted UI) for authentication. when i login with username and password i can store the access token to cookie but i am not able to store refresh token in cookie. this is the code:

refresh_token = response['AuthenticationResult']['RefreshToken']

access_token = response['AuthenticationResult']['AccessToken']

headers = {

'Location': '/Prod/auth/profile',

'Set-Cookie': f'refresh_token={refresh_token}; Path=/; Secure; HttpOnly',

'Set-Cookie': f'access_token={access_token}; Path=/; Secure; HttpOnly',

}

but like i said this code just puts access_token. i tried a lot of variant but i am not able. how do you handle this?

moreover, how do you handle refresh token? like me (putting it too cookie)?

Temas
Sin servidorCálculoWeb y móvil front-endRedes y entrega de contenidoSeguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
AWS LambdaAmazon API GatewayAmazon CognitoSeguridad
Idioma
English
rePost-User-5945496
preguntada hace un año500 visualizaciones
2 Respuestas
0

Hi,

First of all, have you checked that the response contains the refresh_token before setting it in the cookie? On the other hand, which authentication flow are you using? Note that no refresh token is returned during an implicit grant type.

profile picture
EXPERTO
Mikel Del Tio
respondido hace un año
0

i just pass username and password to this function in my lambda:

def authenticate_user(username, password):
    client = boto3.client('cognito-idp')

    response = client.initiate_auth(
        ClientId='MyclientId',
        AuthFlow='USER_PASSWORD_AUTH',
        AuthParameters={
            'USERNAME': username,  # Use the appropriate attribute for username
            'PASSWORD': password
        }
    )
    return response

then i take tokens from the response as follow:

def get_tokens(response):

    if response.get('AuthenticationResult'):
        access_token = response['AuthenticationResult']['AccessToken']
        id_token = response['AuthenticationResult']['IdToken']
        refresh_token = response['AuthenticationResult'].get('RefreshToken')
        return {
            'access_token': access_token,
            'id_token': id_token,
            'refresh_token': refresh_token
        }
    else:
        print("Login unsuccessful")
        return None

And after getting tokens i redirect user to profile page and want to save the tokens as cookies:

def redirect_to_profile(refresh_token, access_token):
    path = os.path.join(os.getcwd(), "templates", "profile.html")
    with open(path, "r") as f:
        contents = f.read()

    headers = {
        'Location': '/Prod/auth/profile',
        'Set-Cookie': f'refresh_token={refresh_token}; Path=/; Secure; HttpOnly',
        'Set-Cookie': f'access_token={access_token}; Path=/; Secure; HttpOnly',
    }

    return {
        'statusCode': 302,
        'headers': headers,
        'body': contents
    }

But like i said here just the last token can be stored as cookie. access_token for above and refresh token for below.

headers = {
        'Location': '/Prod/auth/profile',
        'Set-Cookie': f'access_token={access_token}; Path=/; Secure; HttpOnly',
        'Set-Cookie': f'refresh_token={refresh_token}; Path=/; Secure; HttpOnly',
    }

i just want to store all tokens... And by the way i am not sure setting all tokens as cookies is a good programming way

rePost-User-5945496
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante