Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

adminitiateauth and refresh tokens

0

We use the adminInitiateAuth API in our backend to authenticate our clients. We have deployed our Auth API endpoints using API gateway and AWS Lambda with User pools

A web app user authenticates with cognito via our api and the backend admininitiateauth call returns access, id & refresh tokens. Then when the user refreshes their tokens and passes the refresh token to our api we see that admininitiateauth only returns access & id token and not an new refresh token.

How is the user expected to refresh the next time? Does a user only get one refresh?

There is NOTHING in the documentation as you why refreshing tokens via admininitiateauth does not return a new refresh token as well.

Anyone seen this and got any tips?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon Cognito
Idioma
English
Mark Lloyd
preguntada hace 5 años362 visualizaciones
1 Respuesta
0

adminitiateauth never returns a new refreshtoken

I misunderstood how the refreshtokens work.

By increasing expiry time of refreshtoken we can extend the amount of time before the user needs to fully login again to obtain a new refresh token

Mark Lloyd
respondido hace 5 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante