- Le plus récent
- Le plus de votes
- La plupart des commentaires
API Gateway allows access based on the information contained in the token. If you revoke the token in Cognito but the expiry of the token is still in the future then access will still be allowed by API Gateway - for performance it doesn't check with Cognito to see if every token is revoked; it's relying on the information that has been passed with the token.
One way to solve this is to use very short-lived tokens that are refreshed by the client application on a regular basis. That way revoked tokens are not valid for very long.
Another way would be to use Lambda Authorizer which could check to see if each token passed to API Gateway has been revoked or not. It could do this by checking with Cognito; or some other data source such as a DynamoDB table. However, this adds delay and cost to each API call.
Do you have cacheing enabled for the token? This page talks about how to enable. You should check if you have it enabled and look at the TTL.
Contenus pertinents
- demandé il y a un an
- demandé il y a 7 mois
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
