- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi there,
I understand that you would like to implement an automatic logout trigger due to user inactivity.
While there is no direct way to do this in Cognito, you can trigger that response through an API call passed into Cognito once the user hits the inactivity time limit. Doing this will revoke the user's refresh token which will cause the user to sign in again.
More information on revoking refresh tokens can be found below: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html
You can use the following Cognito User Pools API operation: AdminUserGlobalSignOut.
AdminUserGlobalSignOut can sign out any user in the user pool. It must be called by the administrator application with AWS developer credentials. More information about this API call can be found here: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html
You can use a Lambda function to keep track of user inactivity. When the API operation is called, you can redirect them to the Logout endpoint where Cognito will clear the session cookie. This prevents the user from reauthenticating with the same cookie. Once the cookie has been cleared, the user must reauthenticate for a new token.
To do this:
- Create the Lambda function. You can check out this gitHub for assistance: https://github.com/aws-amplify/amplify-js/issues/2384
- In the Amazon Cognito console, choose your user pool.
- Choose "Add a Lambda trigger". Keep in mind that you will need to Modify IAM credentials to authorize the requests (don't forget to grant yourself the IAM permission in a policy as well).
- In the Category section, find Post Authentication and select "Assign Lambda function". More information about Post Authentication can be found here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html
- Find the function name and click "Save Changes".
Additional information on this process can be found here: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
Hope this helps!
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa