1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Suppose an user has logged in at 1 AM and Cognito has returned access, ID and refresh tokens after the user sign-in. If you call the RevokeToken API with that refresh token, then the initially issued access and ID tokens, the refresh token, and all access and ID tokens which were issued using that refresh token will be revoked.
Note: Only Cognito service is aware of the token revocation when you revoke token using RevokeToken API. However, your resource server will treat the token as valid until the token's expiry time breach. You may call GetUser API of Cognito to check whether a token is revoked or not. However, please consider the limit per second on number of GetUser API [1].
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前