1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
The ClientMetadata
is available in the Pre token generation trigger during the initial login process but not during the refresh token process. This is why it works for the initial login but not when refreshing the token.
Unfortunately, Cognito does not pass ClientMetadata
to the Pre token generation
trigger during the refresh token process. This is a known limitation and there's no direct way to work around this within Cognito's current functionality.
- (1) To use the refresh token to get new ID and access tokens with the user pools API, use the
AdminInitiateAuth
orInitiateAuth
API operations. - (2) But Amazon Cognito doesn't include data from the ClientMetadata parameter in
AdminInitiateAuth
andInitiateAuth
API operations in the request that it passes to the pre token generation function.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
This is a limitation that AWS is aware and they do nothing about it? No workaround at all?
Maybe one workaround you could try is to store the platform information in the user's session or a database during the initial login process. Then, during the refresh token process, retrieve this information from the session or database to customize the
AccessToken
accordingly.Docs say that
InitiateAuth
withREFRESH_TOKEN_AUTH
should fire thePre authentication trigger
, which includes theClientMetadata
. If that's the case, this would be a solution for me, but the truth is thatREFRESH_TOKEN_AUTH
never fires thePre authentication trigger
. Is that a bug or an error?PS: The workaround you gave me it has a problem. If I login in two different platforms with the same Cognito instance, during
Refresh Session
, the database will take the last known platform I logged in, not the actual platform the user is trying to get the new token from.Hey, oriollpz, I'll investigate further to clarify the behavior of
InitiateAuth
withREFRESH_TOKEN_AUTH
and the Pre authentication trigger.Thanks Osvaldo