How do I change the expiration time of credential information retrieved from the Cognito ID Pool?
We are using aws-sdk to get temporary credential information from the Cognito ID pool in order to send requests from our front-end web application to the API Gateway that has been configured for authorization by the IAM authorizer. The credential information expiration time is 1 hour by default, is there any way to change the expiration time?
const client = new CognitoIdentityClient({ region: process.env.VUE_APP_AWS_REGION });
const getIdCommandInput = {
AccountId: process.env.VUE_APP_AWS_ACCOUNT_ID,
IdentityPoolId: process.env.VUE_APP_COGNITO_AUTH_IDENTITY_POOL_ID,
Logins: {}
};
const userPool = `cognito-idp.${process.env.VUE_APP_AWS_REGION}.amazonaws.com/${process.env.VUE_APP_COGNITO_AUTH_USER_POOL_ID}`;
getIdCommandInput.Logins[userPool] = store.state.authenticateResult.idToken;
const getIdCommand = new GetIdCommand(getIdCommandInput);
const identityIdResponse = await client.send(getIdCommand);
const getCredentialsForIdentityCommandInput = {
IdentityId: identityIdResponse.IdentityId,
Logins: {}
};
getCredentialsForIdentityCommandInput.Logins[userPool] = store.state.authenticateResult.idToken;
const getCredentialsForIdentityCommand = new GetCredentialsForIdentityCommand(getCredentialsForIdentityCommandInput);
const credentialsResponse = await client.send(getCredentialsForIdentityCommand);
When the credential information is retrieved with the above code, the Expiration property contains the date and time one hour later.
I tried the following, but there was no change in the 1-hour expiration.
(1) Change the "maximum session time" of IAM roles set to "authenticated roles" in the Cognito identity pool to 2 hours.
(2) Change the "Maximum session time" of IAM roles set to groups in the Cognito user pool to 2 hours.
Hello,
As of August 12,2020, AWS has announced that user pools now supports customization of token expiration.
Here are the steps to follow:
Open your AWS Cognito console.
Go to General Settings.
Scroll down to App clients and click edit.
Click on Show Details button to see the customization options
Keep in mind, access token expiration must be between 5 minutes and 1 day. Cannot be greater than refresh token expiration.
For additional information about using the ID tokens, please refer to this AWS Documentation.
I hope this helps.
Relevant questions
How to get Cognito SAML integration to sign AuthnRequest?
Accepted Answerasked 6 months agoModify an Identity Pool Cognito JWT
asked 6 months agoWhere's the documentation about Cognito User Pools as Open ID Connect (OIDC) providers by themselves?
Accepted Answerasked 4 months agoCognito - Azure AD - Amplify - flow of the SSO auth from application perspective
Accepted Answerasked 2 years agoRemove external identity from Cognito user
asked 6 days agoHow do I change the expiration time of credential information retrieved from the Cognito ID Pool?
asked 15 days agoCan I create relationship from User pool to table in DynamoDB?
asked 3 years agoHow do I Read PrincipalTags from Cognito Identity?
asked 2 months agoCognito Login With Amazon "Token is not from a supported provider of this identity pool." error using JavaScript LWA
asked 19 days agoShould I use Cognito Identity Pool OIDC JWT Connect Tokens in the AWS API Gateway?
asked 2 months ago