By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

using cognito refresh token

0

hi, i am using cognito (not hosted UI) for authentication. when i login with username and password i can store the access token to cookie but i am not able to store refresh token in cookie. this is the code:

refresh_token = response['AuthenticationResult']['RefreshToken']

access_token = response['AuthenticationResult']['AccessToken']

headers = {

'Location': '/Prod/auth/profile',

'Set-Cookie': f'refresh_token={refresh_token}; Path=/; Secure; HttpOnly',

'Set-Cookie': f'access_token={access_token}; Path=/; Secure; HttpOnly',

}

but like i said this code just puts access_token. i tried a lot of variant but i am not able. how do you handle this?

moreover, how do you handle refresh token? like me (putting it too cookie)?

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS LambdaAmazon API GatewayAmazon CognitoSecurity
Language
English
rePost-User-5945496
asked a year ago477 views
2 Answers
0

Hi,

First of all, have you checked that the response contains the refresh_token before setting it in the cookie? On the other hand, which authentication flow are you using? Note that no refresh token is returned during an implicit grant type.

profile picture
EXPERT
Mikel Del Tio
answered a year ago
0

i just pass username and password to this function in my lambda:

def authenticate_user(username, password):
    client = boto3.client('cognito-idp')

    response = client.initiate_auth(
        ClientId='MyclientId',
        AuthFlow='USER_PASSWORD_AUTH',
        AuthParameters={
            'USERNAME': username,  # Use the appropriate attribute for username
            'PASSWORD': password
        }
    )
    return response

then i take tokens from the response as follow:

def get_tokens(response):

    if response.get('AuthenticationResult'):
        access_token = response['AuthenticationResult']['AccessToken']
        id_token = response['AuthenticationResult']['IdToken']
        refresh_token = response['AuthenticationResult'].get('RefreshToken')
        return {
            'access_token': access_token,
            'id_token': id_token,
            'refresh_token': refresh_token
        }
    else:
        print("Login unsuccessful")
        return None

And after getting tokens i redirect user to profile page and want to save the tokens as cookies:

def redirect_to_profile(refresh_token, access_token):
    path = os.path.join(os.getcwd(), "templates", "profile.html")
    with open(path, "r") as f:
        contents = f.read()

    headers = {
        'Location': '/Prod/auth/profile',
        'Set-Cookie': f'refresh_token={refresh_token}; Path=/; Secure; HttpOnly',
        'Set-Cookie': f'access_token={access_token}; Path=/; Secure; HttpOnly',
    }

    return {
        'statusCode': 302,
        'headers': headers,
        'body': contents
    }

But like i said here just the last token can be stored as cookie. access_token for above and refresh token for below.

headers = {
        'Location': '/Prod/auth/profile',
        'Set-Cookie': f'access_token={access_token}; Path=/; Secure; HttpOnly',
        'Set-Cookie': f'refresh_token={refresh_token}; Path=/; Secure; HttpOnly',
    }

i just want to store all tokens... And by the way i am not sure setting all tokens as cookies is a good programming way

rePost-User-5945496
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content