- Newest
- Most votes
- Most comments
Hello AWS-User-3095156,
Thank you for your question.
The issue you are having is your app users are experiencing a problem where after a successful login, they are prompted to log in again. You are asking which Amazon Cognito settings or configurations can be modified to prevent this.
Have your users received any errors when refreshing the token? If they have, check to see if the tokens have been revoked.
Check for the implicit grant type which results in a refresh token not returning per RFC standards. Per the enclosed documentation, “In an implicit grant, user pool tokens are exposed directly to the user. As a result, ID and access tokens have more potential to become compromised before they expire.”
I am listing recommendations for settings to check.
Check the InitiateAuth endpoint to ensure the token value listed is correct.
Check the value set for the UnusedAccountValidityDays.
Have users check to ensure they have confirmed their accounts as unconfirmed accounts will need to be authenticated again.
AWS CloudTrail will displays errors found in Amazon Cognito APIs and provides a log of requests made.
Documentation:
https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html
http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html
https://docs.aws.amazon.com/cognito/latest/developerguide/logging-using-cloudtrail.html
https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#revoke-tokens-api
https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 6 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago