By using AWS re:Post, you agree to the Terms of Use

Cognito - User Asked to Login to App Constantly

0

I am using AWSMobileClient on an Android App with a Cognito User Pool. I have set the Refresh Token Expiry to 3650 days and the Access Token Expiration to 1 day and the ID Token expiration to 60 minutes. I do not want my users to have to login to my app after the first login is successful. My users are randomly experiencing an issue where they are asked to login to the app again. Please assist to advise what other settings need to be changed or what else I can investigate to find the problem.

1 Answer
0

Hello AWS-User-3095156,

Thank you for your question.

The issue you are having is your app users are experiencing a problem where after a successful login, they are prompted to log in again. You are asking which Amazon Cognito settings or configurations can be modified to prevent this.

Have your users received any errors when refreshing the token? If they have, check to see if the tokens have been revoked.

Check for the implicit grant type which results in a refresh token not returning per RFC standards. Per the enclosed documentation, “In an implicit grant, user pool tokens are exposed directly to the user. As a result, ID and access tokens have more potential to become compromised before they expire.”

I am listing recommendations for settings to check.

Check the InitiateAuth endpoint to ensure the token value listed is correct.

Check the value set for the UnusedAccountValidityDays.

Have users check to ensure they have confirmed their accounts as unconfirmed accounts will need to be authenticated again.

AWS CloudTrail will displays errors found in Amazon Cognito APIs and provides a log of requests made.

Documentation:

https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html

https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html

http://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

https://docs.aws.amazon.com/cognito/latest/developerguide/logging-using-cloudtrail.html

https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#revoke-tokens-api

https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions