By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Amplify token issue

0

We use Amplify to build a Next.js APP, a medium-sized e-commerce website. I use Amplify Auth to do the Sign In feature, I read the document, It will save the tokens in localStorage and use the refresh token automatically.

I am not sure if it is safe for my website. dunno why Amplify doesn't set tokens in cookies

  1. Should I change the default settings, then save tokens in cookies?
  2. If using cookies to save tokens, how can I set the refresh token by myself efficiently?
Topics
Front-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS AmplifyAmazon Cognito
Language
English
Lily
asked 24 days ago62 views
1 Answer
3

Yes, in view of security as priority, compare to local vs. cookies with secure transaction say HTTPS.

For Amplify Gen 2:

Amplify.configure({
  ssr: true // Enables cookie storage for authentication tokens
});

For Amplify Gen 1:

import { CookieStorage } from 'aws-amplify/utils';
import { cognitoUserPoolsTokenProvider } from 'aws-amplify/auth/cognito';

cognitoUserPoolsTokenProvider.setKeyValueStorage(new CookieStorage());
EXPERT
Kidd Ip
answered 20 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content