By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Working with the AWS SDK javascript v3 and using refresh tokens

0

Hi guys, hope your are doing well,

I've a doubt, I've been working in a API with Node (using sdk v3 and cognito). Here's my code:

app.get('/api/refresh-token', async (req, res) => {

const { refreshToken } = req.cookies;

if (!refreshToken) {
  return res
    .status(401)
    .json({ message: 'Unauthorized' });
}

console.log("This is the refreshToken in the cooki: ", refreshToken);


const userPoolId = process.env.USER_POOL_ID;
const clientId = process.env.CLIENT_ID;

const initiateAuthParams  = {
  AuthFlow: 'REFRESH_TOKEN_AUTH',
  ClientId: clientId,
  AuthParameters: {
    REFRESH_TOKEN: refreshToken,
  },
};

try {
  const response = await client.send(new InitiateAuthCommand(initiateAuthParams ));

  console.log("This is the acces token:", response.AuthenticationResult.AccessToken);

  return res.status(200).json({ message: Refresh token successfully' });
} catch (err) {
    return res
      .status(400)
      .json({ message: err.message});
}

});

And here is the problem, I want to renew the tokens from the refresh token saved in the cookie (the cookie contains a refresh token obtained from a previous method that uses the InitateAuthCommand and it's valid. But when I'm using the method above an error accours (status code = 400 just like the catch). It seems as the refresh token is a string obtained correctly but not valid. I say that because if we check this refresh token with Postman and send it to "cognito_domain/oauth2/token" with the correct params (grant_type=refresh_token, client_id=client_id_user_pool, refresh_token=our_refresh_token, all of these in the Body as "x-www-form-urlencoded"), then Postman returns status_code=400 and the message "invalid_grant". The post request in Postman works well, because if I launch the hostedUI from my Cognito User Pool and using the Authorization Code Grant Flow configured, then I obtain the code and again send the code with the apropiate configuration in Postman, and returns the tokens and also the refresh token. At this point if I use this refresh token to send with the previous configuration in Postman (with the grant_type=refresh_token, etc.) then Postman returns the valid id and access token. Well and that's it, now I thought if maybe the refresh token is only valid when we use the hosted UI and the Authorization Code Grant Flow ?. Thanks in advance !

Have an awesome day ahead.

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito
Language
English
AWS-User-3108276
asked 7 months ago650 views
1 Answer
0
Accepted Answer

Eyy !! I've checked some code, and I found what happen. The problem was we need a user pool with a client secret, and using a hash function to add the client_secret, client_id and username. Now I've checked all these modifications in my code and now I can obtain new access and id tokens through the refresh token. And that's it. If you have some recommendations go ahead, always is interesting to talk about. Thanks !

AWS-User-3108276
answered 7 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content