Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cognito does not support the rotation of refresh tokens?

4

Hello, I would like to know if AWS supports the rotation of refresh tokens.

If not, why? Do you think to add this feature?

  • Chirag_R SUPPORT ENGINEER
    3 years ago

    Can I request you to accept this answer in the link ? It will help me alot. Thanks

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
Amazon CognitoAmazon Cognito User PoolsSecurity
Language
English
asked 3 years ago3.8K views
2 Answers
1

Cognito doesn't support refresh token rotation. By increasing expiry time of refreshtoken we can extend the amount of time before the user needs to fully login again to obtain a new refresh token. I did found a 3rd party article regarding how to use the refresh token. [1]

Link- https://advancedweb.hu/how-to-use-the-refresh-token-with-cognito/ -- [1]

Regarding the feature request, I would recommend opening up a case with the AWS Support Team & work with them directly.

AWS
SUPPORT ENGINEER
answered 3 years ago
  • Hugo C
    3 years ago

    Thank you for your answer

    I will do this

0

Hi,

As of April 2025, AWS Cognito now supports refresh token rotation:- https://tricksumo.com/amazon-cognito-refresh-token-rotation/

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content