We use the adminInitiateAuth API in our backend to authenticate our clients. We have deployed our Auth API endpoints using API gateway and AWS Lambda with User pools
A web app user authenticates with cognito via our api and the backend admininitiateauth call returns access, id & refresh tokens. Then when the user refreshes their tokens and passes the refresh token to our api we see that admininitiateauth only returns access & id token and not an new refresh token.
How is the user expected to refresh the next time? Does a user only get one refresh?
There is NOTHING in the documentation as you why refreshing tokens via admininitiateauth does not return a new refresh token as well.
Anyone seen this and got any tips?