adminitiateauth and refresh tokens

Question

We use the adminInitiateAuth API in our backend to authenticate our clients. We have deployed our Auth API endpoints using API gateway and AWS Lambda with User pools  
  
A web app user authenticates with cognito via our api and the backend admininitiateauth call returns access, id & refresh tokens. Then when the user refreshes their tokens and passes the refresh token to our api we see that admininitiateauth only returns access & id token and not an new refresh token.  
  
How is the user expected to refresh the next time? Does a user only get one refresh?  
  
There is NOTHING in the documentation as you why refreshing tokens via admininitiateauth does not return a new refresh token as well.   
  
Anyone seen this and got any tips?

Mark Lloyd · Answer

adminitiateauth never returns a new refreshtoken  
  
I misunderstood how the refreshtokens work.  
  
By increasing expiry time of refreshtoken we can extend the amount of time before the user needs to fully login again to obtain a new refresh token

adminitiateauth and refresh tokens

添加回答

相关内容