One thing that is not clear from the Cognito documentation is how to use refresh tokens when an application requires having federated login through Cognito and allowing regular Cognito user pool users to log in with username and password authentication using the hosted UI, especially within the context of a C# app.
From what I understand the login flow through the hosted UI for any federated login (specifically in my case, SAML) disallows the use of the SDK, including calling InitiateAuth() or AdminInitiateAuth(). In this case, no token could be refreshed except ones that come from the federated login provider. However, according to the docs, when logging in as a regular Cognito user you are supposed to use any of the aforementioned calls to get a refresh token which must be updated periodically. What makes this worse is that there is no way to distinguish between a user who used federated login and one who logged in using a user pool in my case (at least none that I've discovered).
My question is: is there a code sample for a C# app that uses the refresh token, but in the context of a mixed user pool login/federated login scenario (where sometimes getting a refresh token must be bypassed)? I also with the documentation was clearer about what to do in mixed scenarios like these.
AWS 官方已更新 2 年前