adminitiateauth and refresh tokens

0

We use the adminInitiateAuth API in our backend to authenticate our clients. We have deployed our Auth API endpoints using API gateway and AWS Lambda with User pools

A web app user authenticates with cognito via our api and the backend admininitiateauth call returns access, id & refresh tokens. Then when the user refreshes their tokens and passes the refresh token to our api we see that admininitiateauth only returns access & id token and not an new refresh token.

How is the user expected to refresh the next time? Does a user only get one refresh?

There is NOTHING in the documentation as you why refreshing tokens via admininitiateauth does not return a new refresh token as well.

Anyone seen this and got any tips?

已提問 5 年前檢視次數 351 次
1 個回答
0

adminitiateauth never returns a new refreshtoken

I misunderstood how the refreshtokens work.

By increasing expiry time of refreshtoken we can extend the amount of time before the user needs to fully login again to obtain a new refresh token

已回答 5 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南