I am not understanding something about Amazon Cognito. If JWT tokens are only good for an hour, then they need to refresh, but how should my app do this? How does this happen? Do you just request new tokens and it remembers the session you are in? Also, do you store the JWT tokens in the state? I'm not understanding this, if anyone can help out I would appreciate it. Thanks!
Asked
Active
Viewed 178 times
1 Answers
1
When asking for token, if the grant_type is authorization_code the token endpoint returns refresh_token
Sample:
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token":"eyJz9sdfsdfsdfsd",
"refresh_token":"dn43ud8uj32nk2je",
"id_token":"dmcxd329ujdmkemkd349r",
"token_type":"Bearer",
"expires_in":3600
}
Then you can exchange the refresh token at the token endpoint to get another token
POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token >
Content-Type='application/x-www-form-urlencoded'
Authorization=Basic aSdxd892iujendek328uedj
grant_type=refresh_token&
client_id=djc98u3jiedmi283eu928&
refresh_token=REFRESH_TOKEN
qkhanhpro
- 4,371
- 2
- 33
- 45
-
Thanks @qkhanhpro! How does it work if a user leaves his computer for an hour and comes back. I want them to still be logged in. Do you automatically request a new token when this happens? How does this work? – matt May 14 '20 at 15:02
-
If you use the JS SDK, you will get token refresh automatically https://stackoverflow.com/questions/37442973/cognito-user-pool-how-to-refresh-access-token-using-refresh-token Else you will need to implement your own mechanism – qkhanhpro May 15 '20 at 05:06