2

I keep on getting an "invalid grant" error, yet for what I can tell I am doing it all as per spec. I can get the tokens just fine:

aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=admin,PASSWORD=adminadmin,SECRET_HASH=Ol... --client-id 2pg...

That command gets me this:

Tokens Generated by AWS CLI

Yet when I actually try to use the refresh token, I keep on getting:

An error occurred (NotAuthorizedException) when calling the InitiateAuth operation: Invalid Refresh Token.

Invalid Refresh Token

App client seem to be configured properly. I don't have device tracking setup and the app config seems to allow refresh tokens too:

Cognito App Config - Refrehs

Similar error when invoking oauth2/token endpoint via Insomina:

Insomnia Error

Where did I go wrong? Any help is greatly appreciated.

Nick G.
  • 557
  • 9
  • 18
  • having the same with "Invalid Refresh Token", which used to work ok.. checked the devices (which showed only on the old interface) but didn't help. – Pam Stums May 26 '22 at 12:22

1 Answers1

1

Turned out this behaviour was due to the device tracking being turned on. Not sure it's a bug or a feature, but after turning it off refresh tokens started to work like charm:

Device Tracking in Cognito

Nick G.
  • 557
  • 9
  • 18