Approach for logging an user out of AWS Cognito after 20 minutes of inactivity

Asked Feb 05 '23 at 21:43

Active Feb 05 '23 at 22:48

Viewed 379 times

If I want the user to be logged out after 20 minutes of inactivity - is this approach valid?

Set up Post Authentication Lambda Trigger
In the Lambda listen for API calls
If 20 minutes has passed and no API calls have been made then call RevokeToken

Is this approach going to allow me to log out the user after 20 minutes of inactivity?

edited Feb 05 '23 at 22:48

John Rotenstein

asked Feb 05 '23 at 21:43

Related: [Best approach for limiting Amazon Cognito concurrent logins](https://repost.aws/questions/QUvCK68PkCSAaMS9fcNI1k0w/best-approach-for-limiting-amazon-cognito-concurrent-logins). – jarmod Feb 05 '23 at 22:20
This sounds backwards to me. Would you instead set the token expiry to 20-30 minutes and have a refresh token that gets used if the client is active : https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html. Custom token expiration : https://stackoverflow.com/questions/42712872/how-to-modify-expiry-time-of-the-access-and-identity-tokens-for-aws-cognito-user – lloyd Feb 06 '23 at 02:53
Thank you for this info @lloyd however this doesn't deal with the tracking of user inactivity. Also as stated in the documentation, the minimum you can set expiry to is 60minutes. – i'i'i'i'i'i'i'i'i'i Feb 07 '23 at 13:16

0 Answers0