Reputation: 61
Cognito - User Pools App Integration and Federation - ¿How refresh id_token?
Im using a new feature of AWS Cognito, its an App integrated with User Pool for more detail see https://github.com/aws/amazon-cognito-auth-js. Here there is an example, in this example I can get the id token, the access token but the refresh token is empty.
I checked the documentation in Amazon Congito --> Amazon Cognito API Reference --> Amazon Cognito Auth API Reference --> AUTHORIZATION Endpoint
- For scope without openid
"The Amazon Cognito authorization server redirects back to your app with access token. Since openid scope was not requested, an ID token is not returned. A refresh token is never returned in this flow. Token and state are returned in the fragment and not in the query string".
- For scope with openid
"The authorization server redirects back to your app with access token and ID token (because openid scope was included)."
Note: Here dont said nothing about refresh token, but its response this endopoint is
Then ¿I dont know how a can refresh my id_token to use for more than an hour? (whit openid scope)
Upvotes: 1
Views: 1444
Answers (2)
Reputation: 5801
There's a lot going on in this question and answer. I'll say that for me, switching to a user pool with no secret key did the trick.
Upvotes: 0
Reputation: 61
There are two auth flow
- implicit flow: Only sends tokenId an Access Token
- Auth grant flow:At first you get a code, that you can interchange for a triplet token (TokenId, Access Token and Refresh Token)
I was using implicit flow and for this I couldnt get the refresh token. In the example, in the index.html file, there is a line "auth.useCodeGrantFlow();" If you uncomment this line you switch implicit flow --> Auth grant flow. In this moment there is a pull request because there is a bug in this flow. For more detail enter link description here (pull request #32)
I have changed dist/amazon-cognito-auth.js file for the same file from the pull request and it work fine
Note: Is important configure your app in Cognito User pool without Secret because if you dont do this you have "invalid_client" error. This is because the sdk doesnt contemplates the header "Authorization" when does the post to /oauth/token endopoint in the Auth grant flow
Upvotes: 2
Related Questions
- Cognito User Pool: How to refresh Access Token using Refresh Token
- How to remember & autorefresh login token when using Amazon Web Services Cognito Userpool?
- AWS Cognito - Access and refresh token
- How do AWS Cognito Authentication tokens refresh
- How to refresh token in AWS Cognito using Android SDK?
- Cognito User Pool: How to refresh Access Token Android
- AWS Cognito: what the url for refreshing of token_id (AdminInitiateAuth)?
- Refresh Token AWS Cognito User Pool
- Cognito User Pool - Are refresh tokens tied to client ID?
- AWS Cognito - How to update developer authenticated users token?