Reputation: 2441
Refresh Cognito access token after adding user to a Cognito
Yello, I have the following scenario.
After first user login the users have to select their type, I got this working by calling a lambda that adds the user to appropriate Cognito Group.
After that call succeeds I want to refresh user session in my React App which I do by calling the following code:
refreshSession = () => {
return new Promise((resolve, reject) => {
this.props.authenticatedUser.refreshSession(this.props.authenticatedUser.signInUserSession.refreshToken, () => {
Auth.currentAuthenticatedUser()
.then(updatedAuthUser => {
this.props.onUserAuthenticated(updatedAuthUser); // update redux state
resolve();
})
.catch(err => {
console.log(err);
reject();
});
});
});
};
It does the job when it comes to updating the values of the idToken - the idToken payload has the updated user groups and roles.
The issue I am having is in an API call I do after the call to my refreshSession function defined above. The lambda call behaves as if the user does not belong to the Cognito Group that it was added to and I get a 403 response. If I logout and login again I can call the API successfully.
So effectively I am doing something like (pseudo code):
addUserToCognitoGroup()
.then(() => {
// user is added to Cognito Group
refreshIdToken().then(() => {
// my idToken seems to be refreshed
doSomethingThatRequiresMembershipInTheGroup() // this API call returns 403
})
I assume it might have something to do with my code not refreshing access token, but I am struggling to find a way to correctly refresh the whole user session.
My package.json dependencies
"dependencies": {
"amazon-cognito-identity-js": "^2.0.11",
"aws-amplify": "^0.4.6",
"aws-api-gateway-client": "^0.2.13",
"aws-sdk": "^2.263.1",
"aws-serverless-express": "^3.2.0",
"aws4": "^1.6.0",
"axios": "^0.18.0",
"express": "^4.15.2",
"graphql": "^0.13.2",
"lodash": "^4.17.10",
"moment": "^2.22.2",
"react": "^16.4.1",
"react-bootstrap": "^0.32.1",
"react-dom": "^16.4.1",
"react-intl": "^2.4.0",
"react-redux": "^5.0.7",
"react-router": "^4.3.1",
"react-router-bootstrap": "^0.24.4",
"react-router-dom": "^4.3.1",
"react-scripts": "^1.1.4",
"react-table": "^6.8.6",
"redux": "^4.0.0"
}
Any pointers would be much appreciated :)
Upvotes: 4
Views: 1180
Answers (1)
Reputation: 2441
After trying again today I noticed that I could avoid getting a 403 if I reloaded the page after the user was added to Cognito Group.
That got me to go and debug Amplify's Auth API and I noticed that it called a function named _setCredentialsFromSession at some point. So I went and modified my code to this (currentUserCredentials makes the call to _setCredentialsFromSession):
refreshSession() {
return new Promise((resolve, reject) => {
this.props.authenticatedUser.refreshSession(this.props.authenticatedUser.signInUserSession.refreshToken, () => {
Auth.currentUserCredentials().then(() => {
Auth.currentAuthenticatedUser().then(updatedAuthUser => {
this.props.onUserAuthenticated(updatedAuthUser);
resolve();
})
.catch(err => {
console.log(err);
reject();
});
});
});
});
Feels a bit dirty, but it works now. If someone finds a better solution do let me know.
Upvotes: 2
Related Questions
- how handle refresh token service in AWS amplify-js
- Best practice/method to refresh token with AWS Cognito and AXIOS in ReactJS
- How can I force a cognito token refresh from the client
- aws cognito - how to keep the id token refresh at the right time in frontend
- AWS Cognito: Generate token and after refresh it with amazon-cognito-identity-js SDK
- How to listen to auth state changed in aws cognito?
- AWS Cognito Authentication in Reactjs
- AWS Cognito/Amplify returning empty refresh token
- How to automatically refresh Cognito Token in a page
- Persist AWS Cognito User with Amplify