Reputation: 453
amazon-cognito-identity-js refresh token expiration handling
When retrieving the id token via get session, cognito identity js automatically retrieves a new access token with it's refresh token, if the access token has expired. However I want to implement correct handling if also the refresh token is expired, but it's hard to test because the minimum expiration time for the refresh token is 1 day.
It would be nice to know if either:
There is any other way how i can properly test what happens when the access and refresh token are expired (so I can test redirection to login page)
Which code path is called or how i can catch the case where the refresh token is expired
Code:
getIdToken(callback: Callback): void {
if (callback == null) {
throw("callback is null");
}
if (this.getCurrentUser() != null) {
this.getCurrentUser().getSession(function (err, session) {
if (err) {
console.log("error: " + err);
callback.callbackWithParam(null);
} else {
if (session.isValid()) {
console.log("returning id token");
callback.callbackWithParam(session.getIdToken().getJwtToken());
} else {
console.log("got the id token, but the session isn't valid");
}
}
});
}
else
callback.callbackWithParam(null);
}
My guess is that got the id token, but the session isn't valid will be called, as when the refresh token is valid it automatically refreshes the access token and the session is valid again.
Upvotes: 3
Views: 3157
Answers (1)
Reputation: 453
When logging in into Kibana i got the following message:
com.amazonaws.services.cognitoidp.model.NotAuthorizedException: Refresh Token has expired (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: ...)
In this case the err branch would be called
if (err) {
console.log("error: " + err);
callback.callbackWithParam(null);
}
So the handling for the expiration of the refresh token is needed to be done there. However, i settled on redirecting the user to the login page in each case except session.isValid()
Hope this helps someone out there :)
Upvotes: 2
Related Questions
- AWS Cognito - Invalid Refresh Token
- AWS Cognito: Generate token and after refresh it with amazon-cognito-identity-js SDK
- Problem refreshing the AWS Cognito ID Token
- AWS Cognito - Use Refresh Token immediately after login
- How to refresh the IdToken using refreshToken Value in AWS Cognito?
- AWS Cognito Identity Pool: AWS Credentials Expiration / Renewal
- Cognito Refresh Token Expires prematurely
- How to manually expire the token of login cognito -user in Nodejs
- Using Amazon Cognito Refresh Token to get new token in javascript
- AWS cognito for javascript webapp. How to check if cognito token has expired or not