AWS Cognito - How to keep idToken alive forever?

Question

When the user gets authenticated, AWS Cognito provides three tokens - idToken, accessToken, and refreshToken.

AWS Cognito configurations only allow a maximum of 24 hours expiry time for idToken, see below image.

Now if we look at apps like Facebook, they never expire user login automatically. But in our case, the user needs to log in every 24 hours once.

Question: How can we keep idToken alive forever using refreshToken or something else? Please also guide me in case I need to do it on the server-side, what best I can do to ensure all idTokens are refreshed in a timely manner.

Answer 1

You cannot keep an ID token forever. As you noticed yourself, the maximum validity time for an ID token is 24 hours. There is literally nothing you could do to change this configuration.

There might be a way around it, but you need to keep refreshing the ID token using the refresh token. The refresh token can be configured to expire after 10 years. All you have to do is to keep on using it every time you see that the ID token expired. If you are using an SDK it will normally do it for you. You just sing in once and the SDK will keep on refreshing the ID token.

Just keep in mind that you will get a new ID token (as well as an access token) each time you use the refresh token. It does not update the validity of the original token.