Reputation: 597
I keep on getting an "invalid grant" error, yet for what I can tell I am doing it all as per spec. I can get the tokens just fine:
aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=admin,PASSWORD=adminadmin,SECRET_HASH=Ol... --client-id 2pg...
That command gets me this:
Yet when I actually try to use the refresh token, I keep on getting:
An error occurred (NotAuthorizedException) when calling the InitiateAuth operation: Invalid Refresh Token.
App client seem to be configured properly. I don't have device tracking setup and the app config seems to allow refresh tokens too:
Similar error when invoking oauth2/token endpoint via Insomina:
Where did I go wrong? Any help is greatly appreciated.
Upvotes: 3
Views: 1954
Reputation: 597
Turned out this behaviour was due to the device tracking being turned on. Not sure it's a bug or a feature, but after turning it off refresh tokens started to work like charm:
Upvotes: 2