Nick G.
Nick G.

Reputation: 597

Refreshing tokens in Cognito constantly fails with "invalid_grant" / "Invalid Refresh Token" error

I keep on getting an "invalid grant" error, yet for what I can tell I am doing it all as per spec. I can get the tokens just fine:

aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=admin,PASSWORD=adminadmin,SECRET_HASH=Ol... --client-id 2pg...

That command gets me this:

Tokens Generated by AWS CLI

Yet when I actually try to use the refresh token, I keep on getting:

An error occurred (NotAuthorizedException) when calling the InitiateAuth operation: Invalid Refresh Token.

Invalid Refresh Token

App client seem to be configured properly. I don't have device tracking setup and the app config seems to allow refresh tokens too:

Cognito App Config - Refrehs

Similar error when invoking oauth2/token endpoint via Insomina:

Insomnia Error

Where did I go wrong? Any help is greatly appreciated.

Upvotes: 3

Views: 1954

Answers (1)

Nick G.
Nick G.

Reputation: 597

Turned out this behaviour was due to the device tracking being turned on. Not sure it's a bug or a feature, but after turning it off refresh tokens started to work like charm:

Device Tracking in Cognito

Upvotes: 2

Related Questions