How can logout from all devices in AWS Cognito?

Question

I am developing a react native mobile app. I want my user to login in one device with once account. If a user tries to login to another mobile device with same account, he should be logout from the first mobile device. but official docs of AWS cognito provide two options either logout or global logout. In global logout it logs user out from device 1 and 2 both. what is expected If a user logs in second mobile device it should automatically be logout from the other one.

Please see the attached SDK link. see here

What I have already tried?

Through the AdminUserGlobalSignOut method, we are only able to revoke refresh tokens. It invalidates all refresh tokens that Amazon Cognito has issued to a user. The user's current access and ID tokens remain valid until they expire. By default, access and ID tokens expire one hour after they're issued. see detail for AdminUserGlobalSignOut here https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminUserGlobalSignOut-property. See here

We need to immediately invalidate the user's current access and ID tokens when invalidates all refresh tokens or successfully calls AdminUserGlobalSignOut, Don't wait to expire The user's current access and ID tokens.

Answer 1

Unfortunately, you can't do that. There are few approaches to authentication, the JWT Cognito uses is one of them. The pros is you're not keeping track of the authorization on your side, but you include the expiration date in the token. You can't choose which tokens to revoke, only way is to rotate private key, but in that case you force all users on all devices to relog.

In your case you need to store info about logged devices on server side, and additionally verify those with Cognito hooks.