I'm using the AWS Cognito JavaScript SDK to authorize and authenticate users in my React Native app.
I've managed to provide and store an IdentityId for users. Users who do not log in have access to part of my app as long as we authorize them with a confirmation because of Federated Identities / IAM. This all works well.
My question is, after an hour the token is expiring and their access is being limited because of it. What should be the process here? Do I retrieve new tokens, or do some sort of token refresh? What does that look like?
There is so much AWS Cognito documentation out there but I haven't really been able to find exactly what I need; and on top of, that I'm finding it really confusing to tell what I need for a successful Federated Identities / IAM authorization flow vs. what I need for a successful User Pool / log in flow.
By default, Amazon Cognito refresh tokens expire 30 days after a user signs in to a user pool. When you create an app, you can set the app's refresh token expiration to any value between 60 minutes and 10 years.
If the refresh token is expired, your app user must re-authenticate by signing in again to your user pool. If the minimum for the access token and ID token is set to 5 minutes, and you are using the SDK, the refresh token will be continually used to retrieve new access and ID tokens.
Refresh tokens have a longer lifetime than access tokens. The default lifetime for the refresh tokens is 24 hours for single page apps and 90 days for all other scenarios. Refresh tokens replace themselves with a fresh token upon every use.
you have the credentials... and you called credentials.get() that first time... now on a timer after 55mins call credentials.refresh()... so you will have the credentials updated before they expire (do it every time you get a new credential... in 55mins refresh)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With