AWS Cognito/Amplify returning empty refresh token

Question

I have a userpool in cognito which uses Google as the identity provider. Now, using Amplify, we do a FederatedSign with provider as 'Google' as shown below.

Auth.federatedSignIn({ provider: "Google" });.

This gives me back the access token, id token. But the refresh token is empty. This is for the oauth responseType:'token' configuration.

I have seen elsewhere that we need to change the grant type to 'code' i.e responseType: 'code' in order to get the refresh token.

But in this scenario, I am getting 'code = some-value' in the callback url and not the access token and refresh token.

What am I missing here?

My aim is to be able to get the refresh token - and using this Amplify would refresh the session once the access token in invalid.

Answer 1

You need to change oauth.responseType in your config to 'code' instead of 'token'. I'm getting an error when I do that and I'm not sure why, but this is what I found you need to do.

Answer 2

I am using parseCognitoWebResponse and had the same problem.

1. Within your User Pool go to App Clients. Check your Cognito App Client and make sure no client secret is generated. If it is filled in recreate an App Client without generating a Client Secret

2. Change the response_type to code

window.location.href = `https://${yourCognitoDomain}?response_type=code&client_id=${yourClientId}&redirect_uri=${cognitoRedirectUrl}`