Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can't find refresh token when Cognito redirects back to my URL

Tags:

amazon-web-services

refresh-token

jwt

amazon-cognito

I'm testing with AWS's Cognito. At this point, I can get back my IdToken, AccessToken, and RefreshToken like this:

$ aws cognito-idp admin-initiate-auth --user-pool-id us-east-1_XXXXXXXX --client-id XXXXXXXXXXXXXXXXXXXXXXX --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=XXXXXXXXXXXXX,PASSWORD=XXXXXXXXXXXXX --region us-east-1

Then I tried the default web page (provided by Cognito) at a URL like this:

https://test-cognito.auth.us-east-1.amazoncognito.com/login?response_type=token&client_id=XXXXXXXXXXXXXXXXXXXXXX&redirect_uri=https://example.com

This URL will take me to a page where I have to authenticate and once the process is done it will take me back to my redirect_url with previously mentioned IDs appended:

https://example.com#id_token=XXXXX.XXXXXX.XXXXXX&access_token=XXXXXX.XXXXXXX.XXXXXXX&expires_in=3600&token_type=Bearer

But there's no sign of refresh_token! How can I get my refresh_token in this scenario?

like image 972
Mehran Avatar asked Apr 24 '18 12:04

Mehran

People also ask

How do I recover my refresh token?

Get a refresh token. To get a refresh token, you send a request to your Okta Authorization Server. The only flows that support refresh tokens are the authorization code flow and the resource owner password flow.

How do I refresh my Cognito access token?

Initiate new refresh tokens (API)Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter. The authorization parameter, AuthParameters , is a key-value map where the key is "REFRESH_TOKEN" and the value is the actual refresh token. Amazon Cognito returns new ID and access tokens after your API request passes all challenges.

Where are refresh tokens stored?

If your application uses refresh token rotation, it can now store it in local storage or browser memory. You can use a service like Auth0 that supports token rotation.

1 Answers

I don't think that is possible at present. AWS clearly states that refresh token is only available if the flow type is Authorization Code Grant.

What you are trying is Implicit Grant. The responseType is set to token in your case. For Authorization Code Grant, set the grant type to code but that will also need you to store the client secret in the app.

Source- https://developer.amazon.com/docs/login-with-amazon/refresh-token.html.

For more info on grant types - https://alexbilbie.com/guide-to-oauth-2-grants/

like image 166
Rajesh Panda Avatar answered Sep 21 '22 07:09

Rajesh Panda
Sign in to Comment

Related questions

Printf Statement not working on lambda
Is there a way to parameterize cloud formation resource names?
AWS ELB throwing 5XX but the registered instances are not throwing 5XX errors
Running a cron job in Elastic Beanstalk
How do you call adminInitiateAuth from NodeJS Lambda?
Independent python subprocess from AWS Lambda function
How to copy folder from S3 to elastic beanstalk instance on instance creation
Django doesn't see environment variables when deployed to Elastic Beanstalk
How to Use AWS S3 C++ SDK TransferManager DownloadFile Callback
SSH connection in Amazon lightsail
How to update a string set In DDB that is nested inside a map
I'm uploading data from my Swift app to Amazon S3 and it drains battery like nothing else. How can this be avoided?
How to add a security group to an existing EC2 instance with CloudFormation
Sklearn on aws lambda
How can I sync data in S3 between a Beijing(China) bucket and a global one?
AWS RDS - IAM Database Authentication with Rails
Connect to Active MQ with golang
IAM role inside SAM template
How can we create database and table in Amazon Athena using CloudFormation
How to actually track S3 upload progress (JavaScript SDK)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!