I'm testing with AWS's Cognito. At this point, I can get back my IdToken
, AccessToken
, and RefreshToken
like this:
$ aws cognito-idp admin-initiate-auth --user-pool-id us-east-1_XXXXXXXX --client-id XXXXXXXXXXXXXXXXXXXXXXX --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=XXXXXXXXXXXXX,PASSWORD=XXXXXXXXXXXXX --region us-east-1
Then I tried the default web page (provided by Cognito) at a URL like this:
https://test-cognito.auth.us-east-1.amazoncognito.com/login?response_type=token&client_id=XXXXXXXXXXXXXXXXXXXXXX&redirect_uri=https://example.com
This URL will take me to a page where I have to authenticate and once the process is done it will take me back to my redirect_url
with previously mentioned IDs appended:
https://example.com#id_token=XXXXX.XXXXXX.XXXXXX&access_token=XXXXXX.XXXXXXX.XXXXXXX&expires_in=3600&token_type=Bearer
But there's no sign of refresh_token
! How can I get my refresh_token
in this scenario?
Get a refresh token. To get a refresh token, you send a request to your Okta Authorization Server. The only flows that support refresh tokens are the authorization code flow and the resource owner password flow.
Initiate new refresh tokens (API)Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter. The authorization parameter, AuthParameters , is a key-value map where the key is "REFRESH_TOKEN" and the value is the actual refresh token. Amazon Cognito returns new ID and access tokens after your API request passes all challenges.
If your application uses refresh token rotation, it can now store it in local storage or browser memory. You can use a service like Auth0 that supports token rotation.
I don't think that is possible at present. AWS clearly states that refresh token is only available if the flow type is Authorization Code Grant
.
What you are trying is Implicit Grant
. The responseType is set to token
in your case. For Authorization Code Grant, set the grant type to code
but that will also need you to store the client secret in the app.
Source- https://developer.amazon.com/docs/login-with-amazon/refresh-token.html.
For more info on grant types - https://alexbilbie.com/guide-to-oauth-2-grants/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With