Menu
Prior to every call made to the backend, I used Auth.currentAuthenticatedUser() to obtain idToken.jwtToken and pass it in the header of my request to the backend server for data.
Is there a difference between using Auth.currentSession() instead of Auth.currentAuthenticatedUser() for my use-case? Does Auth.currentAuthenticatedUser() refresh the token once it has expired, similar to Auth.currentSession()?
344
The user authentication is visible at user end. The user authorization is not visible at the user end. The user authentication is identified with username, password, face recognition, retina scan, fingerprints, etc. The user authorization is carried out through the access rights to resources by using roles that have been pre-defined.
Example: Employees in a company are required to authenticate through the network before accessing their company email. Example: After an employee successfully authenticates, the system determines what information the employees are allowed to access. Writing code in comment?
Generally, transmit information through an Access Token. The OpenID Connect (OIDC) protocol is an authentication protocol that is generally in charge of user authentication process. The OAuth 2.0 protocol governs the overall system of user authorization process. 2FA/MFA (Two-Factor Authentication / Multi-Factor Authentication)
Both Authentication and Authorization area units are utilized in respect of knowledge security that permits the safety of an automatic data system. Each area unit terribly crucial topics usually related to the online as key items of its service infrastructure.
The documentation for amplify auth is still very poor, so I looked into the source code for @aws-amplify/auth and amazon-cognito-identity-js packages and these are the findings:
currentAuthenticatedUser will try to retrieve authenticated user info from localstorage (unless your storage options is configured otherwise). If it doesn't exist in storage, then it will make api calls to retrieve user info which involves automatically refreshing the user session in the process.currentSession will not check the local storage and always invoke the API which also involves automatically refreshing the user session if expired.So to answer your question directly, the Auth.currentAuthenticatedUser() method doesn't always give you a valid token. If your storage contains an expired token, it will just return that. This would require you to call user.getSession() on the returned user object to request for a new session/token manually. I recommend that you use Auth.currentSession() since this handles the token refresh automatically and always returns a valid token.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
