How to use aws cognito refresh token

Hi there,
This may not be directly related to serverless framework but I need some help.

I have an api endpoint that return cognito id token that can be used to access others api end point.
But the token is expired in an hour. Is there any way to extend the period (as aws documentation- is it not possible).

By the way, my api is access from web(javascript) and ios. Can they use refresh token to get new valid id token? If so, how to do that?

Many thanks,
Kind Regards,
John

Take a look on below topics, let me know if they are helpful or not.

  1. Using the Refresh Token

https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token

Using the Refresh Token
To use the refresh token to get new tokens, use the InitiateAuth, or the AdminInitiateAuth API methods. The auth flow type is REFRESH_TOKEN_AUTH. The authorization parameters, AuthParameters, are a key-value map where the key is “REFRESH_TOKEN” and value is the actual refresh token.

  1. aws cli to use refresh token

https://docs.aws.amazon.com/ja_jp/cli/latest/reference/cognito-idp/initiate-auth.html

  1. API

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

1 Like

You can refresh the id token using the refresh token that is returned when you authenticate against the user pool. The refresh token also has an expiration time - but that is configurable. The refresh token lifespan depends on the configuration of the user pool client you are using when you authenticate. The max expiration is 10 years.

On the web side, you would refresh like this:

const userPool = new AmazonCognitoIdentity.CognitoUserPool({
    UserPoolId : <your user pool id>
    ClientId : <your user pool client id - this controls refresh token expiration>
});
const cognitoUser = new AmazonCognitoIdentity.CognitoUser({
	Username : <username>,
    Pool : userPool
});

const authDetails = new AmazonCognitoIdentity.AuthenticationDetails({
    Username: <username>,
    Password: <password>
});

// Authenticate user
cognitoUser.authenticateUser(authDetails, {
	onSuccess: (result => {
		const refreshToken = result.getRefreshToken().getToken(); // Will need to save this 
	});
});

// Refresh later on
cognitoUser.refreshSession(refreshToken, callback) // This will refresh idToken

Look at https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js - Use case 32.

The Cognito iOS library should have similar functionality.

@bill’s response has to do with refreshing tokens and AWS credentials if you have integrated Cognito User Pool with Cognito Identity Pool, which is a whole other set of complexity. Unfortunately the AWS docs don’t really explain the difference too well.

2 Likes

Thanks Brian @bwinant. That is awesome. It is the solution that I am looking for. :slight_smile:

@JohnWai how did you implement the refresh token? Currently facing similar issues.