Hello,
In the example
Use case 16. Retrieving the current user from local storage.
var poolData = {
UserPoolId : '...', // Your user pool id here
ClientId : '...' // Your client id here
};
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();
if (cognitoUser != null) {
cognitoUser.getSession(function(err, session) {
if (err) {
alert(err);
return;
}
console.log('session validity: ' + session.isValid());
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId : '...', // your identity pool id here
Logins : {
// Change the key below according to the specific region your user pool is in.
'cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>' : session.getIdToken().getJwtToken()
}
});
// Instantiate aws sdk service objects now that the credentials have been updated.
// example: var s3 = new AWS.S3();
});
}
If cognitoUser !== null, can we straightaway conclude that user is logged in? If not, then under what condition will a cognitoUser!==null but the session.isValid() is false?
Thanks.
After logging in, we retrieve access, id, and refresh tokens from the service. The access and idToken are valid for 1 hour and in the meanwhile, you can call service methods for which the user needs to be authenticated such as retrieving user attributes, etc. isValid just checks inside the access token to see if the expiry date has passed, meaning it can make a potentially successful call.
Thank you for the reply.
Am I right that Cognito automatically refresh the tokens?
In the event that isValid is false, what do I need to do to refresh the session again?
Yes, if you would wrap calls you make with a getSession, you would always have a valid session since we use the refresh token. When the refresh token is expired, you would need to authenticate again.
Most helpful comment
Yes, if you would wrap calls you make with a getSession, you would always have a valid session since we use the refresh token. When the refresh token is expired, you would need to authenticate again.