Amplify-js: Refreshing access token

Created on 6 Dec 2017  路  8Comments  路  Source: aws-amplify/amplify-js

Is the access token automatically refreshed as documented here http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token . If so what is the recommended way of subscribing to refreshed access token?

Auth feature-request
Source
picture adamjv90

Most helpful comment

@mlabieniec If we need to sign sig4 manually, is there a way to subscribe to the JWT refresh?

picture CHR15- on 10 Aug 2018
👍12

All 8 comments

At anytime you can get current session which contains current valid access token. Issue 37 has an example on idToken

const options = {
    headers: {
      Authorization: Auth.currentSession().idToken.jwtToken      
    }
  }
  return await API.get(name, '/path', options);

Thanks,
Richard

richardzcode picture richardzcode on 8 Dec 2017

@adamjv90 currently there is not a way of "subscribing" to the token refresh, it occurs automatically. This method will automatically refresh your credentials if they are expired.

Would your use case be to have the ability to subscribe to this at an interval or provided time (1 hour before etc.) or would you want to be notified when they are expired?

mlabieniec picture mlabieniec on 12 Dec 2017

@mlabieniec I might have a similar use case, we're using the accessToken to make requests to a backend (which is hooked into the same cognito user pool). But since we copy the JWT to another place in the frontend for this, we would use an expired token after a while - If I understand this correctly.

What would be the recommended way to use an up-to-date token without having the fetch the cognito session every time we talk to the other backend?

timotgl picture timotgl on 28 Feb 2018
👍4

@mlabieniec Thanks for reopening the issue. Being notified when the token has changed would be perfect.

https://github.com/aws/aws-amplify/blob/master/packages/aws-amplify/src/Auth/Auth.ts#L872 seems to suggest that the refresh happens when the token would expire in under 10 minutes? Does this require active use of the library or is it polling on its own with a set interval?

timotgl picture timotgl on 1 Mar 2018

@timotgl there is no polling right now. Currently it just checks and refreshes when an API method or any other method that requires credentials is called (prior) with the keepAlive method. What we can do is use the Hub dispatcher (light weight pub/sub utility within amplify) to dispatch (and allow subscription to) an event and use an interval for this feature which would dispatch it N minutes before expiration.

mlabieniec picture mlabieniec on 1 Mar 2018

Closing as Amplify now will automatically refresh the session. https://github.com/aws/aws-amplify/wiki/FAQ

powerful23 picture powerful23 on 1 Jun 2018

@mlabieniec If we need to sign sig4 manually, is there a way to subscribe to the JWT refresh?

CHR15- picture CHR15- on 10 Aug 2018
👍12

It seems refreshing Google token only works automatically in browser environments. It doesn't work on react-native apps except for Expo maybe.

usmansbk picture usmansbk on 20 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vsrivatsan89 picture vsrivatsan89  路  78Comments
martimarkov picture martimarkov  路  74Comments
nomadus picture nomadus  路  57Comments
baharev picture baharev  路  132Comments
mayteio picture mayteio  路  91Comments