Amplify-js: Configure cognito refresh token expiration time

Created on 23 Mar 2018  路  5Comments  路  Source: aws-amplify/amplify-js

In my app, I make a call to getSession if the user refreshes the page or tries to access a client side rout that requires the user to be authenticated.

The problem I am seeing is that the refreshToken never expires.

So I do this:

const currentSession = await authorisationProvider.getSession();

this.setState({ isAuthenticated: currentSession && currentSession.isValid(), busy: false });

But having stepped through the code and if the cachedSession.isValid() call returns false then a call is made to refreshToken which always appears to return new tokens no matter how long I leave it.

Does the refreshToken never expire or can I configure it to expire in an hour or so?

The only way for things to expire is for localStorage.clear() to be called which is obviously not a real solution.

Auth question
Source
picture dagda1
👍1

Most helpful comment

Never mind, found it under App Clients in the Cognito management console

picture rdingwell on 12 Apr 2018
👍10

All 5 comments

By default, the refresh token expires 30 days after the user authenticates. When you create an app for your user pool, you can set the app's Refresh token expiration (days) to any value between 1 and 3650.

david114 picture david114 on 23 Mar 2018
👍5

Please feel free to repoen if @tipsfedora solution doesn't work for you.

mlabieniec picture mlabieniec on 25 Mar 2018

I know this issue is closed but I figured it would be useful to answer this question in the context of the original question here.

How do you set the refreshToken expiration period? I have not seen how to do this in the documentation or in the AWS Management consoles for either Cognito or my MobileHub app.

If it needs to be done in code is there an example available?

Thanks

rdingwell picture rdingwell on 12 Apr 2018

Never mind, found it under App Clients in the Cognito management console

rdingwell picture rdingwell on 12 Apr 2018
👍10

@tipsfedora what happend if we set the refresh token to 4 days for example, are we supposed to manage the expiration event or wtvr, for instance after 4 days the users will be disconnected or it's done automatically by amplify, so the user will be always connected ?

Jasminou picture Jasminou on 14 May 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  路  84Comments
mdoesburg picture mdoesburg  路  65Comments
jmandivarapu1 picture jmandivarapu1  路  49Comments
gHashTag picture gHashTag  路  135Comments
mayteio picture mayteio  路  91Comments