Aws-sdk-android: Refresh token was not automatically refreshed by sdk

Created on 5 Apr 2020  路  2Comments  路  Source: aws-amplify/aws-sdk-android

Describe the bug
I've set Cognito tokens to expire in 1 day in order to test my handling of expired tokens. This is what happened next:

  • I logged in into my app on: 04/04/2020 01:00
  • I used the app again at: 04/04/2020 ~23:00 (app contacted DDB, uploaded some files to S3, etc)
  • I tried to use it again today at: 04/05/2020 ~17:30 and got into SIGNED_OUT_USER_POOLS_TOKENS_INVALID state.

How is it possible that tokens are expired now, shouldn't have SDK automatically refreshed them when I used app on 04/04/2020 at ~23:00?

Which AWS service(s) are affected?
Cognito

Expected behavior
I expected AWS SDK to automatically refresh tokens whenever my app contacts some AWS service, i.e. whenever getCredentials() is called in AWSMobileClient.

Environment Information (please complete the following information):

  • AWS Android SDK Version: 2.16.9
  • Device: Huawei Mate10Pro
  • Android Version: 9
  • Specific to simulators: No
AWSMobileClient Usage Question
Source
picture markorakita

Most helpful comment

Went a bit through the code, as I can see ID and Access tokens do get updated but Refresh token stays the same. It seems like you only get new Refresh token when you log in, and then it lasts until it expires depending on how long you've set its lifetime in Cognito app client settings. So basically there is no way to keep user logged in forever, when refresh token expires that's it.

I also found confirmation of this on AWS forums:

Yes, you only get a refresh token when you provide your username and password. The refresh token is long lived and the id and access token are only valid for 1 hour. Refresh tokens only give you a new id and access token, never a new refresh token. If your refresh token expires, you need to authenticate again.

Closing this issue now since this is by design.

picture markorakita on 6 Apr 2020
👍2 🚀1

All 2 comments

Tried it all again to confirm it was not an isolated case, happened again... Seems like SDK does not refresh Cognito tokens automatically.

markorakita picture markorakita on 6 Apr 2020

Went a bit through the code, as I can see ID and Access tokens do get updated but Refresh token stays the same. It seems like you only get new Refresh token when you log in, and then it lasts until it expires depending on how long you've set its lifetime in Cognito app client settings. So basically there is no way to keep user logged in forever, when refresh token expires that's it.

I also found confirmation of this on AWS forums:

Yes, you only get a refresh token when you provide your username and password. The refresh token is long lived and the id and access token are only valid for 1 hour. Refresh tokens only give you a new id and access token, never a new refresh token. If your refresh token expires, you need to authenticate again.

Closing this issue now since this is by design.

markorakita picture markorakita on 6 Apr 2020
👍2 🚀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

amadeu01 picture amadeu01  路  3Comments
chorniyn picture chorniyn  路  3Comments
yairkukielka picture yairkukielka  路  3Comments
yoshka88 picture yoshka88  路  3Comments
cmbaykal picture cmbaykal  路  4Comments