amazon-cognito-auth-js icon indicating copy to clipboard operation
amazon-cognito-auth-js copied to clipboard

Published 20 hours ago verified publisher icon amazon-archives

Unable to refresh token after access token expired

Open ovirta opened this issue 7 years ago • 4 comments

We are having hard time refreshing our tokens forcing clients to login after 1h.

We have AWS Cognito service in use for user authentication.

We have no problems getting a the access, ID and refresh tokens. They are saved in local storage and are fine (IMHO).

We are also able to renew tokens before expiration. But after access token is expired we are unable to refresh using the saved refresh token.

This is the function where we try to do the refresh:

   refreshToken(): Observable<any> {
    const options = {
      headers: new HttpHeaders({
        'Content-Type':  'application/x-www-form-urlencoded'
      })
    };
    let clientId: string = environment.clientIdSalesForce;
    let refreshToken: string = this.sessionKeyService.getRefreshToken();
    let body: any = `grant_type=refresh_token&client_id=${clientId}&refresh_token=${refreshToken}`;
    return this.httpClient.post(environment.tokenUrlSalesForce, body, options)
      .map((res: HttpResponse<any>) => res);
  }

curl: https://OUR_URL.eu-west-1.amazoncognito.com/oauth2/token

Body of the message: "grant_type=refresh_token&client_id=3i1t......glde&refresh_token=eyJjd.....uEW-OA"

Response: "Http failure response for https://OUR_URL.eu-west-1.amazoncognito.com/oauth2/token: 400 Bad Request"

Error: "invalid_client"

We don't have client_secret specified for the app.

Any insight what could go wrong in our scenario?

ovirta avatar Apr 16 '18 16:04 ovirta

Additional comment to the issue with refreshing tokens.

We are able to use above mentioned function to refresh tokens before access token has expired.

POST

header: 'Content-Type': 'application/x-www-form-urlencoded'
body: 'grant_type=refresh_token&client_id=${clientId}&refresh_token=${refreshToken}'

RESPONSE:

access_token:"eyJraWQi...B2iou_z...
expires_in:3600
id_token:"eyJraW...eXBlIjo
token_type:"Bearer"

Why is refresh succeeding before access token has expired?

ovirta avatar Apr 18 '18 05:04 ovirta

I dont know if this could help in your case. Maybe you could try using this: auth.refreshSession(refreshtoken);

I think this method creates the same request you're trying to do

tbpolicarpio avatar May 19 '18 06:05 tbpolicarpio

@tbpolicarpio You are right, it did the same thing and additionally it caches new tokens. (same as parseCognitoWebResponse() method)

chamathsilva avatar May 29 '18 13:05 chamathsilva

Thank you both for your responses. Will need to look into those.

ovirta avatar May 29 '18 15:05 ovirta