aws-amplify
Get CognitoUserSession without refreshing it
Is this related to a new or existing framework?
No response
Is this related to a new or existing API?
Authentication
Is this related to another service?
No response
Describe the feature you'd like to request
When using amazon-cognito-identity-js to login through cognito, it's currently not possible to get the stored CognitoUserSession without automatically triggering a refresh.
After getting the user from CognitoUserPool.getCurrentUser(), the next step to get the session is to call cognitoUser.getSession(). However, this method will automatically refresh the token if the session has expired.
This is not something I want for my use case: I would like that when the application starts, if the session is still valid then the user is automatically logged in. However, if the session has expired, I'd like to discard the user's data and show the login form again to the user for them to log back in. In this use case, the refresh token is only used to keep the user's session alive while they are still using the application.
Describe the solution you'd like
cognitoUser.getSession() already takes a configuration object GetSessionOptions.
My suggestion would be to add an option there shouldRefresh?: boolean, which defaults to true (to keep it backwards-compatible).
Describe alternatives you've considered
The current workaround I've found is to actually tap into the Storage and manually look for the user's token validity.
If the accessToken already expired, then I skip calling cognitoUser.getSession() to not refresh it, and clear the user's data.
Additional context
No response
Is this something that you'd be interested in working on?
- [X] 👋 I may be able to implement this feature request
- [ ] ⚠️ This feature might incur a breaking change
