aws-appsync-community icon indicating copy to clipboard operation
aws-appsync-community copied to clipboard

Published 20 hours ago verified publisher icon aws

Make ClientId a dropdown during login

Open buggy opened this issue 5 years ago • 4 comments

In the AWS console when you authenticate using Cognito User Pools it asks you to enter the ClientId. Would it be possible to change this from a text field to a dropdown with a list of app clients to choose from?

I spend a lot of time in the AppSync console and every time I want to login I need to go to the Cognito User Pools console just to find this value.

Also, could the console also use the refresh token to keep the session going so I don't need to login every hour?

buggy avatar May 13 '19 03:05 buggy

Thank you for the feedback. We will think about a better way to present the ClientId. Note however that the field is not exactly a client id but a client id regex that can be used to match multiple client ids from a user pool.

The console should be using the refresh token to keep the session going, are you seeing a different behavior? So you shouldn't have to login every hour.

itrestian avatar May 21 '19 00:05 itrestian

@itrestian I think you're talking about the AppId client regex in the setting for Cognito User Pool authorization.

I'm talking about the login screen you see if you go Queries -> Login with User Pools:

Screen Shot 2019-05-21 at 8 13 55 pm

In the ClientId field you need to put an actual App client id from Cognito User Pools. To get this you need to go to Cognito User Pools or store it in scratch file. As the login already knows the Pool Id it would be nice if it could show a drop down list of available App client id's from that User Pool.

The AWS console does keep me logged in as a user but I keep being logged out of the queries every hour which is how long an access token lasts.

buggy avatar May 21 '19 10:05 buggy

Oh sorry about the confusion. Yeah, I was referring to the AppId client regex that is used when configuring a user pool. Yours is a legitimate feature request and I will bring it up within the service team.

However, we recently changed the behaviour you mentioned about using the refresh token to refresh the session so you shouldn't be logged out any more. Are you not seeing that change?

itrestian avatar May 21 '19 23:05 itrestian

@itrestian The access token definitely times out after one hour. Once that happens the API responds with

{
  "errors": [
    {
      "errorType": "UnauthorizedException",
      "message": "Token has expired."
    }
  ]
}

It doesn't automatically use the refresh token to get a new access token.

Through some experimentation I've worked out that it will use the refresh token to get a new access token if I reload the AWS console (i.e. refreshing the browser window or logging back into the AWS console). This is an improvement but it would be even better if the AppSync console could automatically refresh the access token instead of having the UnauthorizedException error.

buggy avatar Jun 14 '19 11:06 buggy