warrant icon indicating copy to clipboard operation
warrant copied to clipboard

Published 20 hours ago verified publisher icon capless

check_token() renew after access_token expired does not work

Open humanborg opened this issue 6 years ago • 4 comments

u = Cognito(pool_id, client_id, username=username, access_token=access_token, refresh_token=refresh_token) u.check_token()

This throws 'NotAuthorizedException', when access_token expired.

Per documentation: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html, using refresh_token (default 30 days after user authenticate) is valid we should be able to refresh the id and access_token.

humanborg avatar May 07 '18 06:05 humanborg

@bjinwright any progress on this? Or is there any workarounds?

Immortalin avatar Sep 29 '18 23:09 Immortalin

Might be connected with the request that must be signed, although this does not require signed credentials. I'm looking into it right now. For the time being, try making the client request unsigned.

Zuiluj avatar Oct 16 '19 03:10 Zuiluj

we're not getting new ID and auth tokens after an hour, looking here: https://github.com/capless/warrant/blob/master/warrant/init.py#L546

the authflow warrant is using is "REFRESH_TOKEN".

from aws docs: To use the refresh token to get new ID and access tokens with the user pool API, use the AdminInitiateAuth or InitiateAuth methods. Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter.

happy to do a pull request if this is indeed an issue. cheers,

rednap avatar Feb 03 '20 15:02 rednap

anyone reading this? Please regard my PR?

rednap avatar Feb 06 '20 05:02 rednap