How to restore an expired token?

I use AWS for my site. After 1 hour, the token expires, and the user can do almost nothing.

I'm currently trying to update my credentials as follows:

 function getTokens(session) {
   return {
     accessToken: session.getAccessToken().getJwtToken(),
     idToken: session.getIdToken().getJwtToken(),
     refreshToken: session.getRefreshToken().getToken()
   };
 };


function getCognitoIdentityCredentials(tokens) {
  const loginInfo = {};
  loginInfo[`cognito-idp.eu-central-1.amazonaws.com/eu-central-1_XXX`] = tokens.idToken;
  const params = {
    IdentityPoolId: AWSConfiguration.IdPoolId
    Logins: loginInfo
  };
  return new AWS.CognitoIdentityCredentials(params);
 };


 if(AWS.config.credentials.needsRefresh()) {
    clearInterval(messwerte_updaten);
    cognitoUser.refreshSession(cognitoUser.signInUserSession.refreshToken, (err, session) => {
      if (err) {
        console.log(err);
      }
      else {
        var tokens = getTokens(session);

        AWS.config.credentials = getCognitoIdentityCredentials(tokens);

        AWS.config.credentials.get(function (err) {
          if (err) {
            console.log(err);
          }
          else {
            callLambda();
          }
       });
     }
   });
 }

The fact is that after 1 hour the input token is updated without problems, but after 2 hours I can no longer update the input token.

I also tried using AWS.config.credentials.get(), AWS.config.credentials.getCredentials()and AWS.config.credentials.refresh() which also does not work.

The error messages I receive are:

Missing credentials in config

Invalid input token. Expired: 1446742058> = 1446727732

+6
source share
3 answers

After almost 2 weeks, I finally decided this.

, . , AWS.config.credentials Id.

, , !

refresh_token = session.getRefreshToken();   // you'll get session from calling cognitoUser.getSession()

if (AWS.config.credentials.needsRefresh()) {

  cognitoUser.refreshSession(refresh_token, (err, session) => {
    if(err) {
      console.log(err);
    } 
    else {
      AWS.config.credentials.params.Logins['cognito-idp.<YOUR-REGION>.amazonaws.com/<YOUR_USER_POOL_ID>']  = session.getIdToken().getJwtToken();
      AWS.config.credentials.refresh((err)=> {
        if(err)  {
          console.log(err);
        }
        else{
          console.log("TOKEN SUCCESSFULLY UPDATED");
        }
      });
    }
  });
}
0

http- .

function authenticationExpiryInterceptor() {
 // check if token expired, if yes refresh
}

function authenticationHeadersInterceptor() {
 // include headers, or no
}}

HttpService

  return HttpService.get(url, params, opts) {
     return authenticationExpiryInterceptor(...)
            .then((...) => authenticationHeadersInterceptor(...))
            .then((...) => makeRequest(...))
  }

- http://2ality.com/2015/10/intercepting-method-calls.html

AWS: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Credentials.html

:

  • getPromise()
  • refreshPromise()
+5

:

:

:

:

:

:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token&
Content-Type='application/x-www-form-urlencoded'&
Authorization=Basic aSdxd892iujendek328uedj
grant_type=authorization_code&
client_id={your client_id}
code=AUTHORIZATION_CODE&
redirect_uri={your rediect uri}

Json - :

HTTP/1.1 200 OK Content-Type: application/json

{"access_token":"eyJz9sdfsdfsdfsd", "refresh_token":"dn43ud8uj32nk2je","id_token":"dmcxd329ujdmkemkd349r", "token_type":"Bearer", "expires_in":3600}

:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token
Content-Type='application/x-www-form-urlencoded'&
Authorization=Basic aSdxd892iujendek328uedj
grant_type=client_credentials&
scope={resourceServerIdentifier1}/{scope1} {resourceServerIdentifier2}/{scope2}

Json:

HTTP/1.1 200 OK Content-Type: application/json

{"access_token":"eyJz9sdfsdfsdfsd", "token_type":"Bearer", "expires_in":3600}

access_token 3600 , , .

To get a new access token from the Token update:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token >
Content-Type='application/x-www-form-urlencoded'
Authorization=Basic aSdxd892iujendek328uedj
grant_type=refresh_token&
client_id={client_id}
refresh_token=REFRESH_TOKEN

Answer:

HTTP / 1.1 200 OK Content-Type: application / json

{"access_token":"eyJz9sdfsdfsdfsd", "refresh_token":"dn43ud8uj32nk2je", "id_token":"dmcxd329ujdmkemkd349r","token_type":"Bearer", "expires_in":3600}

You will get the image correctly.

If you need more information, go here .

+2
source

All Articles