Cognito用户池：如何刷新访问令牌Android [英] Cognito User Pool: How to refresh Access Token Android

问题描述

如何使用适用于Android的Cognito刷新访问令牌？该文档建议以下内容（ https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.html ）：

How do you refresh the access token using Cognito for Android? The documentation suggest the following (https://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-android-sdk.html):

// Implement authentication handler 
AuthenticationHandler handler = new AuthenticationHandler {
    @Override
    public void onSuccess(CognitoUserSession userSession) {
        // Authentication was successful, the "userSession" will have the current valid tokens
        // Time to do awesome stuff
    }

    @Override
    public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID) {
        // User authentication details, userId and password are required to continue.
        // Use the "continuation" object to pass the user authentication details

        // After the user authentication details are available, wrap them in an AuthenticationDetails class
        // Along with userId and password, parameters for user pools for Lambda can be passed here
        // The validation parameters "validationParameters" are passed in as a Map<String, String>
        AuthenticationDetails authDetails = new AuthenticationDetails(userId, password, validationParameters);

        // Now allow the authentication to continue
        continuation.setAuthenticationDetails(authDetails);
        continuation.continueTask();
    }

    @Override
    public void getMFACode(final MultiFactorAuthenticationContinuation continuation) {
        // Multi-factor authentication is required to authenticate
        // A code was sent to the user, use the code to continue with the authentication


        // Find where the code was sent to
        String codeSentHere = continuation.getParameter()[0];

        // When the verification code is available, continue to authenticate
        continuation.setMfaCode(code);
        continuation.continueTask();
    }

    @Override
    public void authenticationChallenge(final ChallengeContinuation continuation) {
        // A custom challenge has to be solved to authenticate

        // Set the challenge responses

        // Call continueTask() method to respond to the challenge and continue with authentication.
    }

    @Override
    public void onFailure(final Exception exception) {
        // Authentication failed, probe exception for the cause

    }
};
user.getSession(handler);

这就是为什么这不起作用的原因。当令牌过期时，不再为我获取会话的用户对象进行身份验证。因此，通过以下方法检索缓存的用户，将返回null

Here is why this does not work. The user object which I am getting the Session for is no longer authenticated when the token expires. So retrieving the cached user via the below, will return null

CognitoUser user = userPool.getCurrentUser();

由于以上返回null，因此我尝试通过id获取用户对象

Because the above returns null, I try to get the user object by id

CognitoUser user = userPool.getUser(userId);

除了用户未通过身份验证并且会在随后的回调阶段失败，这是因为用户ID会很好地工作为空

Which works perfectly, except that user is not authenticated and will fail during the following callback stage because the userID is null

@Override
public void getAuthenticationDetails(final AuthenticationContinuation continuation, final String userID) 

只有当我在令牌过期之前尝试此调用时，此功能才能起作用，并且我可以接收到新的访问令牌。但是令牌过期后该怎么办？任何帮助，将不胜感激。预先感谢

Only when I attempt this call before the token expires does this work, and I can receive a new access token. But how to do this after the token has expired? Any help on this would be appreciated. Thanks in advance

推荐答案

调用getSession（...）-获取令牌-如果缓存的令牌已过期， SDK会自动刷新令牌（只要刷新令牌尚未过期）。如果刷新令牌也已过期，则会调用getAuthenticationDetails（...），因为现在需要用户凭据（用户名，密码等）才能获取新的令牌集。只要有有效的缓存令牌，或者如果令牌可以刷新，如何通过getCurrentUser（）或getUser（...）方法获取用户对象就无关紧要，您可以通过getSession（）获得有效的令牌。 ..）。

When you call getSession(...) - to get tokens - and if the cached tokens have expired, the SDK will automatically refresh tokens (as long as the refresh token has not expired). If the refresh token too has expired, then getAuthenticationDetails(...) is invoked because now the user credentials (username, password, etc) are required to get new set of tokens. It should not matter how you get the user object, i.e. through getCurrentUser() or getUser(...) methods, as long as there are valid cached tokens or if the tokens can be refreshed, you will get valid tokens with getSession(...).

使用最新的SDK（2.3.1版）重试。

Retry with the latest SDK (ver 2.3.1).

这篇关于Cognito用户池：如何刷新访问令牌Android的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！