如何在Cognito上处理令牌过期 [英] How to handle with token expiration on Cognito
问题描述
我正在开发一个使用AWS Cognito作为身份提供者的应用程序。因此,用户在AWS Cognito Pool上进行身份验证,并获得访问令牌,访问ID和刷新令牌。
然后用户可以向我的应用程序发出后端请求。我得到访问令牌进行验证,在Cognito AWS上获取用户个人资料并授权请求。
问题是访问令牌过期后,客户端发送
如何使此工作流程正常工作?
我在想向客户端发送一条消息,告知令牌已过期,并且客户端根据Cognito池刷新令牌。这是正确的方法吗?
从Cognito用户池中获取访问令牌,ID和刷新令牌时,必须缓存它在本地。 Access和ID令牌的有效期为1小时,应在该时间段内尽可能多地重复使用。
这些令牌是JWT令牌,其有效期限保持在他们自己。您可以解码JWT令牌,还可以将该到期时间与令牌一起缓存。每次访问令牌的缓存时,还要对照缓存的到期时间检查当前时间。如果已过期,请使用刷新令牌获取最新的访问和ID令牌,然后缓存令牌并再次到期。
如果您将我们的高级SDK之一用于 Android , iOS .aws.amazon.com / cognito / latest / developerguide / setting-up-the-javascript-sdk.html rel = noreferrer> JavaScript ,SDK会为您管理所有这些。
I am developing an application that uses AWS Cognito as the Identity Provider. So the user authenticate on AWS Cognito Pool and get the Access Token, Access ID and Refresh token. Then the user can make backend requests to my app. I get the Access Token validate it, get the user profile on Cognito AWS and authorize the request.
The problem is that after the Access token has expired, and the client send the expired token to the backend, the backend app get an error (token experied or not authorized).
How can I make this workflow works?
I was thinking in send to the client a message that the token has expired, and the the cliente refresh it against the Cognito Pool. Is it the correct approach?
When you get the Access Token, ID and Refresh token from Cognito User Pools, you must cache it locally. The Access and the ID token are valid for 1 hour and should be reused as much as possible within that time period.
These tokens are JWT tokens and hold the expiry time within themselves. You can decode the JWT token and also cache this expiry along with the token. Every time the cache for the tokens is accessed, also check the current time against the cached expiry time. If expired, use the Refresh token to obtain the latest Access and ID token and cache the tokens and expiry again.
If you use one of our high level SDKs for Android, iOS of JavaScript, the SDK manages all of this for you.
这篇关于如何在Cognito上处理令牌过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
