check_token() renew after access_token expired does not work

Question

check_token() renew after access_token expired does not work

humanborg opened this issue 7 years ago · 4 comments

u = Cognito(pool_id, client_id, username=username, access_token=access_token, refresh_token=refresh_token)
u.check_token()

This throws 'NotAuthorizedException', when access_token expired.

Per documentation: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html, using refresh_token (default 30 days after user authenticate) is valid we should be able to refresh the id and access_token.

Answer 1 · 2018-09-29T23:00:32.000Z

@bjinwright any progress on this? Or is there any workarounds?

Answer 2 · 2019-10-16T03:42:40.000Z

Might be connected with the request that must be signed, although this does not require signed credentials. I'm looking into it right now. For the time being, try making the client request unsigned.

Answer 3 · 2020-02-03T15:38:50.000Z

we're not getting new ID and auth tokens after an hour, looking here:
https://github.com/capless/warrant/blob/master/warrant/__init__.py#L546

the authflow warrant is using is "REFRESH_TOKEN".

from aws docs:
To use the refresh token to get new ID and access tokens with the user pool API, use the AdminInitiateAuth or InitiateAuth methods. Pass REFRESH_TOKEN_AUTH for the AuthFlow parameter.

happy to do a pull request if this is indeed an issue.
cheers,

Answer 4 · 2020-02-06T05:47:35.000Z

anyone reading this? Please regard my PR?