How to use refresh token to keep session valid?

Question

How to use refresh token to keep session valid?

aidandavis opened this issue 4 years ago · 9 comments

Hi,

I have been using this package with great success for months now.

Every month or so, if I don't do a new login, the user is kicked out with the error that the 'refresh token has expired'.

How to I keep the refresh token up to date?

Answer 1 · 2020-10-23T00:41:16.000Z

Error is: CognitoClientException{statusCode: 400, code: NotAuthorizedException, name: NotAuthorizedException, message: Refresh Token has expired}

Answer 2 · 2020-11-14T11:50:20.000Z

Hi,
Token refreshment is a full app's responsibility.
You can try to refresh it onCatch NotAuthorizedException or checking the token expiration time.

Answer 3 · 2020-11-16T01:59:15.000Z

@furaiev is there a method to get a new token? How do I actually do the refresh?

Answer 4 · 2020-11-16T09:34:15.000Z

you can cache token _cognitoUser.cacheTokens();
you can check token validity smth like:

  bool checkTokenValidity(String token) {
      if (DateTime.now().add(Duration(minutes: 5)).isBefore(tokenExpiration(token));) {
        return true;
      }
      return false;
  }

  DateTime tokenExpiration(String token) {
    final parts = token.split('.');

    if (parts.length != 3) {
      throw InvalidTokenException();
    }

    final payloadMap = json.decode(_decodeBase64(parts[1]));

    if (payloadMap is! Map<String, dynamic>) {
      throw InvalidPayloadException();
    }

    return DateTime.fromMillisecondsSinceEpoch(payloadMap['exp'] * 1000);
  }

  String _decodeBase64(String str) {
    var output = str.replaceAll('-', '+').replaceAll('_', '/');

    switch (output.length % 4) {
      case 0:
        break;
      case 2:
        output += '==';
        break;
      case 3:
        output += '=';
        break;
      default:
        throw InvalidBase64Exception();
    }

    return utf8.decode(base64Url.decode(output));
  }

for refreshing session you can use cognitoUser.refreshSession(session.refreshToken);

Answer 5 · 2020-11-17T02:39:17.000Z

thank you! if I have any issues I will raise it as a new issue.

I think this example should be in the documentation somewhere if it isn't already.

Answer 6 · 2021-01-06T17:51:14.000Z

very useful, I think there should be a paragraph with this code on the readme

Answer 7 · 2021-01-07T01:00:20.000Z

I agree, wasn't something i was aware of until my users started seeing that error once every month or so.

Answer 8 · 2022-11-22T14:51:13.000Z

Hi guys I found an issue regarding the refresh token.
When you call session.refreshToken make sure you save cognitoUser.cacheTokens(); after authenticateUser.
That will help you to make sure you wouldn't get this error like me before Local storage is missing an ID Token, Please authenticate.

Hope my reply will help.

Answer 9 · 2023-11-29T17:40:11.000Z

If we use the federated login, how do we get new accessTokens? Federated login doesn't create a cognitoUser for me to authenticate with.