Refreshing access token

[adamjv90]

Is the access token automatically refreshed as documented here http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token . If so what is the recommended way of subscribing to refreshed access token?

[richardzcode]

At anytime you can get current session which contains current valid access token. Issue 37 has an example on idToken

const options = {
    headers: {
      Authorization: Auth.currentSession().idToken.jwtToken      
    }
  }
  return await API.get(name, '/path', options);

Thanks,
Richard

[mlabieniec]

@adamjv90 currently there is not a way of "subscribing" to the token refresh, it occurs automatically. This method will automatically refresh your credentials if they are expired.

Would your use case be to have the ability to subscribe to this at an interval or provided time (1 hour before etc.) or would you want to be notified when they are expired?

[timotgl]

@mlabieniec I might have a similar use case, we're using the accessToken to make requests to a backend (which is hooked into the same cognito user pool). But since we copy the JWT to another place in the frontend for this, we would use an expired token after a while - If I understand this correctly.

What would be the recommended way to use an up-to-date token without having the fetch the cognito session every time we talk to the other backend?

[timotgl]

@mlabieniec Thanks for reopening the issue. Being notified when the token has changed would be perfect.

https://github.com/aws/aws-amplify/blob/master/packages/aws-amplify/src/Auth/Auth.ts#L872 seems to suggest that the refresh happens when the token would expire in under 10 minutes? Does this require active use of the library or is it polling on its own with a set interval?

[mlabieniec]

@timotgl there is no polling right now. Currently it just checks and refreshes when an API method or any other method that requires credentials is called (prior) with the keepAlive method. What we can do is use the Hub dispatcher (light weight pub/sub utility within amplify) to dispatch (and allow subscription to) an event and use an interval for this feature which would dispatch it N minutes before expiration.

[powerful23]

Closing as Amplify now will automatically refresh the session. https://github.com/aws/aws-amplify/wiki/FAQ

[CHR15-]

@mlabieniec If we need to sign sig4 manually, is there a way to subscribe to the JWT refresh?

[usmansbk]

It seems refreshing Google token only works automatically in browser environments. It doesn't work on react-native apps except for Expo maybe.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.