当用户从多个设备登录时,Android AWS Cognito UserPool globalSignout不起作用
[英]Android AWS Cognito UserPool globalSignout not working when user is signed in from multiple devices
问题描述
In my application I want to invalidate all previous userpool sessions of a particular user when user is signing in again from a different device. 
在我的应用程序中,当用户再次从其他设备登录时,我想使特定用户的所有先前用户池会话无效。 But the problem is after calling global signout the session on previous device is still valid. 但是问题是在调用全局注销后,先前设备上的会话仍然有效。 Even after changing the password, the session on previous devices are still there. 即使更改了密码,以前设备上的会话仍然存在。
userPool.getUser("xyzzz").getSessionInBackground(authenticationHandler);
After calling above code on previous device, it directly returning the user session with new tokens instead of calling getAuthenticationDetails for password. 在先前设备上调用上述代码后,它将直接使用新令牌返回用户会话,而不是调用getAuthenticationDetails作为密码。
Is there any way to have only one session at a time for a cognito user. 有什么方法可以让一个认知用户一次只拥有一个会话。
1 个解决方案
解决方案1
2 已采纳 2016-12-16 00:25:56
When calling global signout, Cognito invalidates all access and refresh tokens associated with that particular user. 调用全局注销时,Cognito使与该特定用户关联的所有访问和刷新令牌无效。 It does not invalidate the id token so that can still be used. 它不会使id令牌无效,因此仍可以使用。
If you try to getSessionInBackground on Android, it checks if the tokens are valid (if the expiration date is valid) in order to return them. 如果您尝试在Android上使用getSessionInBackground,它将检查令牌是否有效(如果到期日期有效)以返回令牌。 However, when you try to use access and refresh tokens, they will not work. 但是,当您尝试使用访问和刷新令牌时,它们将无法工作。 When using id tokens, they will expire after one hour. 使用ID令牌时,它们将在一小时后失效。 If you can give exact steps for reproducing this, we can investigate further. 如果您可以给出重现此步骤的确切步骤,我们可以进行进一步调查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.