[英]Handling AWS User Pool + Fedration Identity token refresh system in android
Here is question which might be asked several times before but I am struggling to frame a query. 这是之前可能要问过几次的问题,但是我正在努力构架查询。
So aws cognito works as you have to pass the IDToken + authentication provider to cognito identity federation and it provides the temporary credentials valid for an hour. 因此,aws cognito的工作原理是您必须将IDToken +身份验证提供程序传递给cognito身份联盟,并且它提供一个小时内有效的临时凭据。 So what happens after an hour is, I get Authentication Exception. 所以一个小时后发生的是,我收到身份验证异常。
Now I observed CognitoCachingCredentialProvider tries to refresh before performing given task let's say execute lambda or make dynamodb query. 现在,我观察到CognitoCachingCredentialProvider在执行给定任务之前尝试刷新,例如执行lambda或进行dynamodb查询。 But what is a good way to handle expiry, intercept refresh, fetch token first and set it to credentialprovider and then continue refresh. 但是,处理过期,拦截刷新,先获取令牌并将其设置为credentialprovider,然后继续刷新的好方法是什么。
May it be UserPool IDToken or Google's IDToken, all I need to know is how to know if credentials are expired and I need to fetch the new IDTokens from providers and refresh credentials before processing the request. 可能是UserPool IDToken或Google的IDToken,我所需要知道的就是如何知道凭据是否已过期,并且需要在处理请求之前从提供商那里获取新的IDToken并刷新凭据。
I have tried hourly task (55 minutes actually) but sometimes it won't work and not very reliable so far. 我尝试了每小时的任务(实际上是55分钟),但到目前为止它有时无法正常工作,而且也不是很可靠。
Thanks 谢谢
It's a bit tricky to get just right, but there's two common ways to handle it. 正确设置有点棘手,但是有两种常见的处理方法。
One is to do what you suggested - track when the token was vended, and then refresh if it's within some threshold of expiring (eg refresh if it's < 5 minutes from expiry). 一种是按照您的建议进行操作-跟踪令牌的售出时间,如果令牌在过期阈值之内,则刷新该令牌(例如,如果令牌距过期少于5分钟,则刷新)。
The other is to blindly try to refresh, then catch the exception that gets thrown when a token is expired and refres/retry there. 另一种是盲目尝试刷新,然后捕获令牌过期时引发的异常并在此处重新尝试/重试。 If you go this route, be careful to only retry once there so you don't spam the service if the request isn't just right. 如果您选择这条路线,请谨慎选择仅在此处重试一次,这样,如果请求不正确,就不会向该服务发送垃圾邮件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.