AWS Cognito - 无效的刷新令牌
[英]AWS Cognito - Invalid Refresh Token
问题描述
I am using the Amazon Cognito service with the amazon-cognito-identity-js library, and am having an issue refreshing a user's tokens, namely the id token.
我将Amazon Cognito服务与amazon-cognito-identity-js库一起使用,并且在刷新用户的令牌(即 id 令牌)时遇到问题。
When trying to refresh the users tokens by making an unauthenticated initiateAuth request, I receive a 400 http status in response, along with an "Invalid Refresh Token" error message.当尝试通过发出未经身份验证的启动验证请求来刷新用户令牌时,我收到 400 http 状态作为响应,以及“无效的刷新令牌”错误消息。
POST https://cognito-idp.us-east-1.amazonaws.com/ 400 (Bad Request)
Uncaught Error: Invalid Refresh Token.
Why does it believe that I am passing in invalid refresh token?为什么它认为我传入了无效的刷新令牌?
// the refresh token
var reToken;
// pool config
var poolData = {
UserPoolId : 'us-east-1_XXXXXXXXX',
ClientId : 'XXXXXXXXXXXXXXXXXXXXXXXXXX'
};
// connect to user pool and
// find the current user
var CognitoUserPool = AmazonCognitoIdentity.CognitoUserPool;
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();
// if we found a user
if (cognitoUser != null)
{
// get active user session
cognitoUser.getSession(function(err, session)
{
// catch errors
if (err) {
alert(err);
return;
}
// get the refresh token
reToken = session.refreshToken.token;
});
}
// get current epoch time
var curDate = new Date();
var currentEpoch = Math.round(curDate.getTime() / 1000);
// get the epoch when the token
// was last issued
var issuedEpoch = store.get('issued');
// set the refresh parameters
var refreshParams = {
ClientId: 'XXXXXXXXXXXXXXXXXXXXXXXXXX',
AuthFlow: 'REFRESH_TOKEN_AUTH',
AuthParameters: { 'REFRESH_TOKEN': reToken }
};
// note: 30 minutes = 1800 seconds
// if a token was last issued over 30 minutes ago
if ( (currentEpoch - issuedEpoch) >= 1800 )
{
// refresh the users token with a new token
userPool.client.makeUnauthenticatedRequest('initiateAuth', refreshParams, (err, newToken) => {
// catch errors
if (err) {
alert(err);
return;
}
// do stuff with the returned token
console.log(newToken)
})
}
As an aside, i've tried using refreshSession() but it tells me that getToken() is not a function of refreshSession().顺便说一句,我试过使用 refreshSession() 但它告诉我 getToken() 不是 refreshSession() 的函数。
cognitoUser.refreshSession(reToken, (err, authResult) => {
if (err) throw err;
console.log(authResult)
});
2 个解决方案
解决方案1
56 已采纳 2017-10-22 23:28:19
I've found the answer.我找到了答案。
As it turns out, it wasn't really an invalid refresh token;事实证明,它并不是一个真正无效的刷新令牌; at least in the sense of the object itself.至少在对象本身的意义上。
If you have device tracking enabled , then you must pass the users device key in the AuthParameters (which I wasn't doing).如果您启用了设备跟踪,那么您必须在AuthParameters 中传递用户设备密钥(我没有这样做)。
I read through the description of device tracking, as found here , and it didn't seem applicable for my use-case so I simply turned it off (User Pool > Devices).我通读了设备跟踪的描述,如在此处找到的,它似乎不适用于我的用例,所以我只是将其关闭(用户池 > 设备)。
The above code worked after that.上面的代码在那之后工作。
解决方案2
2 2019-12-04 21:20:06
Another thing that can cause this error: using different user pool clients for generating the refresh token and trying to use it to generate new access & id tokens.可能导致此错误的另一件事:使用不同的用户池客户端生成刷新令牌并尝试使用它来生成新的访问和 ID 令牌。 It looks like a given refresh token may only be used by the client that generated it.看起来给定的刷新令牌只能由生成它的客户端使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.