aws-amplify Auth.currentSession() 一小时后未提供刷新的令牌

Question

Which category is your question related to?

AWS amplify auto handling refresh token

What AWS Services are you utilizing?

aws-amplify

Provide additional details eg code snippets

axios.interceptors.request.use(function(config) 
{ return Auth.currentSession() .then(session => { // User is logged in. 

  Set auth header on all requests 
  let accessToken = session.idToken.jwtToken; 

  axios.defaults.headers.common["Authorization"] = accessToken; 
  return Promise.resolve(config); })
   .catch(() => { 
  // No logged-in user: don't set auth header 
  return Promise.resolve(config); 
}); 
});

This is the interceptor request I'm using for now to get latest valid token irrespective of the total time, since user is logged-in as #446 and aws-amplify documentation tells that it is automatically refreshing token internally and Auth.currentSession() gives you the latest valid jwtToken every time.

But what I experience is: I login: Auth.currentSession() keeps giving me the jwtToken that was received when logged_in. After an hour, the token was expired and Auth.currentSession() was still giving this previous expired token which caused my server to send me 401. How do I handle it? How do I keep getting latest valid refreshed jwtToken? Am I using it wrong, or is it a bug?

Answer 1

This answer might be too late for you, but if anyone else stumbles on this thread, you are probably using 'token' as your Authorization grant flow. Use 'code' instead. Dont forget to change that in cognito console as well. Select Authorization Code grant instead of implicit grant