[英]What is the difference between Auth.currentAuthenticatedUser() and Auth.currentSession()?
Prior to every call made to the backend, I used Auth.currentAuthenticatedUser()
to obtain idToken.jwtToken
and pass it in the header of my request to the backend server for data.在每次调用后端之前,我使用Auth.currentAuthenticatedUser()
获取idToken.jwtToken
并将其作为请求的标头传递给后端服务器以获取数据。
Is there a difference between using Auth.currentSession()
instead of Auth.currentAuthenticatedUser()
for my use-case?在我的用例中使用Auth.currentSession()
而不是Auth.currentAuthenticatedUser()
有区别吗? Does Auth.currentAuthenticatedUser()
refresh the token once it has expired, similar to Auth.currentSession()
? Auth.currentAuthenticatedUser()
是否会在令牌过期后刷新令牌,类似于Auth.currentSession()
?
The documentation for amplify auth is still very poor, so I looked into the source code for @aws-amplify/auth
and amazon-cognito-identity-js
packages and these are the findings: amplify auth 的文档仍然很差,所以我查看了@aws-amplify/auth
和amazon-cognito-identity-js
包的源代码,结果如下:
currentAuthenticatedUser
will try to retrieve authenticated user info from localstorage (unless your storage options is configured otherwise). currentAuthenticatedUser
将尝试从 localstorage 检索经过身份验证的用户信息(除非您的存储选项配置为其他方式)。 If it doesn't exist in storage, then it will make api calls to retrieve user info which involves automatically refreshing the user session in the process.如果它不存在于存储中,那么它将进行 api 调用以检索用户信息,这涉及在此过程中自动刷新用户会话。currentSession
will not check the local storage and always invoke the API which also involves automatically refreshing the user session if expired. currentSession
不会检查本地存储并始终调用 API,如果过期还涉及自动刷新用户会话。 So to answer your question directly, the Auth.currentAuthenticatedUser()
method doesn't always give you a valid token.所以直接回答你的问题, Auth.currentAuthenticatedUser()
方法并不总是给你一个有效的令牌。 If your storage contains an expired token, it will just return that.如果您的存储包含过期的令牌,它只会返回该令牌。 This would require you to call user.getSession()
on the returned user object to request for a new session/token manually.这将要求您在返回的用户对象上调用user.getSession()
以手动请求新的会话/令牌。 I recommend that you use Auth.currentSession()
since this handles the token refresh automatically and always returns a valid token.我建议您使用Auth.currentSession()
因为它会自动处理令牌刷新并始终返回有效令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.