AWS Cognito - 访问和刷新令牌
[英]AWS Cognito - Access and refresh token
问题描述
I am currently switching from IBM APIC to AWS API Gateway.
我目前正在从 IBM APIC 切换到 AWS API 网关。 I found a different behaviour that it's not detailed in the AWS documentation ( https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html )我发现了 AWS 文档( https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers. html )
After i use the refresh_token to get a new access_token i have a different behavior:在我使用refresh_token获取新的access_token后,我有不同的行为:
- In IBM the initial
access_tokenis invalidated.在 IBM 中,初始access_token无效。 - In AWS you can call the API with the initial
access_tokenand with the "new"access_token.在 AWS 中,您可以使用初始access_token和“新”access_token调用 API。
Is there an option to invalidate the initial access_token when the refresh_token is used?使用refresh_token时是否有使初始access_token无效的选项?
Thanks.谢谢。
1 个解决方案
解决方案1
2 2020-06-09 09:07:08
So I think what you're seeing here is that old token is still valid, in short no you can't invalidate it UNLESS you call global sign out.所以我认为您在这里看到的是旧令牌仍然有效,简而言之,除非您调用全局注销,否则您不能使其无效。 I think the minimum time a token takes to expire 60 minutes.我认为令牌过期所需的最短时间为 60 分钟。
Cognito has some flaws still really, listUsers API doesn't search by custom attributes, if you use federated identities you can't retrospectively link by email as you've found the token implementation isn't quite ideal yet. Cognito 仍然存在一些缺陷,listUsers API 不按自定义属性搜索,如果您使用联合身份,则无法通过 email 追溯链接,因为您发现令牌实现还不是很理想。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.