如何恢复过期的令牌[AWS Cognito]？

Question

如何恢复过期的令牌[AWS Cognito]？

Dav*_*vid 11 javascript amazon-web-services amazon-cognito

我在我的网站上使用AWS.1小时后,令牌过期,用户几乎无法做任何事情.

现在我正在尝试刷新这样的凭据:

 function getTokens(session) {
   return {
     accessToken: session.getAccessToken().getJwtToken(),
     idToken: session.getIdToken().getJwtToken(),
     refreshToken: session.getRefreshToken().getToken()
   };
 };


function getCognitoIdentityCredentials(tokens) {
  const loginInfo = {};
  loginInfo[`cognito-idp.eu-central-1.amazonaws.com/eu-central-1_XXX`] = tokens.idToken;
  const params = {
    IdentityPoolId: AWSConfiguration.IdPoolId
    Logins: loginInfo
  };
  return new AWS.CognitoIdentityCredentials(params);
 };


 if(AWS.config.credentials.needsRefresh()) {
    clearInterval(messwerte_updaten);
    cognitoUser.refreshSession(cognitoUser.signInUserSession.refreshToken, (err, session) => {
      if (err) {
        console.log(err);
      }
      else {
        var tokens = getTokens(session);

        AWS.config.credentials = getCognitoIdentityCredentials(tokens);

        AWS.config.credentials.get(function (err) {
          if (err) {
            console.log(err);
          }
          else {
            callLambda();
          }
       });
     }
   });
 }

Run Code Online (Sandbox Code Playgroud)

事情是,1小时后,登录令牌得到刷新而没有问题,但是2小时后我再也无法刷新登录令牌了.

我也尝试过使用AWS.config.credentials.get(),AWS.config.credentials.getCredentials()并且AWS.config.credentials.refresh() 它也不管用.

我得到的错误消息是:

配置中缺少凭据

登录令牌无效.令牌已过期:1446742058> = 1446727732

Answer 1

kxy*_*xyz 5

Usually it's solved by intercepting http requests with additional logic.

function authenticationExpiryInterceptor() {
 // check if token expired, if yes refresh
}

function authenticationHeadersInterceptor() {
 // include headers, or no
}}

Run Code Online (Sandbox Code Playgroud)

then with use of HttpService layer

  return HttpService.get(url, params, opts) {
     return authenticationExpiryInterceptor(...)
            .then((...) => authenticationHeadersInterceptor(...))
            .then((...) => makeRequest(...))
  }

Run Code Online (Sandbox Code Playgroud)

It could be solved by proxy as well http://2ality.com/2015/10/intercepting-method-calls.html

In relation to AWS: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Credentials.html

You're interested in:

getPromise()
refreshPromise()

Answer 2

Dav*_*vid 5

经过将近2个星期，我终于解决了它。

您需要刷新令牌才能接收新的ID令牌。获取刷新令牌后，请使用新的ID令牌更新AWS.config.credentials对象。

这是一个如何设置它的示例，运行平稳！

refresh_token = session.getRefreshToken();   // you'll get session from calling cognitoUser.getSession()

if (AWS.config.credentials.needsRefresh()) {

  cognitoUser.refreshSession(refresh_token, (err, session) => {
    if(err) {
      console.log(err);
    } 
    else {
      AWS.config.credentials.params.Logins['cognito-idp.<YOUR-REGION>.amazonaws.com/<YOUR_USER_POOL_ID>']  = session.getIdToken().getJwtToken();
      AWS.config.credentials.refresh((err)=> {
        if(err)  {
          console.log(err);
        }
        else{
          console.log("TOKEN SUCCESSFULLY UPDATED");
        }
      });
    }
  });
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	7 年，6 月前
查看次数：	2479 次
最近记录：	6 年，10 月前