Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Feature Request: Support silent renewal of expired tokens for Single Page Applications #645
Not sure if this is the right forum to request new features for Cognito but we've been using cognito in our SPA application and it's working very well for most part.
One feature that our users would really benefit, in terms of overall users experience, is ability to refresh tokens silently in an iframe (similar to this Auth0 doc https://auth0.com/docs/api-auth/tutorials/silent-authentication#renew-expired-tokens)
Since Cognito prevents login/authorize endpoints from being iframed (due to X-Frame-Options:DENY header), it is not possible to "silently" refresh token in a hidden iframe (which is possible with auth0).
We are currently using a popup window and user experience is not great (no one likes popup windows).
Are there any other recommendations on how to refresh token from a single page app (apart from the popup window approach we are already using)?
Our login process is:
Thanks in advance,