Skip to content
This repository has been archived by the owner. It is now read-only.

Feature Request: Support silent renewal of expired tokens for Single Page Applications #645

j--wong opened this issue Jan 9, 2018 · 1 comment


Copy link

@j--wong j--wong commented Jan 9, 2018

Not sure if this is the right forum to request new features for Cognito but we've been using cognito in our SPA application and it's working very well for most part.

One feature that our users would really benefit, in terms of overall users experience, is ability to refresh tokens silently in an iframe (similar to this Auth0 doc

Since Cognito prevents login/authorize endpoints from being iframed (due to X-Frame-Options:DENY header), it is not possible to "silently" refresh token in a hidden iframe (which is possible with auth0).

We are currently using a popup window and user experience is not great (no one likes popup windows).

Are there any other recommendations on how to refresh token from a single page app (apart from the popup window approach we are already using)?

Our login process is:

  • SPA -> Cognito (implicit grant) -> Okta (SAML provider)

Thanks in advance,

Copy link

@itrestian itrestian commented Jan 25, 2018

I believe this is a duplicate of this #599 issue

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
None yet

No branches or pull requests

2 participants