Skip to content
This repository has been archived by the owner. It is now read-only.

Feature Request: Support silent renewal of expired tokens for Single Page Applications #645

Closed
j--wong opened this issue Jan 9, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@j--wong
Copy link

commented Jan 9, 2018

Not sure if this is the right forum to request new features for Cognito but we've been using cognito in our SPA application and it's working very well for most part.

One feature that our users would really benefit, in terms of overall users experience, is ability to refresh tokens silently in an iframe (similar to this Auth0 doc https://auth0.com/docs/api-auth/tutorials/silent-authentication#renew-expired-tokens)

Since Cognito prevents login/authorize endpoints from being iframed (due to X-Frame-Options:DENY header), it is not possible to "silently" refresh token in a hidden iframe (which is possible with auth0).

We are currently using a popup window and user experience is not great (no one likes popup windows).

Are there any other recommendations on how to refresh token from a single page app (apart from the popup window approach we are already using)?

Our login process is:

  • SPA -> Cognito (implicit grant) -> Okta (SAML provider)

Thanks in advance,
Josh

@itrestian

This comment has been minimized.

Copy link
Contributor

commented Jan 25, 2018

I believe this is a duplicate of this #599 issue

@itrestian itrestian closed this Jan 25, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.