Cognito token not refreshing automatically

[vanpra1]

Describe the bug
I am using AWS Amplify with OpenID as part of my ReactJS application. For authentication I am using a different library redux-oidc. I am passing the user token to Auth.federatedSignIn(), based on whether there are credentials currently available when I call Auth.currentCredentials(). I notice that on the first hour after the conigto tokens get refreshed Auth.federatedSignIn() works fine. But on the second hour, I think the cognito token is not being refreshed and Auth.federatedSignIn() is failing.

Below is the code:

let credentials;
try {
credentials = await Auth.currentCredentials();
return;
} catch (err) {
console.log('No cognito user exists. re-signing in', err,user,credentials);
const signIn = await Auth.federatedSignIn(
// Initiate federated sign-in with OIDC provider
'auth0.xxxx.com',
{
// the JWT token
token: user.id_token,
// the expiration time
expires_at: user.expires_at,
},
// a user object
user
);
console.log("Sign In Complete");
return signIn;
}

On the second time call to Auth.FederatedSignIn i.e. on the second hour, it throws the following error.
NotAuthorizedException:
Invalid login token. Token expired: 1550458542 >= 1550455681

I am pretty sure the 'user' object has a latest token which is unexpired. So I would not expect Auth.federatedSignIn to fail.

Please help me understand the issue.

[haverchuck]

@vanpra1 It's a bit hard to say anything conclusive without knowing more about how you are using redux-oidc; however, you might want to investigate two potential areas.

1. It looks like you are using Google signin. If so, I believe that Amplify will need the Google API library ('gapi') on your window object. Please see the Google section of these code samples.

2. For other providers, you would need to set up a refresh handler. Please see the Refreshing JWT Tokens section of these code samples.

[vanpra1]

The comments may be misleading, but i am using auth.xxx.com OpenID fro signing in. I dont think I will be able to setup refresh handler(See #1218). Its a single page application following implicit flow for OpenID. I am using a different mechanism for getting the tokens. redux-oidc takes care of signing in and getting tokens from OpenID into 'user' object above. I am pretty sure the user object is not expired yet. Any thoughts? I appreciate your help in this regard.

[vanpra1]

@vanpra1 It's a bit hard to say anything conclusive without knowing more about how you are using redux-oidc; however, you might want to investigate two potential areas.

1. It looks like you are using Google signin. If so, I believe that Amplify will need the Google API library ('gapi') on your window object. Please see the Google section of these code samples.
2. For other providers, you would need to set up a refresh handler. Please see the Refreshing JWT Tokens section of these code samples.

The comments in the code above may be misleading(i just updated them), but i am using auth.xxx.com OpenID fro signing in. I dont think I will be able to setup refresh handler(See #1218). Its a single page application following implicit flow for OpenID. I am using a different mechanism for getting the tokens. redux-oidc takes care of signing in and getting tokens from OpenID into 'user' object above. I am pretty sure the user object is not expired yet. Any thoughts? I appreciate your help in this regard.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems.

[github-actions]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.