Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito REFRESH_TOKEN_AUTH should always be allowed #7625

Closed
blimmer opened this issue Apr 27, 2020 · 0 comments · Fixed by #10561
Closed

Cognito REFRESH_TOKEN_AUTH should always be allowed #7625

blimmer opened this issue Apr 27, 2020 · 0 comments · Fixed by #10561
Assignees
@nija-at
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1

Comments

@blimmer
Copy link
Contributor

blimmer commented Apr 27, 2020

From my usage, it appears that cognito.UserPoolClient.authFlows needs refreshToken to be true in every scenario. Because of this, should we default it to true, instead of false?

aws-cdk/packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts

Lines 34 to 38 in feadd6c

/**
* Enable authflow to refresh tokens
* @default false
*/
readonly refreshToken?: boolean;

Reproduction Steps

const userPool = new UserPool(this, "SystemUserPool", {
      userPoolName: id,
      signInAliases: { username: true },
      lambdaTriggers: {
        preSignUp: preSignUpLambda
        preTokenGeneration: preTokenLambda
      },
    });
new UserPoolClient(this, "UserPoolClient", {
      userPool,
      userPoolClientName: "my-client",
      authFlows: {
        userSrp: true,
      },
    });

Error Log

 2/3 | 12:22:00 PM | UPDATE_FAILED        | AWS::Cognito::UserPoolClient | UserPoolClient (UserPoolClient2F5918F7) REFRESH_TOKEN_AUTH should always be allowed. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 61d7876f-96c0-4703-ae94-85dba259d380)

Environment

  • CLI Version : 1.35.0
  • Framework Version: 1.35.0
  • OS : MacOS
  • Language : English

Other

This is 🐛 Bug Report
@blimmer blimmer added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 27, 2020
@SomayaB SomayaB added the @aws-cdk/aws-cognito Related to Amazon Cognito label Apr 29, 2020
@nija-at nija-at added feature-request A feature should be added or improved. effort/small Small work item – less than a day of effort and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 29, 2020
@nija-at nija-at added the p1 label Aug 17, 2020
@ayush987goyal ayush987goyal mentioned this issue Sep 27, 2020
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Sep 29, 2020
@mergify mergify bot closed this as completed in #10561 Sep 30, 2020
mergify bot pushed a commit that referenced this issue Sep 30, 2020
@ayush987goyal
fix(cognito): authFlows require refreshToken in all scenarios (#10561)
c0a3cb4 
refreshToken always allowed when authFlows present in UserPoolClient

BREAKING CHANGE: `refreshToken` property is now removed from
UserPoolClient. It will be included if any other `authFlow` is enabled.

closes #7625


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nija-at nija-at

Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cognito): authFlows require refreshToken in all scenarios
3 participants
@blimmer @nija-at @SomayaB