-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manually expiring a cognito session token #1241
Comments
@patrik-piskay |
Hi @chrisradek, no, refreshing is not the problem. Problem for us is that we need to call But not being able to set expiry time manually means that if we want to handle this "get request -> request failed -> credentials renewed -> API Gateway call" scenario, we have to wait 1hour to be able to do that. |
@patrik-piskay You can manually clear the cache by calling |
Thanks @chrisradek but this doesn't seem to do what we are expecting. We'd like to control (for dev purposes only) when we get 403 |
@patrik-piskay |
Sorry if it wasn't clear but yes, that's exatly it! So it is easier for us handle this scenario (which we already did but testing it in the future will require us to wait 1hour to test it again) |
Solution would be to have this expitation time configurable, or am API to invalidate the token. |
So, the error you're seeing is coming from a service, it isn't one that the SDK itself generates. The token the service (either CognitoIdentity or STS, depending on the params you used) generates has its own expiration. If you manually overwrite the If you take a look at the params passed into the Otherwise, you'd need to find a way to mock the behavior you want. There isn't anything else we can do from the SDK side to cause the service to return this error. |
Cheers @chrisradek! |
Hi @patrik-piskay , |
Has there any updates on this from the sdk side? We are currently also looking for a way to handle scenarios where the AWS.credentails expires and to handle it appropriately. For dev purposes it would be super nice to be able to set |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread. |
Is there a way to manually expire a session token used by Cognito so we force Cognito to refresh the token? Expiry date is not configurable and waiting an hour for the token to expire is a lot of time wasted when debugging.
The issue we are having is that for each request through AWS API Gateway we need to get credentials (
accessKeyId, secretAccessKey, sessionToken
), and after an hour of inactivity this request for credentials (AWS.config.credentials.get
) will return an error (Access to Identity XXX is forbidden
) and refreshes the credentials in the next request. But the API Gateway call that resulted inAccess to Identity XXX is forbidden
is never made (because it failed on retrieving the credentials) -> we'd like to implement a logic that would wait for the credentials to be reloaded and then continue with the API Gateway request, but for that we'd need an easy way to invalidate the session token (or to simulate this in other way).Thanks!
The text was updated successfully, but these errors were encountered: