search

amazon-archives / amazon-cognito-auth-js

The Amazon Cognito Auth SDK for JavaScript simplifies adding sign-up, sign-in with user profile functionality to web apps.
Apache License 2.0
424 stars 232 forks source link

Session expired after 60 minutes #101

Open boyuan459 opened 6 years ago

boyuan459 commented 6 years ago

I have a Single Page Application written by React + Redux + Router. The session expired after 60 minutes even I run getSession every 15 minutes. So I need to login every hour, is there any way to extend the session for 8 hours.

yuntuowang commented 6 years ago

Hi @boyuan459, are you using implicit grant flow? Its response_type is token. Then you will only get id_token and access_token when you signed in. These two kind of tokens are valid for an hour.

You can use authorization code grant flow(response_type is code), then the Auth SDK will exchange code for all three kinds of tokens(including refresh_token). If refresh_token is valid, it will refresh tokens for you. You can set refresh_token validity(up to 3650 days) when create app client on Cognito console.

luomavaltteri commented 6 years ago

Related to issue: https://github.com/aws/amazon-cognito-auth-js/issues/92

@yuntuowang why Cognito doesn't support prompt=none for enabling silent refresh for SPA applications?