Open jayudhandha opened 5 years ago
I'm also facing the same problems, access tokens not getting invalidate after sign out or global signout. Still I can use my access tokens.
@thiru-softsuave If you do global signout than you should not be able to use access token. (Try to run global sign out command twice. As it is using access token, on 2nd try you will get access token is revoked.
Hope this helps!
Hi,
I am using Amazon Cognito in my UI application.
While doing logout, i am calling the Logout Endpoint.
But i am not sure my logout is actually working or not.
My (Refresh Token + Access Token + Id Token) can be used even after logout.
I have read about global signout. It revoke the Refresh token and Access token, But not revoking the IdToken.
I want to know for what purpose it is not being revoked? I have read somewhere that this IdToken can be used with other services of UserPool. But in my case, I don't need IdToken anymore after the logout.
As global signout is revoking my refresh and access tokens, User will be logout from all the devices.
It should not be the case.
Anyone can suggest me the best way to use logout mechanism with amazon cognito?
Thanks