search

amazon-archives / amazon-cognito-auth-js

The Amazon Cognito Auth SDK for JavaScript simplifies adding sign-up, sign-in with user profile functionality to web apps.
Apache License 2.0
424 stars 232 forks source link

Integration with Single Page Applications #151

Open rafalwrzeszcz opened 5 years ago

rafalwrzeszcz commented 5 years ago

Is there any way to integrate authentication flow with a SPA (no page reloads)? I've managed to create some simple wrapper which opens authentication window:

import { CognitoAuth, CognitoAuthOptions } from "amazon-cognito-auth-js/dist/amazon-cognito-auth";

export class SpaCognitoClient extends CognitoAuth {
    private popup: Window;

    constructor(options: CognitoAuthOptions) {
        super(options);

        window.addEventListener("message", this.handleResponse, false);
    }

    protected launchUri(url: string): void {
        this.popup = window.open(url);
    }

    private handleResponse = (event: MessageEvent): void => {
        if (typeof(event.data) === "object" && "event" in event.data && event.data.event === "authSuccess") {
            this.popup.close();
            this.parseCognitoWebResponse(event.data.hash);
        }
    }
}

But this only works when user clicks the button. I can't find any way to implement "silent" token refresh, as opening sign-in page in background is blocked as a pop-up.

It's also not possible to embed the sign-in page in the IFRAME because of X-Frames DENY policy.

Is there any other call/endpoint that can be used to obtain new token?