Not sure if this is the right forum to request new features for Cognito but we've been using cognito in our SPA application and it's working very well for most part.
Since Cognito prevents login/authorize endpoints from being iframed (due to X-Frame-Options:DENY header), it is not possible to "silently" refresh token in a hidden iframe (which is possible with auth0).
We are currently using a popup window and user experience is not great (no one likes popup windows).
Are there any other recommendations on how to refresh token from a single page app (apart from the popup window approach we are already using)?
Not sure if this is the right forum to request new features for Cognito but we've been using cognito in our SPA application and it's working very well for most part.
One feature that our users would really benefit, in terms of overall users experience, is ability to refresh tokens silently in an iframe (similar to this Auth0 doc https://auth0.com/docs/api-auth/tutorials/silent-authentication#renew-expired-tokens)
Since Cognito prevents login/authorize endpoints from being iframed (due to X-Frame-Options:DENY header), it is not possible to "silently" refresh token in a hidden iframe (which is possible with auth0).
We are currently using a popup window and user experience is not great (no one likes popup windows).
Are there any other recommendations on how to refresh token from a single page app (apart from the popup window approach we are already using)?
Our login process is:
Thanks in advance, Josh