Closed wansco closed 7 years ago
Yes, since the DDB client library is used to retrieve the appropriate user-specific records, it needs to be re-initialized every hour since the tokens are only valid for one hour. You'll need to create some logic to check whether the tokens have expired already and then do a refresh and re-instantiate the DDB client.
I tried shortcutting it by adding this code to CognitoUtil, but that didn't seem to fix it.
constructor() {
console.log("In CognitoUtil constructor");
let DoRefresh = () => {
console.log("Calling CognitoUtil.refresh()...");
this.refresh();
}
setInterval(DoRefresh, 15 * 60 * 1000);
}
Can the tokens be refreshed before they expire?
Does the DDB client need to be re-instantiated? It seems that it is using the same CognitoUtil instance that the above code would be refreshing. It does not appear that CognitoUtil.refresh() updates the local credentials the way it does when the user is first authenticated.
If I keep refreshing the session, are the initially obtained credentials still valid, or do those need to be updated as well?
Yes, the DDB client needs to be re-instantiated.
@wansco Did you get a working shortcut happening? I have the same issue and not sure how to approach. I suspect calling refreshToken if it's expired?
I never got it working. I like the idea of cognito and the whole serverless infrastructure, but minor things like this and convoluted documentation on the database end led me to the conclusion that it's got a ways to go
Are there any updates/workarounds for this issue?
Yes, the DDB client needs to be re-instantiated every hour. So you might want to include code that checks if the token hasn't expired, and if it has, get new tokens using the refreshtoken and re-instantiate the DDB object.
@vbudilov Thanks for the fast response. I'll give that a try.
@vbudilov The token that you mentioned, is that the Cognito token or is there a separate token for Dynamo that we can check?
You should use the refresh token to get a new Id token, and then re-instantiate the DDB client: http://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
Steps to repeat:
If you do a full refresh it works, but that shouldn't be required.