search

aws / aws-sdk-net-extensions-cognito

An extension library to assist in the Amazon Cognito User Pools authentication process
Apache License 2.0
102 stars 50 forks source link

Aws coginto refresh token problem #66

Closed hussainamir closed 3 years ago

hussainamir commented 3 years ago

Dear @ashishdhingra , I am using latest version of Amazon.Extensions.CognitoAuthentication" version="2.0.3" targetFramework="net472" I still I am facing same problem cognito token expire after one hour (also after refresh). I am using

  1. Get coginto user information by using user name and password

  2. Refresh cognito token

  3. Get cognito user credentials by using this method var credentials=user.GetCognitoAWSCredentials(FED_POOL_ID, new AppConfigAWSRegion().Region);

  4. Get AccessKey, SecretKey,Token from "credentials" variable in step 3, by using var AccessKey= credentials.GetCredentials().AccessKey, var SecretKey= credentials.GetCredentials().SecretKey, var Token= credentials.GetCredentials().Token.

  5. use these credentials information and intialize Client = new AmazonIotDataClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, string serviceUrl);

By using these step my credentials expire after one hour.

if I use Client =new AmazonIotDataClient(string serviceUrl, AWSCredentials credentials);

then it's working fine. but in my case i want to use accesskey, secretKey, and token for third party API

Here I also want to share a another problem. Although I have set access token expiration time 1000 min or 5mint but my token will expire after one hour. I am sending some screen shots Please check it where I doing mistake.

4 1 2 3

ashishdhingra commented 3 years ago

Hi @hussainamir,

The problem where RefreshToken was lost when using the REFRESH_TOKEN auth flow was fixed in 2.0.3 of Amazon.Extensions.CognitoAuthentication. I think the other issue you mentioned about access token time expiration is the known issue and I saw some workaround in some old GitHub issue. Let me try to find more details for this issue and get back to you.

Thanks, Ashish

hussainamir commented 3 years ago

@ashishdhingra
Thanks for your fast response. Refresh token is working fine when I use this method to initialize this class object

`Client=new AmazonIotDataClient(string serviceUrl, AWSCredentials credentials)'

But when I want to initialize same class object with other method

Client = new AmazonIotDataClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, string serviceUrl);

Then token expire after one hour.

Here i am.facing two problems 1) refresh token problem 2) Although I have set 1000 mint for token expiration time but it expiry after one hour .

Thanks: Hussain

ashishdhingra commented 3 years ago

Hi @hussainamir,

I got it. The correct way to use Cognito credentials to access AWS services is listed in the example in section Use AWS Resources after Authentication at Amazon CognitoAuthentication Extension Library Examples. You need to use CognitoAWSCredentials object in the service client constructor.

The constructor you are trying to use is different one which uses temporary session credentials (e.g. credentials from EC2 instance metadata service). For more details about session credentials, please refer Requesting temporary security credentials. Hope this provides some guidance.

Thanks, Ashish

hussainamir commented 3 years ago

@ashishdhingra How I can increase the time of temporary token?

Because I am using these credential for third party Mqtt API to subscribe data from aws iot core.

Or can I update temporary credential after one hour? This will work?

var AccessKey=credentials.GetCredentials().AccessKey, var SecretKey=credentials.GetCredentials().SecretKey, var Token= credentials.GetCredentials().Token.

I am using third party Mqtt library because amazon didn't have any c# API to subscribe mqtt topics.

If amazon develop Mqtt API to subscribe mqtt topic then it will be best for us. Amazon have same mqtt API in python where user can subscribe data from aws iot core. I already have created this feature request on aws .net sdk repository but no one reply me.

ashishdhingra commented 3 years ago

@ashishdhingra How I can increase the time of temporary token?

Because I am using these credential for third party Mqtt API to subscribe data from aws iot core.

Or can I update temporary credential after one hour? This will work?

var AccessKey=credentials.GetCredentials().AccessKey, var SecretKey=credentials.GetCredentials().SecretKey, var Token= credentials.GetCredentials().Token.

I am using third party Mqtt library because amazon didn't have any c# API to subscribe mqtt topics.

If amazon develop Mqtt API to subscribe mqtt topic then it will be best for us. Amazon have same mqtt API in python where user can subscribe data from aws iot core. I already have created this feature request on aws .net sdk repository but no one reply me.

Temporary session token has limited timespan. After expiration, you need to re-fetch the temporary credentials.

As pointed out by you, you need to have refresh/retry logic in place to request temporary session credentials after expiration.

Hope this helps. If this provides necessary guidance, please confirm if we could close this issue.

Thanks, Ashish

hussainamir commented 3 years ago

Dear @ashishdhingra Thanks for your guidance.

you can close this issue, If I get any problem regarding aws cognito in future then I will let you know.

Thanks Hussain

github-actions[bot] commented 3 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.