Closed cameroncf closed 11 months ago
Hi Cameron,
Thanks you for creating this issue. You're not missing anything, the Cognito@Edge package currently does not support the use of refresh tokens. That's would definitely be in scope for the package though, so we'd accept a PR to add this functionality or we (the maintainers) may work on it in the future.
Cheers, Jean
I already forked the project and have some initial work done. It will probably be a month or so before I can get back to it though. Hopefully I'll have something good to contribute before too much time passes.
@cameroncf would you be able to share your approach to implementing this? Happy to help out if there is a well-lit path
Hi, i needed this feature as well, so i tried to implement it: #51
Could a maintainer (@jeandek) take a look at #51 and see if it's ready to merge? This functionality is pretty important and @maverick089 went through the effort of submitting a PR for it.
Hi @DanielLaberge , Sorry for the lack of communication on this. Unfortunately, we haven't had the bandwidth required to review and test this PR, and will likely not have it until at least a couple of weeks. We will definitely do so as soon as we can though. Regards, Jean
What would you like to be added:
Unless I am missing something it looks like the refresh token is saved as a cookie but not used to refresh the access token after it expires. Using defaults, this means re-logging in once every 60 minutes.
Why is this needed:
So that authorization can survive beyond the expiration limit of the access token.