Enabling device tracking breaks renew_access_token()

capless / warrant

Python library for using AWS Cognito. With support for SRP.

Apache License 2.0

468 stars 192 forks source link

Enabling device tracking breaks renew_access_token() #33

Open nueverest opened 7 years ago

nueverest commented 7 years ago

When I setup my cognito user pool for testing I setup device tracking. That caused renew_access_token() to fail with a 300 error and cryptic NotAuthenticated exception.

How do I modify this to allow for device tracking?

Warrant is teaching me a lot. Thank you for building it.

nueverest commented 7 years ago

The answer is here: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html

For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: USERNAME (required), SECRET_HASH (required if the app client is configured with a client secret), REFRESH_TOKEN (required), DEVICE_KEY

Is there a plan to implement this?

armicron commented 6 years ago

amazon-cognito-identity-js is using local storage to cache deviceKeyKey, randomPasswordKey, deviceGroupKeyKey

Do we need to do the same? If yes, what kind of cache should warrant use? https://github.com/aws/amazon-cognito-identity-js/blob/3e6cb695d9271c8333b6da4b01e52a375de2a329/src/CognitoUser.js#L998-L1000

leobarcellos commented 6 years ago

@nueverest @armicron Did you guys found a solution/workaround for this?