Open human39 opened 6 years ago
Are you using 0.4.0?
https://github.com/capless/warrant/blob/3d6aa8c84841a1c7183f702ed7b4ad993c1ff37a/warrant/__init__.py#L255-L258
False
returns when a token is not expired and don't need to be renewed.
True
returns when a token was renewed.
@bjinwright oops, pip was installing 0.2.0 by default.. I just updated to 0.4.0 -- same issues.
@human39 I think @armicron 's answer explains it pretty well. What is your token expiration set to?
Thanks for the reply. Maybe I can illustrate what I'm doing.
This is the test code I'm working with.
from warrant import Cognito
import os
import pprint
os.environ['AWS_DEFAULT_REGION'] = "us-west-2"
os.environ['AWS_ACCESS_KEY_ID'] = "<snip>"
os.environ['AWS_SECRET_ACCESS_KEY'] = "<snip>"
poolid = '<snip>'
clientid = '<snip>'
user = '<snip>'
passwd = '<snip>'
# login.
u = Cognito(poolid, clientid, username=user)
u.authenticate(password=passwd)
accesstoken = u.access_token
# Verify that we can get the info.
user = u.get_user()
# reset everything
u = False
# Logout
# reattach
u = Cognito(poolid,clientid, access_token=accesstoken)
u.logout()
# reset everything
u = False
u = Cognito(poolid,clientid,access_token=accesstoken)
user = u.get_user()
After logging out, the 'u.get_user()' fails with a message saying the token is revoked, which is what I expected. Looking to tie this in with a user's web session, I would like to have a method that I could call to see if the token is still valid. I guess I could just run a u.get_user()
and then check the exception.. I guess I was hoping there was another way.
Looks like I basically answered my own question, so I guess we can close this but I'm interested in hearing any ideas if anybody has them.
We are working on something similar here on Issue #12 of the Capless framework. I will let you know what we find.
I'm working on a proof of concept with using cognito via warrant as the auth mechanism on a web app. I'm able to auth and logout as expected, but .check_token() is always returning False.
I'm looking for an easy way to verify the token is still valid when checking the session. Any pointers?