Unofficial Amazon Cognito Identity Provider Dart SDK, to easily add user sign-up and sign-in to your mobile and web apps with AWS.
186
stars
114
forks
source link
Use clientSecret instead of client secret hash in refresh session #213
Closed
Sergio-Mira closed 2 years ago
As seen in the AWS Cognito Android SDK here https://github.com/aws-amplify/aws-sdk-android/blob/main/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java#L3564 for the refresh session request it uses
clientSecret
and notclientSecretHash
for the headerSECRET_HASH
.Otherwise if you have a pool configured with a client secret you get the error ~ "secret hash does not match client id" when an user is trying to refresh a token, similar to https://github.com/furaiev/amazon-cognito-identity-dart-2/pull/211.