Use clientSecret instead of client secret hash in refresh session - Githubissues

furaiev / amazon-cognito-identity-dart-2

Unofficial Amazon Cognito Identity Provider Dart SDK, to easily add user sign-up and sign-in to your mobile and web apps with AWS.

MIT License

186 stars 114 forks source link

Use clientSecret instead of client secret hash in refresh session #213

Closed Sergio-Mira closed 2 years ago

Sergio-Mira commented 2 years ago

As seen in the AWS Cognito Android SDK here https://github.com/aws-amplify/aws-sdk-android/blob/main/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java#L3564 for the refresh session request it uses clientSecret and not clientSecretHash for the header SECRET_HASH.

Otherwise if you have a pool configured with a client secret you get the error ~ "secret hash does not match client id" when an user is trying to refresh a token, similar to https://github.com/furaiev/amazon-cognito-identity-dart-2/pull/211.

furaiev commented 2 years ago

@Sergio-Mira thank you for your contribution, will be available as of 3.0.3