Closed lokeoke closed 4 months ago
Correct, it's not something I got around to implementing. Initially for the webapps I was using it for, it was simpler to just get the user to reauth after their access token cookie expired, rather than handling the whole refresh token flow - partly a security issue to reduce the risk of leaking refresh tokens (and then having to also support the ability to revoke tokens).
I'd be happy to see a PR for it, if you wanted to have go at it though. I don't have easy access to Cognito at the current time
Closed by #39
Hello,
I wanted to use
REFRESH_TOKEN_AUTH
flow, however it does not seem possible in the current implementation.refresh_token
is not stored and I don't see a way to pass it to the callback. Or am I missing something? https://github.com/mblackgeo/flask-cognito-lib/blob/main/src/flask_cognito_lib/decorators.py#L72-L134decorator
might be useful.@mblackgeo Please let me know if you think it's a viable request? Maybe you have a suggestions on this topic?