Feature request: Refresh token flow

mblackgeo / flask-cognito-lib

A Flask extension that supports protecting routes with AWS Cognito following OAuth 2.1 best practices

https://mblackgeo.github.io/flask-cognito-lib/

MIT License

57 stars 15 forks source link

Feature request: Refresh token flow #38

Closed lokeoke closed 4 months ago

lokeoke commented 5 months ago

Hello,

I wanted to use REFRESH_TOKEN_AUTH flow, however it does not seem possible in the current implementation.

The refresh_token is not stored and I don't see a way to pass it to the callback. Or am I missing something? https://github.com/mblackgeo/flask-cognito-lib/blob/main/src/flask_cognito_lib/decorators.py#L72-L134
Having this feature build-in in as a decorator might be useful.

@mblackgeo Please let me know if you think it's a viable request? Maybe you have a suggestions on this topic?

mblackgeo commented 5 months ago

Correct, it's not something I got around to implementing. Initially for the webapps I was using it for, it was simpler to just get the user to reauth after their access token cookie expired, rather than handling the whole refresh token flow - partly a security issue to reduce the risk of leaking refresh tokens (and then having to also support the ability to revoke tokens).

I'd be happy to see a PR for it, if you wanted to have go at it though. I don't have easy access to Cognito at the current time

mblackgeo commented 4 months ago

Closed by #39