admin管理员组文章数量:1296470
I am trying to implement a Remember Me option for authentication workflow using amazon-cognito-identity-js in Angular2 project. Issue reference.
Current authentication flow
- If Remember me option is checked then save token and JWT token(specially do this because I need some other user info such as groups and roles) to cookie with expiration date. (ex : 5 days )
- Auth guard (that is checking all routing changes even if root routing) will check token(not JWT) first
- If cookie is empty then redirect to Login page.
- If cookie exists then check session(using function of sdk), session is invalid then redirect to Login page.
- If session is valid then update JWT(not token) and guard returns true.
I think it seems fine, but I am getting some unexpected errors, not often but once 1 hour has passed (actual session expired).
Questions
- Do I have to update token as well? At
step 5. - Is
this.cognitoUtil.getCurrentUser();asynchronous function? - What will be returned from
cognitoUser.getSession()if session is expired? - If Ques 3 returns session (even if it is valid or invalid), what is the returning value of
session.isValid()?
I am trying to implement a Remember Me option for authentication workflow using amazon-cognito-identity-js in Angular2 project. Issue reference.
Current authentication flow
- If Remember me option is checked then save token and JWT token(specially do this because I need some other user info such as groups and roles) to cookie with expiration date. (ex : 5 days )
- Auth guard (that is checking all routing changes even if root routing) will check token(not JWT) first
- If cookie is empty then redirect to Login page.
- If cookie exists then check session(using function of sdk), session is invalid then redirect to Login page.
- If session is valid then update JWT(not token) and guard returns true.
I think it seems fine, but I am getting some unexpected errors, not often but once 1 hour has passed (actual session expired).
Questions
- Do I have to update token as well? At
step 5. - Is
this.cognitoUtil.getCurrentUser();asynchronous function? - What will be returned from
cognitoUser.getSession()if session is expired? - If Ques 3 returns session (even if it is valid or invalid), what is the returning value of
session.isValid()?
2 Answers
Reset to default 5- Yes. I mean I don't know what you mean by token & JWT token. In terms of Cognito tokens, there are id, access & refresh tokens. Id & access tokens expire in an hour & refresh token in 30 days (default). See this doc for reference.
- I don't think so. I mean amazon-cognito-identity-js SDK uses normal javascript SDKs and there getCurrentUser() just retrieves user from local storage.
- The SDKs will automatically try to refresh the id/access token using the refresh token (which is valid for 30 days by default).
- Returns boolean. See this SDK definition.
Cognito provides configuration for remembering devices from which user login.
You can find this configuration under devices menu in your user pool settings.
Basically three options are provided with question "Do you want to remember your user's devices?"
- Always - Cognito will always remember devices.
- User Opt In - Depends on user choice.
- NO - Never tracks devices.
For more details please visit this link - Here you will find implementation for the same. https://aws.amazon./blogs/mobile/tracking-and-remembering-devices-using-amazon-cognito-your-user-pools/
本文标签: javascriptHow to implement *Remember me* option using Amazon Cognito sdkStack Overflow
版权声明:本文标题:javascript - How to implement *Remember me* option using Amazon Cognito sdk? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741639034a2389807.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论