问题描述

我正在将服务与库，并且在刷新用户令牌（即id令牌）时遇到问题。

I am using the Amazon Cognito service with the amazon-cognito-identity-js library, and am having an issue refreshing a user's tokens, namely the id token.

当尝试通过创建未经身份验证的请求，响应中我收到400 http状态，并收到无效的刷新令牌错误消息。

When trying to refresh the users tokens by making an unauthenticated initiateAuth request, I receive a 400 http status in response, along with an "Invalid Refresh Token" error message.

未捕获的错误：无效的刷新令牌。

Uncaught Error: Invalid Refresh Token.

为什么认为我传递了无效的刷新令牌？

Why does it believe that I am passing in invalid refresh token?

// the refresh token
var reToken;

// pool config
var poolData = {
    UserPoolId : 'us-east-1_XXXXXXXXX',
    ClientId : 'XXXXXXXXXXXXXXXXXXXXXXXXXX'
};

// connect to user pool and
// find the current user
var CognitoUserPool = AmazonCognitoIdentity.CognitoUserPool;
var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
var cognitoUser = userPool.getCurrentUser();

// if we found a user
if (cognitoUser != null)
{
    // get active user session
    cognitoUser.getSession(function(err, session)
    {
        // catch errors
        if (err) {
            alert(err);
            return;
        }

        // get the refresh token
        reToken = session.refreshToken.token;
    });
}

// get current epoch time
var curDate = new Date();
var currentEpoch = Math.round(curDate.getTime() / 1000);

// get the epoch when the token
// was last issued
var issuedEpoch = store.get('issued');

// set the refresh parameters
var refreshParams = {
    ClientId: 'XXXXXXXXXXXXXXXXXXXXXXXXXX',
    AuthFlow: 'REFRESH_TOKEN_AUTH',
    AuthParameters: { 'REFRESH_TOKEN': reToken }
};

// note: 30 minutes = 1800 seconds
// if a token was last issued over 30 minutes ago
if ( (currentEpoch - issuedEpoch) >= 1800 )
{
    // refresh the users token with a new token
    userPool.client.makeUnauthenticatedRequest('initiateAuth', refreshParams, (err, newToken) => {
        // catch errors
        if (err) {
            alert(err);
            return;
        }

        // do stuff with the returned token
        console.log(newToken)
    })

}

顺便说一句，我尝试使用refreshSession（），但它告诉我getToken（）不是refreshSession（）的函数。

As an aside, i've tried using refreshSession() but it tells me that getToken() is not a function of refreshSession().

cognitoUser.refreshSession(reToken, (err, authResult) => {
    if (err) throw err;
    console.log(authResult)
});

推荐答案

我找到了答案。

事实证明，它实际上不是无效的刷新令牌；至少在对象本身的意义上。

As it turns out, it wasn't really an invalid refresh token; at least in the sense of the object itself.

如果您启用了设备跟踪，则必须传递用户设备密钥（我没有做）中的。

If you have device tracking enabled, then you must pass the users device key in the AuthParameters (which I wasn't doing).

我通读了设备跟踪的描述，如 ，并且似乎不适用于我的用例，因此我只是将其关闭（用户池>设备）。

I read through the description of device tracking, as found here, and it didn't seem applicable for my use-case so I simply turned it off (User Pool > Devices).

上面的代码在那之后起作用。

The above code worked after that.

这篇关于AWS Cognito-无效的刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！